Post-reinstall updates for c2.

2025-05-03 22:35:31 +01:00
parent 5cf9a110e8
commit c554069116
5 changed files with 51 additions and 51 deletions
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -4,7 +4,7 @@ keys:
  - &server_chilly age16yqffw4yl5jqvsr7tyd883vn98zw0attuv9g5snc329juff6dy3qw2w5wp
  - &server_alo_cloud_1 age1w5w4wfvtul3sge9mt205zvrkjaeh3qs9gsxhmq7df2g4dztnvv6qylup8z
  - &server_c1 age1wwufz86tm3auxn6pn27c47s8rvu7en58rk00nghtaxsdpw0gya6qj6qxdt
-  - &server_c2 age1gekmz8kc8r2lc2x6d4u63s2lnpmres4hu9wulxh29ch74ud7wfksq56xam
+  - &server_c2 age1c2kc034n7tqztarcu7n5ldnjmy9sr3jgwrsaddsj0hwfus9mdp3sctts4m
  - &server_c3 age1zjgqu3zks5kvlw6hvy6ytyygq7n25lu0uj2435zlf30smpxuy4hshpmfer
 creation_rules:
  - path_regex: secrets/common\.yaml
--- a/hosts/c2/default.nix
+++ b/hosts/c2/default.nix
@@ -9,8 +9,8 @@
  diskLayout = {
    mainDiskDevice = "/dev/disk/by-id/nvme-KINGSTON_SNV3S1000G_50026B7383365CD5";
-    keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
+    #keyDiskDevice = "/dev/disk/by-id/usb-Intenso_Micro_Line_22080777650675-0:0";
-    #keyDiskDevice = "/dev/sda";
+    keyDiskDevice = "/dev/sda";
  };
  networking.hostName = "c2";
--- a/secrets/c2.yaml
+++ b/secrets/c2.yaml
@@ -8,20 +8,20 @@ sops:
        - recipient: age1df9ukkmg9yn9cjeheq9m6wspa420su8qarmq570rdvf2de3rl38saqauwn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBqN0txU0NKVVprUnlCWGtt
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAybTNNK3lNZFJremVmUFc1
-            azFFdzJuMHN1MVlWemJIQ0lQRU5TZURpQjEwCkNHcGVaUUtESTZCVVFpa2pxLzF6
+            cjZqRjJhSDJ3OGFQOWpITFNZdVdQTi9nWDE4CkZJNjNtdHRBeS85OU8ybXNXVk5l
-            bmZmMVlqRWtvUVNtajNqWTZxNWJWZEEKLS0tIHovT1N1TFgrVjlXYUZSckJ2K1lr
+            SVFBMHlVZVBKdUphWWZaRzhPaUltek0KLS0tIFVWWG43Um54Mm5LS0d2MTZkN3Ay
-            VWZoTjBWWVl3WjVSMXc5VENPbkJlNXMK1Mi9CDyY/zn090pgGIWmbY5fR/G9fpwm
+            K3J2cnlpRGlNQm1abmdMMzJXdER0NHcK0HbMgUuxwa7OqvWi+fDqNBflxzZoOm9I
-            rtl32WdXCcpo8c+XgzYowRw4qxNnNL4gzvGn+91And55eF25Ozl+yA==
+            dCHVWjoBL8j6CIpn9ybCBv9oUWhb17xwxd7YIVmkZ7oIQ7F9f3r/Yg==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1gekmz8kc8r2lc2x6d4u63s2lnpmres4hu9wulxh29ch74ud7wfksq56xam
+        - recipient: age1c2kc034n7tqztarcu7n5ldnjmy9sr3jgwrsaddsj0hwfus9mdp3sctts4m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwMm1BWUxKdi9VNFNFOUdv
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDYzBoQURsckNBTDFBcENw
-            UTB3ZzdiTVBUKzd1eFZ6ZWxteW1lc3NFOXljClFVUkRqVjVtSTg2aVluNnZNNzdx
+            ak8xZ3NIWDM0OGZmVElVVWJWbndwMjRJMlFBCnp3M2EwaDJkYWxrbHkwNUttREl3
-            RFVvT1hxUkR3SzU4NXFqbXNYUU5JWk0KLS0tICtFWFQveDB6SnVqNXRXZS9FbU9D
+            cWRFWVpLbGMySGNFcENXbzJyd0k0NVEKLS0tIEtNd2Y2V2ZMWC9rQ0Z2Slk4YjBt
-            TDhodzYzV3AzWmdjQ0Q5UEJLWTFKT2sKoIz2O7Ot/F+crGjaYvCQRM5iuzMG3L3J
+            S1lKalRuSmRYYmlDeHgrUFFnL0lzaVkKE8mk9PiPD/Tb+e3GEy1sXvIxdInlNGh0
-            sjysqAuESLrcUwPX574NwRaOKvlpTaNnKtl7ZXqKnbfucTJPc6o8NQ==
+            HVHuQ/22UDTKSxXGKkD8WTl4VZVmJAwLAU4TbvtVzx96+SCi8uVy1Q==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-03-12T11:54:39Z"
    mac: ENC[AES256_GCM,data:g8nz1Azs5X59ulimMRzgvKz9Y7lKnjFq2SCctdt+yMBLojlk8RXMSf7tY311dZLcd00wi8xsGlBY1XaCbDjIlkG4sLWuQIareYjfqGK5s0pRvELTTF2ZE9yY+5iYdeVkBe7yv44sWJGNN1BcgFpR9zUouA+6yKVt2/XcPu8+7Fs=,iv:zDyECD2w1bTq0xbart+cIjHBAmfSHnpFG5nHPbiT2UY=,tag:b50oQfRgLtI/XbkINuzx5A==,type:str]
--- a/secrets/common.yaml
+++ b/secrets/common.yaml
@@ -8,65 +8,65 @@ sops:
        - recipient: age1df9ukkmg9yn9cjeheq9m6wspa420su8qarmq570rdvf2de3rl38saqauwn
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDZ0dzYmlHVHRnSjNwUWhI
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBjOWdvMkRQQUV0emx3WDZt
-            M2ZhTVRtN2ZIb0JacXpaM2hxejFab2tkdTJrCnFaVUpBSGpKUUNzL0xEMUo4Qkg4
+            aDEvRHhKZGQxTThjakc5VVpMRFlxQ3pwdEhrCjl1Y3hKM2FRVENRcEtCYlphVTR5
-            eWpLL3RRMkovR1AvYklLNXcvZGtrR2cKLS0tIExPN3lPTjFueGlzc3c4UFVjcHVO
+            ejFDZzhYUG5NTHgyUVp2emgwVWx1RVEKLS0tIDFWM1RublZVWjN3cXZKM1RsZHBt
-            Y0N2cFlKSkNSU01SOEN1OXIvRmtQbFEKDGuIvYvMhXWOz9GLIDSs/PEaXpwn3Ust
+            ZFl4elUxbHdUZVQ4ajYvd2h3RHpMaVkKxviRk3TCTl9SdqAC7C+e+ugD3o/6/3sh
-            BffIB24x01nPXdz0O+GHC8J4LkvdwRrYL5kX6vqZ/RWOQEpPDpjvFA==
+            6I7Z1f9K99ONAaP3VhVoW34+qDXyA/RmNk85TWDjE8U/Y4A7/+kYAQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1gtyw202hd07hddac9886as2cs8pm07e4exlnrgfm72lync75ng9qc5fjac
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA2TkxMSFJLbzdPTTdYR0hC
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBOVNYRTB1NVpMYzJlakpZ
-            U1dSVENJckFjVlBkUThrYnRUN2Q5ek9JcFhjCllmVFYzenF6SHByUGtFQUhTZWg2
+            cXd4amF2dUEyZXVubFZvUDVJZFVlSWh2TTBnCmhRMDhTdjFDQzg4eGNBYzhVTGNy
-            UTBLckZpYWQ2QXkxaWMvR2d6eHREYTgKLS0tIC9DMmZ0QXVUMlJ1NVZielV6dWlv
+            THJrbXZBeVVxMkJweXJESDVSR1U1S1kKLS0tIGpOcFZ1NnZyczZZT01BcUVLVGo5
-            QWpybkVtcVhXOEhHRVFNMUJhMXhqSW8KcrPWhqGA8J5zIu5JaBd7N4VjR4iq/6Mq
+            cmdiMTNKZ0pJVWpOTDNHSUt1UUJCM2cKsCOQM166AQjNqlBoB3r04HMGiUkgkFvA
-            qfi3OPQQlisN6zLzpM1kWs+BTzeAVzfC+UXKmuFeOUHcVJFG6TbLMg==
+            /uxxVnapjzn0Fj9OgtTSsHT7TnRHsPLvFbIPNuvzk2T7j2sv8TEZnw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age16yqffw4yl5jqvsr7tyd883vn98zw0attuv9g5snc329juff6dy3qw2w5wp
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQMWltT2Yvdk96elVqWWI0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2ZnVQVzhYaGlzcUY2ckNW
-            WE5rR1ZjYXMxYXNiNWdlLzJWMkJObGFENnpVCnVsenJzdUIrc1M2cFJReUExSVU3
+            RkxKVHZpa2RRZ3ZuWGFkaTNWVVNISnpaMEhRCmxjbnlGbEJPWGhOdGFnNzNoSkgx
-            dWpMUk53dU9UTG9EUlNOTHBja0JqazAKLS0tIGYzU2pxVmpFR3UzaDhCd0ZrdkRj
+            ZTNvL0ZKZ2JyeFRlMFJHK2dRTzhoTVkKLS0tIHBoZ09TdHFpTUs4TE5BVUxKemRr
-            V1V5M2g2elRMR2lYZHM0QVRTdDFBOHcKFIlNxdy6KyZK42qsLgXNIR0lTmNnCOLS
+            WCttVkpwNVVhRUhtaWlDcDBSMzA1eEEKG149AvnnLyGGYA7oXIhUz46rFzYDFcC+
-            xn0MT+YG6j4YP23OslkjXlr8lEAOggh6+2fFssRXtXZGKdQobQl3Jw==
+            r1UrA6MrJXSDggNh2puQ1dDtntub9BHCO8qDGsxSOCpp/TqEtrv9eA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1w5w4wfvtul3sge9mt205zvrkjaeh3qs9gsxhmq7df2g4dztnvv6qylup8z
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAzK1FBcHh2NlBCMDVJTVJi
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBMTTV0QkdnWDlVckJjaVF6
-            V3JzYmRqVnNxcTBZSWJacDF5NUF0dGJqWWxZCk1aaTdra3RRcklIb1VkU1VpRGlI
+            bXhZUHFFNEVReE1qSURZdjlXVkN4ZE1VOVVrCjBsdTdOSXRISkpVMGVDY0RtMXIy
-            VVZNTUFXQzcwT1NRUFFtZTFaZERiOTgKLS0tIFNTbUVXQmRaWmdPWWVzMTJEYk83
+            MGtHakFuV2VqNk4vcFJmV2FmQjhJQk0KLS0tIC9nRHJSVWVWY0tEaURValdOY1Vm
-            RGo1aDJJV3RiRkJsTXNoa2ZFSWJNcFUKM21CtHAX2swT++JqKSQ2R9htE0+Csvlz
+            bTFWS25lajdzNDdXd0lJY3VCbm0xbW8KgW0kqgIoH2UWqMPhyI1lY3qJJhDankCr
-            h/SfoTkVlm8OPrYzaEQV0SB0yxC7jgBKL9X5HZQDaflGbTUBi9LP1A==
+            wQ1s6Jyxi58hFpCChfSi0q3s0Nd1RWo/MMHZnw8IJ9YAp7MFRY/6lA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1wwufz86tm3auxn6pn27c47s8rvu7en58rk00nghtaxsdpw0gya6qj6qxdt
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtRGxmaUE5V1NabytJT3E0
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIeTBZM2NnV3EvSFQveUFE
-            elZ0T1YybS9OQXdERWdoSkxpbDcvM3Buem1jCnBjSWROT1NxWGxXOERCLy82akJ4
+            OWJoeC9sR1BVemczT01YbjJCUW45dCtOamh3CjJycHNBb2RRaUVrd1E4V2k5d0Jt
-            clVyVVpZMTI3cTEvT0U5aWorQ21LN0UKLS0tIGJDZGhtUWVVQmpKcnFvNlZvUS9B
+            SUhuakRFWDRQbnJmNDl1b0g2ZGV1S1kKLS0tIHd2eW5sNFAwUjhCaVVibGowSVNS
-            STdUQUxXcUNnRmZvNzVIZjlVUGVuWFUKp8qPooDNNFa73mRtmBuzwlccVBX7TF7P
+            VGRMUmUxcjVqekFXV0MzbnpVN2V6dUUKze9Ys+rYb46Oz1ZTCoUGCjWteuheoa4h
-            NcQQUzTe5i1B2S5Q8iDVkEKnPJxb10KGJEGGD+gh29beOWsZXEu06g==
+            DnhKGEcHVYVsJ+lxRheLeEEilLUSluWK0ejAomPSR9oi9y0Z3rEUAw==
            -----END AGE ENCRYPTED FILE-----
-        - recipient: age1gekmz8kc8r2lc2x6d4u63s2lnpmres4hu9wulxh29ch74ud7wfksq56xam
+        - recipient: age1c2kc034n7tqztarcu7n5ldnjmy9sr3jgwrsaddsj0hwfus9mdp3sctts4m
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwVVJQOXlXRVhYMHVZQjdD
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA5L3FmS3JFTHRqeUkxY1JS
-            VzRGSUw5L2hRbXdJYkJndUlOb3ZPVWJ1dUcwCkxGLzBLd0RUeWwxc1ZZL2hTYzUz
+            TXFONTNFNnUyVE1CSWhnM05pT21aVStWVDN3ClE2WHhRTExsVmhaaWQyNCs4LzJo
-            VVBjZVFzN3VCY3o4UXFIT0plSEFoWm8KLS0tIGhJRVRLMVE0eGtkeE82SlMydE1m
+            ampVZHlycE9McEEzdCtFZzNoY1ROcmcKLS0tIGFhcFM3cVNEa0k2NS93amtEVHp4
-            TDhLOENRREVlemt0ZHBid0RNelV0bUkK0MYZpO5AWieaHnW/tP8bND/bJQYKf85e
+            cE42N2Y5WGVMOUZ5a3VvQVlEcDNqZUEKUhfElhoxunhwhIEouSCzqbsqAHcBcuh6
-            fEs1AE83bhS4pLGhf7elXUW9Yc7YG7M7maPyK9Yf3G8cFH1sYLYhVQ==
+            tuzDqSuc3z8NMfLKW3EwCwmGbk9YX57WHmGbd1EM54kAE7zflymOLQ==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1zjgqu3zks5kvlw6hvy6ytyygq7n25lu0uj2435zlf30smpxuy4hshpmfer
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBIcjlObDQ4eVE1SjJrUlBF
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0RS9maGVJeDNnRUl5Yk0r
-            YlVyS1FDYThtdDNGSTVReTRidGVPMXRZVGdjCnkvZENzMkFBKzZaU0paOFJkRmMw
+            N3pvbWxQL3h6aU01TGRFNysrZkd1TmRER1JBCmJjdnBiUUlMR1poZGpTeC8wSVQx
-            MWpQaTg0c1RweStNeFVZZ05KY0VDbmcKLS0tIGhjNkxMeDhxVEtLdTF5Qjl1MVJv
+            aGF0STE0TE1sa3YxakEwMUt3bURxUkkKLS0tIDVsdnpxcHpvQStjM09iSDRMdU1T
-            UHZwRmc2NjNDUlJCdWN1V1dhS1RkelEKF1KiZLQvruEAfjwbW8lIyzvcCqeAMReI
+            c09FQVJURG5PaW43cGhIWFRhQ1ppcEUK2iJ/M228wXCdIcs7LBbnntTrJqzmfdOi
-            svl1uSaSaxPtCbnc9RA2nfo0vvCoz0a02dhr7CAy3syfQPLLZqRAIA==
+            btMKaOX0d3vecXooJF6smssVrdUIwRdoLe8qBeGiMqhjCqjwur0UzQ==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2025-04-04T09:34:06Z"
    mac: ENC[AES256_GCM,data:YIcRrsPparPfPaI2+MLlKsxu7M19H8nndOsrDLuh/5BXzIZNiuTIWyvxODyhI745rDwlibO+7Q0QctanhTl4+IzGaYtuY4i+rb+3dzBMpcdT2VAbtCHHxcltWeanRGFq2K3WM2tbnQCERst5kejfn0Razjq3UU5vNwfBsdJMwGc=,iv:izDxy0ufVnH8ImkZIngcYhGuj0PGpLqBD/ZDvQyE+5I=,tag:oYBUEQS52pr09h5OvOadNg==,type:str]
--- a/setup-host.txt
+++ b/setup-host.txt
@@ -9,4 +9,4 @@
 * set the actual device IDs in hosts/<target>/default.nix
 * on base host: nix run github:nix-community/nixos-anywhere -- --flake '.#<target>' nixos@<target IP>
 * after confirmed working, update hosts/<target>/default.nix to set keyFile to /dev/sdX (otherwise when the USB drive fails it's harder to replace)
-* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/secrets.yaml"
+* if replacing failed host in place, update key in .sops.yaml with the output from "ssh-keyscan <host> | ssh-to-age" then "sops updatekeys secrets/*.yaml"