From 759bdf8cd902232c9eed6a87fd9aadabcad8eda9 Mon Sep 17 00:00:00 2001 From: Thomas Boerger Date: Wed, 26 Oct 2022 17:52:42 +0200 Subject: [PATCH] feat: add mkComputer, bootstrap without agenix --- README.md | 40 ++--- flake.nix | 259 ++++++++++++++----------------- machines/asgard/default.nix | 6 +- machines/chnum/default.nix | 8 +- machines/midgard/default.nix | 10 +- machines/modules/users.nix | 12 +- machines/services/default.nix | 7 +- machines/utgard/default.nix | 8 +- scripts/asgard-partitions | 83 +++++++--- scripts/chnum-partitions | 34 ++-- scripts/utgard-partitions | 50 ++++-- secrets/secrets.nix | 5 +- secrets/users/admin/password.age | 14 -- secrets/users/root/password.age | Bin 639 -> 0 bytes 14 files changed, 277 insertions(+), 259 deletions(-) delete mode 100644 secrets/users/admin/password.age delete mode 100644 secrets/users/root/password.age diff --git a/README.md b/README.md index 0035c7b..fa82a65 100644 --- a/README.md +++ b/README.md @@ -8,21 +8,18 @@ Provisioning for my NixOS systems based on [Nix][nix]. ### Bootstrap -Copy `/etc/ssh/ssh_host_ed25519_key.pub` into [secrets](./secrets/secrets.nix) -and rekey the secrets via [agenix][agenix]. After pushing the regkeyed secrets -execute these commands: - ```console sudo loadkeys de sudo nix-shell --packages nixUnstable bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/chnum-partitions)" - -mkdir -p /mnt/etc/ssh -cp /etc/ssh/ssh_host_* /mnt/etc/ssh/ -nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum +nixos-install --root /mnt --flake github:tboerger/nixos-config#chnum-bootstrap ``` +Do not forget to rekey the secrets via [agenix][agenix] including the new keys +at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final +services won't work. + ### Updates If the repository had been cloned you could just execute `make switch`, @@ -42,12 +39,13 @@ sudo loadkeys de sudo nix-shell --packages nixUnstable bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/asgard-partitions)" - -mkdir -p /mnt/etc/ssh -cp /etc/ssh/ssh_host_* /mnt/etc/ssh/ -nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard +nixos-install --root /mnt --flake github:tboerger/nixos-config#asgard-bootstrap ``` +Do not forget to rekey the secrets via [agenix][agenix] including the new keys +at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final +services won't work. + ### Updates If the repository had been cloned you could just execute `make switch`, @@ -67,12 +65,13 @@ sudo loadkeys de sudo nix-shell --packages nixUnstable bash -c "$(curl -fsSL https://raw.githubusercontent.com/tboerger/nixos-config/master/scripts/utgard-partitions)" - -mkdir -p /mnt/etc/ssh -cp /etc/ssh/ssh_host_* /mnt/etc/ssh/ -nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard +nixos-install --root /mnt --flake github:tboerger/nixos-config#utgard-bootstrap ``` +Do not forget to rekey the secrets via [agenix][agenix] including the new keys +at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final +services won't work. + ### Updates If the repository had been cloned you could just execute `make switch`, @@ -92,12 +91,13 @@ sudo loadkeys de sudo nix-shell --packages nixUnstable mount /dev/disk/by-label/NIXOS_SD /mnt - -mkdir -p /mnt/etc/ssh -cp /etc/ssh/ssh_host_* /mnt/etc/ssh/ -nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard +nixos-install --root /mnt --flake github:tboerger/nixos-config#midgard-bootstrap ``` +Do not forget to rekey the secrets via [agenix][agenix] including the new keys +at `/etc/ssh/ssh_host_ed25519_key.pub`, otherwise updating with the final +services won't work. + ### Updates If the repository had been cloned you could just execute `make switch`, diff --git a/flake.nix b/flake.nix index 95345ee..fa40884 100644 --- a/flake.nix +++ b/flake.nix @@ -41,181 +41,144 @@ outputs = { self, nixpkgs, nur, utils, agenix, homemanager, deployrs, arion, hardware, ... }@inputs: let + mkComputer = configurationNix: systemName: enableServices: extraModules: nixpkgs.lib.nixosSystem { + system = systemName; + + modules = [ + ({ pkgs, ... }: + let + nur-no-pkgs = import nur { + nurpkgs = import nixpkgs { system = systemName; }; + }; + in + { + imports = [ + nur-no-pkgs.repos.tboerger.modules + ]; + + nixpkgs = { + overlays = [ + (import ./overlays) + nur.overlay + ]; + }; + }) + homemanager.nixosModules.home-manager + agenix.nixosModules.age + arion.nixosModules.arion + configurationNix + ] ++ extraModules; + + specialArgs = { + inherit inputs; + }; + }; in { nixosConfigurations = { - chnum = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import nixpkgs { system = "x86_64-linux"; }; - }; - in - { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - - nixpkgs = { - overlays = [ - (import ./overlays) - nur.overlay - ]; - }; - }) - homemanager.nixosModules.home-manager - agenix.nixosModules.age - arion.nixosModules.arion - ./machines/chnum + chnum = mkComputer + ./machines/chnum + "x86_64-linux" + true + [ ./profiles/thomas # ./profiles/anna # ./profiles/adrian # ./profiles/tabea ]; - specialArgs = { - inherit inputs; - }; - }; + chnum-bootstrap = mkComputer + ./machines/chnum + "x86_64-linux" + false + [ + ./profiles/thomas + # ./profiles/anna + # ./profiles/adrian + # ./profiles/tabea + ]; - midgard = nixpkgs.lib.nixosSystem { - system = "aarch64-linux"; + asgard = mkComputer + ./machines/asgard + "x86_64-linux" + true + [ + ./profiles/thomas + # ./profiles/anna + # ./profiles/adrian + # ./profiles/tabea + ]; - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import nixpkgs { system = "aarch64-linux"; }; - }; - in - { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; + asgard-bootstrap = mkComputer + ./machines/asgard + "x86_64-linux" + false + [ + ./profiles/thomas + # ./profiles/anna + # ./profiles/adrian + # ./profiles/tabea + ]; - nixpkgs = { - overlays = [ - (import ./overlays) - nur.overlay - ]; - }; - }) + utgard = mkComputer + ./machines/utgard + "x86_64-linux" + true + [ + ./profiles/thomas + # ./profiles/anna + # ./profiles/adrian + # ./profiles/tabea + ]; + + utgard-bootstrap = mkComputer + ./machines/utgard + "x86_64-linux" + false + [ + ./profiles/thomas + # ./profiles/anna + # ./profiles/adrian + # ./profiles/tabea + ]; + + midgard = mkComputer + ./machines/midgard + "aarch64-linux" + true + [ hardware.nixosModules.raspberry-pi-4 - homemanager.nixosModules.home-manager - agenix.nixosModules.age - arion.nixosModules.arion - ./machines/midgard ./profiles/thomas # ./profiles/anna # ./profiles/adrian # ./profiles/tabea ]; - specialArgs = { - inherit inputs; - }; - }; - - utgard = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import nixpkgs { system = "x86_64-linux"; }; - }; - in - { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - - nixpkgs = { - overlays = [ - (import ./overlays) - nur.overlay - ]; - }; - - nixpkgs.config.allowUnfree = true; - }) - homemanager.nixosModules.home-manager - agenix.nixosModules.age - arion.nixosModules.arion - ./machines/utgard + midgard-bootstrap = mkComputer + ./machines/midgard + "aarch64-linux" + false + [ + hardware.nixosModules.raspberry-pi-4 ./profiles/thomas # ./profiles/anna # ./profiles/adrian # ./profiles/tabea ]; - - specialArgs = { - inherit inputs; - }; - }; - - asgard = nixpkgs.lib.nixosSystem { - system = "x86_64-linux"; - - modules = [ - ({ pkgs, ... }: - let - nur-no-pkgs = import nur { - nurpkgs = import nixpkgs { system = "x86_64-linux"; }; - }; - in - { - imports = [ - nur-no-pkgs.repos.tboerger.modules - ]; - - nixpkgs = { - overlays = [ - (import ./overlays) - nur.overlay - ]; - }; - }) - homemanager.nixosModules.home-manager - agenix.nixosModules.age - arion.nixosModules.arion - ./machines/asgard - ./profiles/thomas - # ./profiles/anna - # ./profiles/adrian - # ./profiles/tabea - ]; - - specialArgs = { - inherit inputs; - }; - }; }; chnum = self.nixosConfigurations.chnum.config.system.build.toplevel; - midgard = self.nixosConfigurations.midgard.config.system.build.toplevel; + chnum-bootstrap = self.nixosConfigurations.chnum-bootstrap.config.system.build.toplevel; utgard = self.nixosConfigurations.utgard.config.system.build.toplevel; + utgard-bootstrap = self.nixosConfigurations.utgard-bootstrap.config.system.build.toplevel; asgard = self.nixosConfigurations.asgard.config.system.build.toplevel; + asgard-bootstrap = self.nixosConfigurations.asgard-bootstrap.config.system.build.toplevel; + midgard = self.nixosConfigurations.midgard.config.system.build.toplevel; + midgard-bootstrap = self.nixosConfigurations.midgard-bootstrap.config.system.build.toplevel; deploy = { nodes = { - midgard = { - sshOpts = [ "-p" "22" ]; - hostname = "192.168.1.5"; - fastConnection = true; - - profiles.system = { - sshUser = "thomas"; - user = "root"; - path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard; - }; - }; - asgard = { sshOpts = [ "-p" "22" ]; hostname = "192.168.1.10"; @@ -239,6 +202,18 @@ path = deployrs.lib.x86_64-linux.activate.nixos self.nixosConfigurations.utgard; }; }; + + midgard = { + sshOpts = [ "-p" "22" ]; + hostname = "192.168.1.5"; + fastConnection = true; + + profiles.system = { + sshUser = "thomas"; + user = "root"; + path = deployrs.lib.aarch64-linux.activate.nixos self.nixosConfigurations.midgard; + }; + }; }; }; diff --git a/machines/asgard/default.nix b/machines/asgard/default.nix index ce63e29..f43d30b 100644 --- a/machines/asgard/default.nix +++ b/machines/asgard/default.nix @@ -14,13 +14,13 @@ personal = { services = { docker = { - enable = true; + enable = config.personal.services.enable; }; samba = { - enable = true; + enable = config.personal.services.enable; }; tailscale = { - enable = true; + enable = config.personal.services.enable; }; }; }; diff --git a/machines/chnum/default.nix b/machines/chnum/default.nix index 8f961ef..c9f5c74 100644 --- a/machines/chnum/default.nix +++ b/machines/chnum/default.nix @@ -14,16 +14,16 @@ personal = { services = { citrix = { - enable = true; + enable = config.personal.services.enable; }; desktop = { - enable = true; + enable = config.personal.services.enable; }; docker = { - enable = true; + enable = config.personal.services.enable; }; libvirt = { - enable = true; + enable = config.personal.services.enable; }; }; }; diff --git a/machines/midgard/default.nix b/machines/midgard/default.nix index 6adb78a..8b06076 100644 --- a/machines/midgard/default.nix +++ b/machines/midgard/default.nix @@ -14,19 +14,19 @@ personal = { services = { acme = { - enable = true; + enable = config.personal.services.enable; }; adguard = { - enable = true; + enable = config.personal.services.enable; }; coredns = { - enable = true; + enable = config.personal.services.enable; }; docker = { - enable = true; + enable = config.personal.services.enable; }; tailscale = { - enable = true; + enable = config.personal.services.enable; }; }; }; diff --git a/machines/modules/users.nix b/machines/modules/users.nix index eecd219..86d97ca 100644 --- a/machines/modules/users.nix +++ b/machines/modules/users.nix @@ -10,7 +10,7 @@ with lib; users = { root = { shell = pkgs.zsh; - passwordFile = config.age.secrets."users/root/password".path; + hashedPassword = "$6$i1AZZ2GnRxgVnJ0X$yfWoi.SDf4mWYRAI6AbaCUMM15OOOZsabgbLo82HgEvCH3yc97N00y5m3aQPcLZ/5QHaL4BPUFRU6Ux3/ziEE/"; openssh = { authorizedKeys = { keys = [ @@ -23,7 +23,7 @@ with lib; description = "Admin"; shell = pkgs.zsh; isNormalUser = true; - passwordFile = config.age.secrets."users/admin/password".path; + hashedPassword = "$6$l5FBDK2QUtR6Sfvv$N.eol4kjcwIr56wIv1iwT07qlK.gD2KU7fAwc8JLMeKLLuik2FjmzQszgglQUuLbvLPiMM39Dj8AsHxJyXwhX."; uid = 1337; openssh = { authorizedKeys = { @@ -40,13 +40,5 @@ with lib; }; }; }; - - age.secrets."users/root/password" = { - file = ../../secrets/users/root/password.age; - }; - - age.secrets."users/admin/password" = { - file = ../../secrets/users/admin/password.age; - }; }; } diff --git a/machines/services/default.nix b/machines/services/default.nix index 3cbe24a..a829343 100644 --- a/machines/services/default.nix +++ b/machines/services/default.nix @@ -1,4 +1,5 @@ { pkgs, lib, config, options, ... }: +with lib; { imports = [ @@ -22,7 +23,11 @@ options = { personal = { - services = { }; + services = { + enable = mkEnableOption "Services" // { + default = true; + }; + }; }; }; } diff --git a/machines/utgard/default.nix b/machines/utgard/default.nix index 67ec094..3f03cf9 100644 --- a/machines/utgard/default.nix +++ b/machines/utgard/default.nix @@ -14,16 +14,16 @@ personal = { services = { acme = { - enable = true; + enable = config.personal.services.enable; }; hass = { - enable = true; + enable = config.personal.services.enable; }; media = { - enable = true; + enable = config.personal.services.enable; }; tailscale = { - enable = true; + enable = config.personal.services.enable; }; }; }; diff --git a/scripts/asgard-partitions b/scripts/asgard-partitions index ef5e8ae..b8e7249 100755 --- a/scripts/asgard-partitions +++ b/scripts/asgard-partitions @@ -22,35 +22,70 @@ while true; do esac done +echo "----> Remove previous VGs" +for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + vgremove -y ${VG} 2>/dev/null +done + +echo "----> Remove previous PVs" +for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + pvremove -y ${PV} 2>/dev/null +done + +echo "----> Remove previous MDs" +if [[ -d /dev/md ]]; then + for MD in /dev/md/*; do + mdadm --stop $MD + done +fi + echo "----> Drop existing partitions" -sgdisk --zap-all /dev/sda -sgdisk -og /dev/sda -sgdisk --zap-all /dev/sdb -sgdisk -og /dev/sdb -sgdisk --zap-all /dev/sdc -sgdisk -og /dev/sdc -sgdisk --zap-all /dev/sdd -sgdisk -og /dev/sdd -sgdisk --zap-all /dev/sde -sgdisk -og /dev/sde +wipefs -a /dev/sda || true +sfdisk --delete /dev/sda || true +wipefs -a /dev/sdb || true +sfdisk --delete /dev/sdb || true +wipefs -a /dev/sdc || true +sfdisk --delete /dev/sdc || true +wipefs -a /dev/sdd || true +sfdisk --delete /dev/sdd || true +wipefs -a /dev/sde || true +sfdisk --delete /dev/sde || true echo "-----> Wait for cleanup" sleep 3 +sync + +echo "-----> Mark MBR disks" +echo yes | parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mklabel msdos + +echo "-----> Mark GPT disks" +echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-1.0 -- mklabel gpt +echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-2.0 -- mklabel gpt +echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-3.0 -- mklabel gpt +echo yes | parted /dev/disk/by-path/pci-0000:00:11.0-ata-4.0 -- mklabel gpt echo "-----> Create boot partition" -sgdisk -n 0:0:+1G -t 0:ef00 -c 0:boot /dev/disk/by-path/pci-0000:00:14.1-ata-1 +parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1MB 1GB +parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- set 1 boot on echo "-----> Create root partition" -sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/disk/by-path/pci-0000:00:14.1-ata-1 +parted /dev/disk/by-path/pci-0000:00:14.1-ata-1 -- mkpart primary ext4 1GB 100% + +echo "-----> Create tank partition" +sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1 +sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2 +sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3 +sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4 echo "-----> Wait for data" sleep 3 +sync echo "-----> Create data pv" -pvcreate /dev/disk/by-partlabel/data +pvcreate /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2 echo "-----> Create data vg" -vgcreate system /dev/disk/by-partlabel/data +vgcreate system /dev/disk/by-path/pci-0000:00:14.1-ata-1-part2 echo "-----> Create swap volume" lvcreate -y --size 24G --name swap system @@ -79,20 +114,22 @@ mkdir /mnt/home mount -t ext4 /dev/system/home /mnt/home echo "-----> Create boot filesystem" -mkfs.vfat -n boot /dev/disk/by-partlabel/boot - -echo "-----> Wait for boot" -sleep 3 +mkfs.ext4 -L boot /dev/disk/by-path/pci-0000:00:14.1-ata-1-part1 echo "-----> Mount boot filesystem" mkdir /mnt/boot mount /dev/disk/by-label/boot /mnt/boot -echo "-----> Create tank partition" -sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-1 -sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-2 -sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-3 -sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/disk/by-path/pci-0000:00:11.0-ata-4 +echo "-----> Wait for filesystems" +sleep 3 +sync + +echo "----> Remove previous MDs" +if [[ -d /dev/md ]]; then + for MD in /dev/md/*; do + mdadm --stop $MD + done +fi echo "-----> Create raid volume" echo yes | mdadm --create /dev/md0 --level=1 --raid-devices=2 /dev/disk/by-path/pci-0000:00:11.0-ata-1.0-part1 /dev/disk/by-path/pci-0000:00:11.0-ata-2.0-part1 diff --git a/scripts/chnum-partitions b/scripts/chnum-partitions index b7eee29..4f1107d 100755 --- a/scripts/chnum-partitions +++ b/scripts/chnum-partitions @@ -22,14 +22,25 @@ while true; do esac done +echo "----> Remove previous VGs" +for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + vgremove -y ${VG} 2>/dev/null +done + +echo "----> Remove previous PVs" +for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + pvremove -y ${PV} 2>/dev/null +done + echo "----> Drop existing partitions" wipefs -a /dev/sda sfdisk --delete /dev/sda echo "-----> Wait for cleanup" sleep 3 +sync -echo "-----> Mark GPT disk" +echo "-----> Mark GPT disks" echo yes | parted /dev/sda -- mklabel gpt echo "-----> Create boot partition" @@ -40,27 +51,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:data /dev/sda echo "-----> Wait for data" sleep 3 - -echo "-----> Format luks partition" -cryptsetup --verify-passphrase luksFormat /dev/disk/by-partlabel/data - -echo "-----> Open luks partition" -cryptsetup --allow-discards luksOpen /dev/disk/by-partlabel/data luks +sync echo "-----> Create data pv" -pvcreate /dev/mapper/luks +pvcreate /dev/disk/by-partlabel/data echo "-----> Create data vg" -vgcreate system /dev/mapper/luks +vgcreate system /dev/disk/by-partlabel/data echo "-----> Create swap volume" -lvcreate --size 24G --name swap system +lvcreate -y --size 24G --name swap system echo "-----> Create root volume" -lvcreate --size 100G --name root system +lvcreate -y --size 100G --name root system echo "-----> Create home volume" -lvcreate --size 100G --name home system +lvcreate -y --size 100G --name home system echo "-----> Enable swap partition" mkswap -L swap /dev/system/swap @@ -85,3 +91,7 @@ mkfs.vfat -n boot /dev/disk/by-partlabel/boot echo "-----> Mount boot filesystem" mkdir /mnt/boot mount /dev/disk/by-label/boot /mnt/boot + +echo "-----> Wait for filesystems" +sleep 3 +sync diff --git a/scripts/utgard-partitions b/scripts/utgard-partitions index b33fb1e..ae46800 100755 --- a/scripts/utgard-partitions +++ b/scripts/utgard-partitions @@ -22,6 +22,16 @@ while true; do esac done +echo "----> Remove previous VGs" +for VG in $(vgs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + vgremove -y ${VG} 2>/dev/null +done + +echo "----> Remove previous PVs" +for PV in $(pvs --noheadings 2>/dev/null | sed -e 's/^[[:space:]]*//' | cut -d" " -f 1); do + pvremove -y ${PV} 2>/dev/null +done + echo "----> Drop existing partitions" wipefs -a /dev/sda sfdisk --delete /dev/sda @@ -30,8 +40,9 @@ sfdisk --delete /dev/sdb echo "-----> Wait for cleanup" sleep 3 +sync -echo "-----> Mark GPT disk" +echo "-----> Mark GPT disks" echo yes | parted /dev/sda -- mklabel gpt echo yes | parted /dev/sdb -- mklabel gpt @@ -46,21 +57,22 @@ sgdisk -n 0:0:0 -t 0:8300 -c 0:tank /dev/sdb echo "-----> Wait for data" sleep 3 +sync echo "-----> Create data pv" pvcreate /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank echo "-----> Create data vg" -vgcreate system /dev/disk/by-partlabel/data +vgcreate system /dev/disk/by-partlabel/data /dev/disk/by-partlabel/tank echo "-----> Create swap volume" -lvcreate --size 24G --name swap system +lvcreate -y --size 24G --name swap system echo "-----> Create root volume" -lvcreate --size 50G --name root system +lvcreate -y --size 50G --name root system echo "-----> Create home volume" -lvcreate --size 50G --name home system +lvcreate -y --size 50G --name home system echo "-----> Enable swap partition" mkswap -L swap /dev/system/swap @@ -86,20 +98,12 @@ echo "-----> Mount boot filesystem" mkdir /mnt/boot mount /dev/disk/by-label/boot /mnt/boot -for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do - echo "-----> Create ${PARTITION} volume" - lvcreate --size 5G --name ${PARTITION} system - - echo "-----> Create ${PARTITION} filesystem" - mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION} - - echo "-----> Mount ${PARTITION} filesystem" - mkdir /mnt/var/lib/${PARTITION} - mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION} -done +echo "-----> Wait for filesystems" +sleep 3 +sync echo "-----> Create downloads volume" -lvcreate --size 200G --name downloads system +lvcreate -y --size 200G --name downloads system echo "-----> Create downloads filesystem" mkfs.ext4 -L downloads /dev/system/downloads @@ -108,3 +112,15 @@ echo "-----> Mount downloads filesystem" mkdir -p /mnt/var/lib/downloads mount -t ext4 /dev/tank/downloads /mnt/var/lib/downloads chown 20000:20000 /mnt/var/lib/downloads + +for PARTITION in acme nzbget jellyfin bazarr lidarr prowlarr radarr readarr sonarr; do + echo "-----> Create ${PARTITION} volume" + lvcreate -y --size 5G --name ${PARTITION} system + + echo "-----> Create ${PARTITION} filesystem" + mkfs.ext4 -L ${PARTITION} /dev/system/${PARTITION} + + echo "-----> Mount ${PARTITION} filesystem" + mkdir /mnt/var/lib/${PARTITION} + mount -t ext4 /dev/system/${PARTITION} /mnt/var/lib/${PARTITION} +done diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 0ab81e0..6a7e8a6 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,13 +14,10 @@ in "services/nixbuild/sshkey.age".publicKeys = users ++ systems; "services/tailscale/authkey.age".publicKeys = users ++ systems; - "users/media/password.age".publicKeys = users ++ systems; "users/media/smbpasswd.age".publicKeys = users ++ systems; + "users/media/password.age".publicKeys = users ++ systems; "users/printer/password.age".publicKeys = users ++ systems; - "users/root/password.age".publicKeys = users ++ systems; - "users/admin/password.age".publicKeys = users ++ systems; - "users/thomas/password.age".publicKeys = users ++ systems; "users/anna/password.age".publicKeys = users ++ systems; "users/adrian/password.age".publicKeys = users ++ systems; diff --git a/secrets/users/admin/password.age b/secrets/users/admin/password.age deleted file mode 100644 index 0df547a..0000000 --- a/secrets/users/admin/password.age +++ /dev/null @@ -1,14 +0,0 @@ -age-encryption.org/v1 --> ssh-ed25519 ptT1OQ m41ZYkxBg3ngM4ZpFHCb4Ft/ElZjPSf1s2a5lSvz4xg -rvMP6Ue5ZDOElRrW2GC1b43F/ZyS+5vQC8lQxVSBUy4 --> ssh-ed25519 vDK6kA O8UeamU3Zx4cxCardgxbe9ftFmkR0sSXEUSu8DHnhxk -AmgswlByLQGJeUzrAu9gJ4vOoxkAF+FNIaXBuY/MRqk --> ssh-ed25519 gBo+cg UFDVPaFYhVypXE8h7wIp5yvCpKpeXR81JwXVDHNpIAI -3GcUg0kPP/GwYZXjh1CraS/qsopwrTrjTmegyE1fhO0 --> ssh-ed25519 QkapZw kn/5bNeJnnEDdFlk9TklUbzb3mRHdgnfw8qyBxJM7yA -HONZGOxZZuOny0jj2+N0lKKrdAZZhV3vlWEV8FHHqWk --> Xavbo#^^-grease I -6kc1UvDDimkMwSlrUtx5+s6TmG2l4KHsRYSNibGisCEXPTOZnZdV5G9WO4DqxuHI -+aje2p6qtOB1+6i3S/BDDyhI82UFMXT2gZt7Jk7gz/Ylsm4z ---- q/EYv2kRnAnW0Xg4DrPanJRPVH1r7RMdxacyK3TIQA4 -E.zc ]2dLKpR̅&e?N \ No newline at end of file diff --git a/secrets/users/root/password.age b/secrets/users/root/password.age deleted file mode 100644 index c58504ad445c5626a9a36cb292f75f8e741ff451..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 639 zcmZ9_y{?l`003ZT;@}f#-EM5KP~cD&BNQwJ+EX}O3QaWOznA~Q1q#XCj7AfE0H46Y z!O^F1aWKZg*H9-D$NRm&=f)u(7JfZc*H>lnxUAz@M`HMsNz)whFqkt8$xW(jlZ5(& zF2i_r)lA1`kMnzX3bMg!IY4WpA~3<6@-dyZT*_IVa}FTUX~)!Xt##cq zL$nyiQ+GC~*zBTZz*_w6trJy{@{@{ero%>XAcCCBTLo1G7yO?+8yT;(Q$=fybmKO1xrEs>=haGv(wRBTpnQ1Ip4nIa4jU zg;9!HBJ<+go1VJWp`Yx#GFxT5uV}R_!;a7AoIRBKa!sW6+3*V$A*6+p%@aLlr&_GI zim^=vI@E+!AOsrRHwLX&z^gMaoQiP6@}95!-@+Fc?IVE4b?7!BHh7#0?9o|3X4hFE zaDfw${ch8Awjr~TILl*2%#l%5buOqg9qpi`0YK_JnS?>U#0as$a2%f;2vW9eb0)h+ zuU<8+dmJPXTQ-zthf4-3@C=etqoK8-vA4hPeS7l@ynBD~_0AubyZQU$`xo-()90T* WE$;862g~T@