Impermanence for zeus
This commit is contained in:
parent
29f025991b
commit
ecdc67d745
5 changed files with 38 additions and 13 deletions
|
@ -1,7 +1,7 @@
|
|||
{ inputs, ... }: {
|
||||
imports = [ inputs.sops-nix.nixosModules.sops ];
|
||||
sops.defaultSopsFile = ../../secrets/secret.yaml;
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.age.keyFile = "/var/lib/sops-nix/key.txt";
|
||||
sops.age.generateKey = true;
|
||||
}
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
boot.loader.grub.enable = false;
|
||||
boot.loader.generic-extlinux-compatible.enable = true;
|
||||
boot.loader.timeout = 1;
|
||||
# boot.kernelPackages = pkgs.linuxPackages_6_6;
|
||||
boot.tmp.cleanOnBoot = true;
|
||||
networking = {
|
||||
hostName = "orangepihole"; # Define your hostname.
|
||||
|
@ -35,7 +34,6 @@
|
|||
ipv6SendRAConfig.EmitDNS = false;
|
||||
ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }];
|
||||
};
|
||||
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
||||
zramSwap.enable = true;
|
||||
swapDevices = [{
|
||||
device = "/persist/swapfile";
|
||||
|
|
|
@ -25,7 +25,6 @@
|
|||
tmp.cleanOnBoot = true;
|
||||
};
|
||||
powerManagement.cpuFreqGovernor = "schedutil";
|
||||
sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
|
||||
sops.secrets."cdombroski/password" = {
|
||||
neededForUsers = true;
|
||||
sopsFile = ../../secrets/smolboi/users.yaml;
|
||||
|
@ -238,7 +237,7 @@
|
|||
};
|
||||
};
|
||||
cursor = {
|
||||
package = pkgs.breeze-qt5;
|
||||
package = pkgs.kdePackages.breeze;
|
||||
name = "breeze_cursors";
|
||||
size = 24;
|
||||
};
|
||||
|
|
|
@ -263,7 +263,8 @@
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
|
||||
];
|
||||
};
|
||||
environment.systemPackages = with pkgs; [
|
||||
environment = {
|
||||
systemPackages = with pkgs; [
|
||||
vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
|
||||
dive
|
||||
podman-tui
|
||||
|
@ -271,6 +272,27 @@
|
|||
tcpdump
|
||||
ethtool
|
||||
];
|
||||
persistence."/persist" = {
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/lib/nixos"
|
||||
"/var/log"
|
||||
"/var/lib/containers"
|
||||
"/var/lib/samba"
|
||||
"/var/lib/systemd"
|
||||
"/tmp"
|
||||
"/etc/containers/networks"
|
||||
];
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
"/etc/adjtime"
|
||||
"/etc/ssh/ssh_host_rsa_key"
|
||||
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
];
|
||||
}
|
||||
};
|
||||
|
||||
services = {
|
||||
samba = {
|
||||
|
|
|
@ -13,6 +13,12 @@
|
|||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [ "defaults" "mode=755" ];
|
||||
};
|
||||
|
||||
fileSystems."/persist" = {
|
||||
device = "zroot/root";
|
||||
fsType = "zfs";
|
||||
};
|
||||
|
|
Loading…
Reference in a new issue