From 79b53ebba01afa46f13460e8f4d03eb2e461885e Mon Sep 17 00:00:00 2001
From: Petru Paler <petru@paler.net>
Date: Thu, 25 Jul 2024 11:36:17 +0100
Subject: [PATCH] Setup files for zippy.

---
 nixos-setup/configuration.nix |  10 +++---
 nixos-setup/keys/zippy.key    | Bin 0 -> 4096 bytes
 nixos-setup/zippy-setup.sh    |  56 ++++++++++++++++++++++++++++++++++
 3 files changed, 61 insertions(+), 5 deletions(-)
 create mode 100644 nixos-setup/keys/zippy.key
 create mode 100755 nixos-setup/zippy-setup.sh

diff --git a/nixos-setup/configuration.nix b/nixos-setup/configuration.nix
index ee93662..a6602cc 100644
--- a/nixos-setup/configuration.nix
+++ b/nixos-setup/configuration.nix
@@ -10,7 +10,7 @@ in
       ./hardware-configuration.nix
     ];
 
-  networking.hostName = "c1";
+  networking.hostName = "zippy";
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
   nix.settings.trusted-users = [ "root" "@wheel" ];
@@ -20,11 +20,11 @@ in
       allowDiscards = true;
       bypassWorkqueues = true;
       keyFileSize = 4096;
-      keyFile = "/dev/sda";
+      keyFile = "/dev/sdb";
   };
 
   swapDevices = pkgs.lib.mkForce [ {
-    device = "/dev/disk/by-id/nvme-eui.002538b981b03d98-part2";
+    device = "/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92-part2";
     randomEncryption.enable = true;
   }];
 
@@ -134,7 +134,7 @@ in
   };
 
   networking.firewall = {
-    enable = true;
+    enable = false;
     allowedTCPPorts = [ 22 ];
     allowedUDPPorts = [ ];
   };
@@ -150,6 +150,6 @@ in
   # this value at the release version of the first install of this system.
   # Before changing this value read the documentation for this option
   # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.05"; # Did you read the comment?
+  system.stateVersion = "24.05"; # Did you read the comment?
 }
 
diff --git a/nixos-setup/keys/zippy.key b/nixos-setup/keys/zippy.key
new file mode 100644
index 0000000000000000000000000000000000000000..ec0095cdef6cbe1c354b92c09f6fe353c31973bb
GIT binary patch
literal 4096
zcmV+b5dZJeBxv~4d}D&YS<D)T91nEQg;x7M_!ctboUwSXfVS9Eqt%0nJ|c$$(m8<+
zcbE_dH0ofuS*FTST;ypTBhBXH+jqqPCp?dBLdZGgFmBwt3`$Am#qK|XWg4)ku+<@q
zIP@MuwQvkwf$(wpaHA$vf6{g5P?1#4-QDFY??kY?bpnGY!_7{wi+31Q)S(1@DDmTN
z=XTI*SYGpXhz-m;h)`_e-?=Y$#&Crz**f)qSQ)kNoDu+IS5ZFuiayhLTLE|Z)ErGn
zKs=yc<&W#p?!SUJOU_6|y<H>Gj_QR*x9w`U{i_Q(fuXa+ked^{$WoeK@Xvf+3Ks*h
zz)<}X^2p$@GA@L*54F%wCc{#>W)e##h*!TbG=156uiI+AbhUtAc4X^%7tM1$Z&=I?
zY4H=9{=kt$pPo?q+1vo+HhZlBxClPX#f9w6S};4U*Ip^a+t`4P69!Be2#2HRz#6)H
zy~&X)-1uk-{c9P8FG@Q-*2}rhand6%dohO!fqVrQhVY`~;aAjX#t1D_EdVkAhEEo6
z<V2|nV8XjIP+U&U+?UvDW7c(zp4S36HYMDp3GISyJ`%q|eZS4!2@5QbViD>9+IZ+x
z)z8j(a@=}xf2-P}bS=fb05{xa6?}iLo;k60RpN$f4;Ft8@6on_Q!-(0#V$`;yTFT}
z7Wl({FdELZc5bB7UZi3wP9E&V5kvJtV!GS=Ud@qlz;aO50BC8J%VrIeud?*z#R_$z
zePfh;m=3mOF#PSD8Xa1Ev)36-F%hP68kfU$z%O@P*Az}|mq2CTl^W~u@7NJ-Dmy#O
zTbz(}1Ow)+FJ1(*7(v%)oKr4hqyG_-@z=|}k+S(xUQe$0nNb-Nh003ey{w?UU^SAa
zd8TpqChnUzt2GSl%I^dzh!$e&IkG|&DmnLdNF~*ud$@|%jSXVFx2lJ8Xiwhu)7RV0
zr|GAl>l%Oj(kZX(=>An$)cnU(DM6#~dDjOmWHY%2^vr?)v}H0d^FZtxvwQ2|*Ym$|
zuiuJx(F33FX9ot@zlO!Y&?a-=#{Dr25kyHxB8I+qL%c6o#B*noo0vPM<ByS#eb%u6
zuUQJ#N|9{__h~F)Kpt+voKhGcjaKs`L`Q<RU2m;6WM($SuppJ@X+3R`iOQv1TsP;b
zLdXAX%ZSS2w$Sh1FOav=JmA;}Y<xXue<p&krB3B*`HAj=6YL5yxumDI32BNsy*`LF
ztatjTkw`j&d}+Lqn6_UxQJG})!ThUwO{{Vcw@pP&+d;^FoGPazOP4A2Oa-&VoXC?+
zpP<)kR?@ce;9-8r1;3*I)2Sr;<21q*6w=e>p6wlIg}6ht?G7oVCvtI7b@t%^ziV}f
zeKfo6L<Kr4i~6>l0Cus8Rci$vd3t}D8ZV)1!07K5s4QxrG9b;HD#K5o(U^fqN1{tj
zXoE!4)O?5i>h6Zu2njhp$%+@zET5xe+?LY(<?mro57ce3jNf(`7q#pDl5Uk~9D$MQ
z#q?dotg7uW!N3BZe5Q<7RuEBh7v@=;UcrGt;lz)NG2R#uwe+r!jV7I*nbh?P#Gw{i
zuk~B{3q68ApQz((J5>7Oi%^5SOzso$X2w5@W>Ni4$)ZbGmcU$M=CLr?sjXnV7`=zg
z)S?+*WKM|bVV{=?x!VHBG3@~t)^7cLtmOJD422wBB6(8H$oeLnJ%#aOs=6X=oW?1*
z&eq#lk8%ntWqzlgn`?XsZLcC!7&sZ0N;tG&v1wS-T#Y!eFq_8)Od|Kl7T?IE_ipS&
z>+o#D-s<+AwwxiPLNG?)m%aE|E_YGtIKiZ25~&z-z2`kDA<GJUcsCJuU%cPp<ZiTA
zt!yNS>7@;#mE{$FjN+_Ul=?dtR{fM(7y2yc0{2Ke)~xCd{Obq6qwAN2vJ8f*i()iJ
zJZ+-Jf<G+_Oob-cPc32WUJpu$8h}=@sY3V(3MiykOsBNTM%Ar>z`bcUG$uVlhif$s
z%$a}9N8ckz<QHx=y2l`Vxt?>$0IAU8A<X09RBU~ZpqLd6Lx`9y$lAmOG*lJyWp#1U
z51<r<Bt;QHy=H^-yp}LbcCl(OCt9d5pyprBOYXakZ2>s)jR>~sdcX?;)jfqMjKrQ&
z`z)74@*@y<snUtt4V3Y$K0^4R1i<M2G#8^~AmU;;wN)suwj@gu8luP5CVZ3pUD1YQ
zBU|Nk2<><(B&Y!F-AT^t^{3gj^g6FzevMzwk;plSU^vPK7%ewK??IfOv)W6y`8$Q)
z@~<p9ILfUE#y^#Drenke!ZeQq-9O0`P9#};V-h=pJSi{-(^4BtLRFM??#XZqi|npV
zLx?(AAqy45JD}Dd1rqT3t9ai+uPU<m8d3a-)-ML&r_*_yi$sn`KEJ=cMd%rUcQoOv
z{%#0sH)QH;n_Ltt_ZmbUP;)kvz;}esa~)}B?^W>%y#<F{KsM>|Dv5-c2l9Vi*b7F2
zdCnpDi37b|RtEkoO_whJF>5nq%De3<J#+>&&bLW?-lkvR9PIZW{qe`^>&Kn~E7JNn
z9BGmKB14t%4ijn<XPa6pJARLqV5W#~-QJl6`Q{%io^&SEI1R-9#1Q#QBaf}L&ek5;
zwyG`UKt3a&7+eRPWr(hrV>Cc7A8M@4l&k^X=9S~x<F`YzRKFjw+NTTtTk!u?d$1*U
zgc5l<XHC^kf8!dY99(TAT1FDGcwT;#9vmHajM+qv&~u9IZk|}x*~$;6_cxIC+ChU#
zpE|a&(Ya%6Vvc($3C%L+9Nf*&h1Ma%6O8^IFEWRYUZ5mowkr88h2xyfI&`uBur79x
zDTfN0S_HA8GCr15^l7RYx!SxeEAn)|on+?uC9x6(3U?}6?|L|1{NT#djVGhhTV66Y
zY5ftg@cgCu0NEnp(w&)L$}&shFXz*FFFqF?CYOkBZK#<K;~*6i)ap;B4)$uWdq7o0
z`Waj~t;f+Z7#wLH=n+dEq9~gHA9JrjEbK{&!68JyAZs>n!)9r4P<&%<<R}0B8s+cn
z6|l#|``gkisaf8ee}GYof_@sWB2DE;ADfKm+Z#4<Ot=tC*nBcQb<ht=O<Llz*^|gd
z2HvATzBK<Dqu5F^#ha?PkZ3I@9x8Py`8AYe5iPa-yrezpv-0hI=B8ianC<@RF)l`w
z8a!(Ti-3bWgUQJ2v?=&}WVaiv)01-_4b}Pi@(u6^zW=)N4%Xp%ARClg7!{mN%LZBY
zneNzDd3#1xpzbKR+00A;citx7t+9!E;8c>M^SE;VOmJ2{Xux%>{3hj}S#rFi>hC++
zW}AcSQ*V28TBo0P{GgV?gF5`%%<PylP9dqLW)EMzrIH%A#MKYRwp5`>ArfcM8n_p#
zYGL0fri11ejJbg#a`V}6BbmQYaaR_C)FBBEprG@gsbW2r`>4P#ms>=EGsu<{d6dTA
zAEFMYF#-tpUsJ#)OK5!x&7T;E><lGJKrHn^3<;eFRJ~|vTU5T;H5}dL4gk9G0H|re
zr;*|}+KnO+7_b0#yaTgyF>eQe0e08Mv{I~7e5NUODFbQlqBO-J>#VyY3#Nuf7n@ks
zVYdpqQxW@8yD+la1G5?R@3YYA6TH}S`Z*a!2cELh4)AW$TF$ChH`1Wy3eSsie8f;y
zS7Bdjwem9lDYJpW60>a*`Fx#Khv6{^g>D6B4#?DPuc|uUO6ik+a#3mEWmN{?)EV)q
z3JWz7Z%;St${pqP-!O_eOwxAarvilxi#~>cAfNZLf(}@>g*UH0$J427^k=+EYT_wp
zUd&{1s}^HL*g>aoV}qvm+<st_g;IpM5U>ab%@X9hR>og!^i0re$E%+n1K1+s59cB#
zb1-zU=G{Dbm0yPQ)}-VSd2=}jiOuV;(WjRA$wa&;_P-@f)h84VeH5L)aX#~*<hD5B
zu*0SbqS&I$h#C9`<fHeJCkOZm=p5bhhZ6I{r+LQuoURd;P^xJeA-3H29LD-N9gijA
z(F^B*K)1~3W8*54&Qqb+Y@1YMB(zgtX)y?kj|3$5ncf4pNYPQUP_#m&4?v8xP5w0y
zMRRJ7`ZMEpyD87kwmd7V>j|isxmQLVS{r@b(YizGQX5_AQRwI*X;j^zorX>fS!rfx
zM`_e1uUAxWk%7;dWTe{lW05FEuYaFzpaa$hdxVy}7Vb}9G~BT~2eGdEqg$H)&RVJy
z8G+BG(Qpr}4pL?#Zda+aw76EG-}SSdFQm;5nO#kTfnAck-n3RkI*@GFZSfPZuf78A
z7Fkn!b9gs1n1yAS-=&p-f#KJ9Bt}4sBXF?k5bIgbpxR$_?iZ#+2U(`#*Is!?ZJL2=
z_SNF93L0-#!dcOmdvp^ZWMrh6#Z+oWlxlUT>FJ%I(48F5EH*E$v_N*{GN_-vD0CYv
z<h%3<8vq8gPQW{t)%ckkN)+ZNV7nkfZUY3*{C&!Ja7LYs2d8V{1a}s=d_w>%QV0ve
zLD2l)awykT^s;KMhY|Bb(}gJMA>){4E}1kexTtp~;0*-gQhlj#(MV6_>QMoz5^!yB
zNwOgO|C3O1_1dTMgQ($I6h{?ojV&OG1sm4sNd`qOmMYNu33;+9I?(4%d2m-+fpGI+
z8p2NMKK#v~S(f5&(9fqljusCt6A!&!JDD=gaw%~<@yFde@4(mYT$c8_+;ggtw~`Dz
zwqL&$p5`@aKw6`au=^lX*Bq3GmvY1Cq_X!YDxSH%cH#Sd(=SA&p)57oRh=ey0VF+6
zgBs}qc)UQI@ym2!k=9imd*(PvI|Qf}_mUgI&-qA@H5$l#c%%HEhVMfWtOWr~4h4tY
z8~*^((WEfKs8}pnf!1{Gxksuw@`x7ElqdCPp7ChUY<iD}Vx^_^An#$<awG4EjW2F|
z<`tvP80KA`P-f<tOkL86t~VFi>BnFBFe;7O6D|m1No}*I29Q%@%Jl>~!DmZ~&*bO3
z#GJY}kDd!gN^Bl`et&rDI)IOtRO4?TFQQVHcFepFme~+3UK!w|O&{tI&C*HO!+Kj<
z4arDFA{wL=5^c@4_`DAucMGI(>QT=~PvPMnIVy&oRmz;&Gbg8TkEEnD{31&sV(iK#
z7I=h$95{7(o*tli)f^_<Od;)?V;d?tP?del%GTLagBD^%dJ(qcEhbT)TD$#l34+!U
zf}q?QE5Q3?=~80p%q-}kBiYkbI=3)eB)u2@R-|y`lx1DxO6ISOUYybO0RHt_1!rD3
zx&aHXFxDb3eaVp3N$tZTGbSjTS9IsY*^z8otqW@3n|hKbX0z$U7SsC#<&SGrd5pEN
zmgI{!_PEt;q#B7xx_z3%^i|fBcSZ{!ZNlg{IJhpwc_qHs&CQM8NC*mVvbyeHWk4>=
yJny#szHYnU{h{MqlXpb2jMfgjJ$&G^v|cKIC85Cw$)GS)TTZ#KO;dZ%G|WNpHwE|r

literal 0
HcmV?d00001

diff --git a/nixos-setup/zippy-setup.sh b/nixos-setup/zippy-setup.sh
new file mode 100755
index 0000000..01d17da
--- /dev/null
+++ b/nixos-setup/zippy-setup.sh
@@ -0,0 +1,56 @@
+DISK=/dev/disk/by-id/ata-KINGSTON_SKC600MS1024G_50026B7785AE0A92
+KEY_DISK=/dev/disk/by-id/usb-Intenso_Micro_Line_22080777660702-0:0
+
+parted "$DISK" -- mklabel gpt
+
+parted -a optimal "$DISK" -- mkpart primary 512MiB -8GB
+udevadm trigger
+sleep 1
+cryptsetup -v --keyfile-size 4096 luksFormat "$DISK"-part1 $KEY_DISK
+cryptsetup open --key-file $KEY_DISK --keyfile-size 4096 "$DISK"-part1 luksroot
+mkfs.btrfs -f -L btrfs /dev/mapper/luksroot
+
+parted -a optimal "$DISK" -- mkpart primary linux-swap -8GB 100%
+
+parted -a optimal "$DISK" -- mkpart ESP fat32 1MB 512MiB
+parted "$DISK" -- set 3 esp on
+udevadm trigger
+sleep 1
+mkfs.vfat "$DISK"-part3
+
+mount /dev/mapper/luksroot /mnt
+btrfs subvolume create /mnt/root
+btrfs subvolume create /mnt/nix
+btrfs subvolume create /mnt/persist
+btrfs subvolume create /mnt/log
+btrfs subvolume snapshot -r /mnt/root /mnt/root-blank
+umount /mnt
+
+mount -o subvol=root,compress=zstd,noatime /dev/mapper/luksroot /mnt
+
+mkdir /mnt/nix
+mount -o subvol=nix,compress=zstd,noatime /dev/mapper/luksroot /mnt/nix
+
+mkdir /mnt/persist
+mount -o subvol=persist,compress=zstd,noatime /dev/mapper/luksroot /mnt/persist
+
+mkdir -p /mnt/var/log
+mount -o subvol=log,compress=zstd,noatime /dev/mapper/luksroot /mnt/var/log
+
+mkdir /mnt/boot
+mount "$DISK"-part3 /mnt/boot
+
+nixos-generate-config --root /mnt
+
+# only enable here so that it doesn't get included in hardware-configuration.nix
+mkswap -L swap "$DISK"-part2
+swapon "$DISK"-part2
+
+cp configuration.nix /mnt/etc/nixos
+
+nixos-install
+
+cp /mnt/etc/nixos/* /mnt/persist/etc/nixos
+
+echo "done!"
+