Convert c1 & c2 to disko and cleanup old keys.
This commit is contained in:
@@ -3,10 +3,16 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../../common/global
|
../../common/global
|
||||||
../../common/compute-node.nix
|
../../common/compute-node.nix
|
||||||
|
../../common/encrypted-btrfs-layout.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
diskLayout = {
|
||||||
|
mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW256HEHP-000H1_S340NX0K910298";
|
||||||
|
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777640496-0:0";
|
||||||
|
keyDiskDevice = "/dev/sdb";
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "c1";
|
networking.hostName = "c1";
|
||||||
boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
|
|
||||||
services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF";
|
services.tailscaleAutoconnect.authkey = "tskey-auth-kmFvBT3CNTRL-wUbELKSd5yhuuTwTcgJZxhPUTxKgcYKF";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -10,43 +10,6 @@
|
|||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=root" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/7fa539a0-6c91-49ec-9df2-e81708a07662";
|
|
||||||
|
|
||||||
fileSystems."/persist" =
|
|
||||||
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=persist" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=nix" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/log" =
|
|
||||||
{ device = "/dev/disk/by-uuid/42e95613-29c2-4a47-a3cc-3627f18fdec2";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=log" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/D8C2-9216";
|
|
||||||
fsType = "vfat";
|
|
||||||
options = [ "umask=0077" ]; # to avoid the random seed being world readable
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = [ {
|
|
||||||
device = "/dev/disk/by-id/nvme-eui.002538b981b03d98-part2";
|
|
||||||
randomEncryption.enable = true;
|
|
||||||
}];
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -3,10 +3,16 @@
|
|||||||
imports = [
|
imports = [
|
||||||
../../common/global
|
../../common/global
|
||||||
../../common/compute-node.nix
|
../../common/compute-node.nix
|
||||||
|
../../common/encrypted-btrfs-layout.nix
|
||||||
./hardware.nix
|
./hardware.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
|
diskLayout = {
|
||||||
|
mainDiskDevice = "/dev/disk/by-id/nvme-SAMSUNG_MZVLB256HAHQ-000H1_S425NA1M132963";
|
||||||
|
#keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
|
||||||
|
keyDiskDevice = "/dev/sda";
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "c2";
|
networking.hostName = "c2";
|
||||||
boot.initrd.luks.devices."luksroot".keyFile = "/dev/sda";
|
|
||||||
services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS";
|
services.tailscaleAutoconnect.authkey = "tskey-auth-kbYnZK2CNTRL-SpUVCuzS6P3ApJiDaB6RM3M4b8M9TXgS";
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -10,43 +10,6 @@
|
|||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
fileSystems."/" =
|
|
||||||
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=root" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
boot.initrd.luks.devices."luksroot".device = "/dev/disk/by-uuid/03ee7c3b-19d5-491d-bc2e-3b0681e6506f";
|
|
||||||
|
|
||||||
fileSystems."/nix" =
|
|
||||||
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=nix" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/persist" =
|
|
||||||
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=persist" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/var/log" =
|
|
||||||
{ device = "/dev/disk/by-uuid/2d595dde-975b-498a-acb5-2e22751d3cea";
|
|
||||||
fsType = "btrfs";
|
|
||||||
options = [ "subvol=log" ];
|
|
||||||
};
|
|
||||||
|
|
||||||
fileSystems."/boot" =
|
|
||||||
{ device = "/dev/disk/by-uuid/B543-374F";
|
|
||||||
fsType = "vfat";
|
|
||||||
options = [ "umask=0077" ]; # to avoid the random seed being world readable
|
|
||||||
};
|
|
||||||
|
|
||||||
swapDevices = pkgs.lib.mkForce [ {
|
|
||||||
device = "/dev/disk/by-id/nvme-eui.002538819102bebe-part2";
|
|
||||||
randomEncryption.enable = true;
|
|
||||||
}];
|
|
||||||
|
|
||||||
nixpkgs.hostPlatform = "x86_64-linux";
|
nixpkgs.hostPlatform = "x86_64-linux";
|
||||||
hardware.cpu.intel.updateMicrocode = true;
|
hardware.cpu.intel.updateMicrocode = true;
|
||||||
}
|
}
|
||||||
|
|||||||
Binary file not shown.
Binary file not shown.
Reference in New Issue
Block a user