diff --git a/.sops.yaml b/.sops.yaml index 37cae1d..bc47ed3 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -9,7 +9,7 @@ keys: - &arcturus age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 - &alpha age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq - &vega age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l - - &node age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z + - &node age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he - &capella age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh creation_rules: diff --git a/hosts/common/secrets.yaml b/hosts/common/secrets.yaml index 5df6870..5c14937 100644 --- a/hosts/common/secrets.yaml +++ b/hosts/common/secrets.yaml @@ -1,88 +1,88 @@ -tux-password: ENC[AES256_GCM,data:L7f+qd79ahu5IFEND4vAuJYyeZGWi6tAwjCA3yeDprskPlN3sVv4L9Cgr9fLBsebrIkooEETTMWaTpCej0C3ke0RG6EtqUhzvg==,iv:fhovTgvUBgWr+Nj2eNVDs0gVla76+qwQBJzrBRE8paw=,tag:3QGPvJddrFN2RIrVKAkLmg==,type:str] +tux-password: ENC[AES256_GCM,data:yAqMKsk7uz0F0k32PdYnqAmn+tdLyXl2krvMstdgFCvIUZH8TlATWCUMPUtnxQiTQqCUY+Q8LE+yYcFFGC3r5TskbF98igZTDA==,iv:hkE/21gdD2bCEdIITrhm9lhKRTHhCPeo8YaYS61/dEM=,tag:/tz2Xvy2ro9gGwKHrJuuzw==,type:str] sops: age: - recipient: age14vktfes95f33vuefwnmuvryas7az04u76dsgyhfvsx73czkvmp2q7njkl4 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyOG0wQWgzK0Y5L1FjUEpU - SGp6U1lybEFxTTVLemRqL0JjbGpvc1doVENZCjl5TGJYSENHQURmRnZzb05xMUhZ - QjU0QUE1WGQ0RW11YTRVazBlLzV5TkUKLS0tIFBDQTdyaU9tdjFpakRlK1JBSWdZ - K3NZak1iY0o1V3NvTWE5c2VKaGZiTG8K1B2VOTKmMO2p4eEnXhNhUtz5RthSwMNB - W/z5bPzrR+NB1QDvILmxE+aVNqmaW0t5WsCh62ygvDQHDj8wczZtGA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXaTFZSENQZDcvczUrVFF6 + Mm1GV3pqSzVPd2pQaUp3ZGRJS0kzMExXSmtJCkVwR1VxbUhCTTlKVHlLR0kvWkFO + R2VmQWhzSEsya3I4b1JRWnFSbXdUanMKLS0tIFR5bkU3cEVHL3BlUFRjL2l2ZDBK + WUVaZzFCQkc0KzRNQlRRdGNvWFdQNkUKhxAV3VavBzjSQHJPNn+Ghspi1scCq7dS + Qu81Q24kMK9sL7ddTjB7UqCgZ3LHq+Izzw5cSYVy+nq150oCBURnoA== -----END AGE ENCRYPTED FILE----- - recipient: age1f860dfewlx5jtt9ejr47gywx70p3dmyc8mat29gpr75psljwjv8q5xyxkq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAyc0l6YndBd3kxTmFkRXpC - bmRta0RtOVhPRjdCd0lGSzVDS2Yza0IxZW1nCk1KcVNzYUxiTC9xd3BBRUg1WldI - SUtEdWNkK1ZBVzlwWWRjZHRVeDArRTAKLS0tIFBlWitJQzZPbWc5Si9obkhHTzI2 - RG9mOFFBSGJwZmoxcWQvQnlXQnprNFEK3/Ndje4n5v045bO7nU0Sf6xk6RZCjvZu - 75kpDXhmvwwMfJYYyuemLKoK8Erxjr1vXJ0xmwErNHsdEEcDFbZhaw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNVGdJQTdBVHAxTmFoeThj + RWE0QjBiQUt5UkdDZzBRQm5vTUtGZmRxQ2xvCkRiUDIxUkV3ZW5Jd1ZoZWRzeE03 + T0VPZE9pYXJGclVZSTJRM1JaVjM3VU0KLS0tIGFXQ3pRWXFYYWkrYngyZDJST2Jr + UlAzTFdxMENxckVpL05ReENjZHk3b1UK1NEgbZ5AMf9h6zlfIHL7ugNSyQ156T5r + x3l7nFrvxAWE9aTzn03hFjgRP72If6k/3pHJmT8h2494+K20qAmx6g== -----END AGE ENCRYPTED FILE----- - recipient: age1x36yr8h993srfj29sfpzt4wyz52nztvncpmhgmfs0j26qvfecq3qvcm0an enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBsZCtXcGdtVVFDZkNwQnFu - dk5YbG1yQnFNY3NjNXFrZU5GU3dmQ1FWTmprCnAzc1lhUEFPb1Y1bmQza1lybkhV - YzU5Q1JUUXdQYXB4STZVZ0xCUC96ZUUKLS0tIHByZndVaUVyaU1kcXl3QjFlWS9M - Sk54K1VrSnFrZjBuNFkxUndlQWwrUDQKy/kdRKVVtFyROJU6jElBruzrWWuH6o0q - gbelOOKYLOoj5dvPfIuBoBNXe7xKs9w76PY4Fm7M1U1SXs/XRnigTw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwZE16cm5vNzhVSkY5K2hV + MWRaMHNIL1Q2cDZ0eHozbTJJWklKb09BK213CkFSazJGdnBWQnRvQ2Zlc1JQazZV + VWVMb1FpcUZMeURQSXJBTkJGeVdCeUkKLS0tIG1uRDJ4T2pRaVY1aERQOWhZdGl0 + b3JVbHNpY1B5ekpodHp3ZXlrZFplNFEKiRPqPKh3g33a2/fQVrj8qGOcXheVaLgA + CAShzomubIQNFZUnl12hjH+ZcKlAwYFXzCrHUNdkEUWRIASqGa5oMA== -----END AGE ENCRYPTED FILE----- - recipient: age1jg642q775gmnmxeu29gcf3lph8vem4xr8t84cxe809dpd0myrussh49h60 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6NktQRmw1Qlh2U2FhSGta - WEczbENZWnBzWldNRVA0UWppYW5sYytacXprClJqVUFaTCtCWFFmN25BUWwrSlZx - S1ZQK2ErNEhDYjRycVZob083ZERSaWcKLS0tIFBNTTByWEVMTzZCLys5d3VCRnph - VVBqUHN5dWlnNDlUYWhLcndKcFVhMVUKaxhoANxILZ+lBGwyf1s7uJKqHeHEtDK1 - SS7yqtB7bn93EjjlkKsmRk1GSyh91KxxUuFphWagbned8FnrwTUdRA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvQ3UybGxJaUU5ckdDak5F + d3RJdlR3VHNHZTJ0UXhXc08wSVVXZVFZb2lvClZGSzV6QmhqL01rYjhjdjNKT2RT + V3k1QUF4VXBNb2d6dnA0N2lNNnpXS00KLS0tICs3bWRHMGZiMmM4S3YyY0ttRWZ1 + Snd1QTlRUndzK0RSUld1TlRkNU13cHMKTZsBN/4nBfEndip/vCUNtFZF89MKT8uA + C/hKD33ycaLNzmgxz3VRSCxeALMspeobeOLfRHJLflusD9xGgXn73A== -----END AGE ENCRYPTED FILE----- - recipient: age1zsl5d4vj6gl3h96y5p53sq5y4vr4vtlwp727h7rp9a4xfkxm53lqrh6r50 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBKMnhhL1h4UGg4NVNTTGFq - N0FkZDMyZnMvc3hPeFZScmsvNWg5ZGc2aVFNCkVlbkFZQWFjVE5KcVJMNjVqTWFr - YXFOblRyTlVNYTZZVzRPN0N4enA0aXMKLS0tIFBFU1duNExtenVYNU4xYitYbS9t - VUFPYzlWa000NkdiMG5aVUhXMDZLaUEKHVpkfUiRCgtffRfVeCYyUSd8GG4unYNA - Nk8ctjKYhzzMW4VNM3QVm4txOxEILIaJtDoqF2klpMIIaYhucNLppA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBQWmkrNXJvUjR5anlUcFVE + NExQTnAwZDVmWEl3c3B2bis1N00wQzF6MFFvCnpENVNJU1JWLyswNnZoUTBZNE16 + V2ZtLzIzanZEOWhkYXFxaWVLaDZoUDAKLS0tIEs3SXRZU283dERkZEFabmtFZTEx + aUIwRTgzQklUZmlnS05MQ2o5QmJSQk0KVrx1ZHqnS3KQ9jB7yqVIWbrQAdqDt/c4 + i3mst4a/rKjgZGUYugHMctJppPIpqqVZTpBHPgY5OiAGESMrUZE+Ig== -----END AGE ENCRYPTED FILE----- - recipient: age1zujp5gxy7suv8ysnygv43cmzuvv36nxfg0ch7r3xg2emc6fz3vmqqujheq enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBWR1F3ejVWdUgxNFhKQlkv - dlVSdk9qZFpMNDV1R0hGdG5vOGpsUTl5TTBzCmVLWWIrOXJ2b3QrS3puUU5oeW9s - YWNhTE5nUFg1WTNoVUVxTW5QT0FjMHcKLS0tIFMxdEh6dVRyZkZPazQ0TGZBUFJM - QmFEMTlFZTFya21tSkJOeGhLVlBpRG8KHoGPNjwXdTIOUwuMnVAo4i7koWTE083b - svpVUzC4KHfyrAJL8dR0RRPKejBKSgQny8P+CNkjLfyp+19GyPkIvQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBvdUhKNU5BYmNEdllkWU1R + QVIxMExuYit6ekNwVHFmd2dGNEJtTTlHd0IwCkxiZnAvSURQY2RyWnRVVGxtdlUv + bmNpNFB6OENqOFJSakQ2NGJ0cVJTQlkKLS0tIEt5QXBXNC9WaDdIdklTeTA3ZEp6 + Y212bDZSRkttWjBqTEdkbjY4WHd5RTgK1Y779ogFUcr89gosqh7rra7Wg6G/Ez1o + /+48kxF2DTKZLJYX2AFEP5H0JjBDtt+isiO7H1644LjdAwO/sgFMSQ== -----END AGE ENCRYPTED FILE----- - recipient: age1ydkclhk9kwqdq74utesqdfupt43lz64d5k65gz2z9uyljcqq9fcq3hv28l enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPV0JmTlR6dFpBZHR6SFk0 - aXRVNk9qOERWQUtnNGhlUjJHTmkwQSt2RXlBCnFvYVVQTG8vSHFIRXFxZm94QmU0 - aEF6V1hadlFQNHBGK1dkK08wMU1yY0EKLS0tIGNkbVdvUGxjRHh3NjBMNjFmeE5k - cUsrZjRRcW1tRXJDcVdUVG1ZQnM2Z2cKy4ikF/Cmi4bfv9LHQ8jWY4QT/M1lGdVd - 5x0hx8q0nB24yBUUxqTm601CbSm1bBiha/t0wVZU/MU1b4p4SFJhxA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwQXFScVBqUDZHc3BDK3N4 + T3BnSWk5SElzZllYRHdlMStPS2ZyMDZoZ3pnCm5KVnBYb1R6anRWd04rNllPSW1G + ZVMwMTQ5NjQvaEYwZUhOOE56ckJHb00KLS0tIEpCWmNQZzFlK3ZrRGFPMFVwZndG + ZStueWovUmtKdTk2enRJa3NSbFpJL1UKtzKYPJ6vy6+VjPkrsRvNTwUtV198oglr + cMqBSuwkqzgjDC09sRMnW5PRfJo8hG+5gkd6EPZ8uAbUhGC+kAyLrg== -----END AGE ENCRYPTED FILE----- - - recipient: age1cltj5wl3evxq57d7rpdglptexejgefs39njtcvmsm4fuc8kn5p8sqpef4z + - recipient: age1put942dyhly8nk9c8n0h8tq0x6xplrg3uw5q0d2jmvwez3zq79qsapl7he enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBCVXNvWitpb1pESStMazUv - aTBhUG8xbjNrYVZFVm1Nei80Y3NCUXdJUGkwCm9yK3UyTHFrV2grMW93ZHVrZlMy - V29mZnYrT2F1QnlJUUdDVU5FdVd4RkkKLS0tIFVSZmIwRHJTV0FFTE9aRU5pVDkx - T1NIZG8zdC8vVFRKZHp3TWFvb2hoTzQK5bTrc1bb2t9xXIDZw5YrWT9Lv0EWtJCE - xN52eUVI2/XXuExI7XcI5JfDNGynagzkj++QYwoH9TNQHqlRMBYOwA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0ZU93NCtxODQ2YjA4TUcr + aWEyaW4zREZtVUpuZWhZSUw3TWhpMXBYWEVVCitDNGx1eWZQZGsvUDl0UzNCd0Zp + QndpMys5OVg1WXMrdXRDUkFZWDErcjAKLS0tIDBOZTBxM09INTIxZm9tQk10ZUc2 + emExUmJZZk00WmxYK2Y3WCtmQXhSUmsKwMxI9I6kQYkvZ4TzJtv/MdGLwTbQdePx + XB+oFbc9Rp3IAEZfH1+VEtJRjyKk5hE7HQoIh92XxJvmbDIswOe/Rg== -----END AGE ENCRYPTED FILE----- - recipient: age1y4luzn2jls7rvgphej23srvdlx563lxq29tvf66vhwwzaf7c3f3qzvresh enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBS3F2UnlDMkpJdEdDZEs4 - eldVU1BNUXVNdjR3cHhNc0libnBZQXNmVUZ3CkFOOUpmVXgzcllDTWFEaEZTTm5W - OW1lRFJSWFFtU205d1habWp1VExIWEkKLS0tIHhXOGJQZWlvUUVLUnBuQTdQMXB0 - aW5FRkNWR2QySXVXZ0I2Ky9rNHUxNzgK2S5OgrP0o4hko5VPyCv9Mzb48BSkL+9A - H872Z+Nu6kephicg4gewqtJvLvE4wrUyXXzza1O7Q9VHuE1BQqw72A== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwNUhPQThmWjJROW95SWsw + aFk4dGR3c0RJZTkwSHFXaWp2UCtQWS9xYjFnCnAxa0RMV0xsNnZ2cnVMbmRzRFYv + QmRZQVY1ME9zTmZtT1RxUmFQc2JYc2cKLS0tIGxUTjYwYXZUMU9FY3BFS04zQk1G + bFJwRno1a0pwVHpaV0haZjlZazNtZDAKxTvzsmLtx50sI2bZ3fFcB6j9ZLas4KmL + 5bu9Z75hFi+N1sjvMpcK7oIFypGLIWU3xpTP//jv6RuiyjGuR2Dq2w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-10-27T17:05:12Z" - mac: ENC[AES256_GCM,data:gyvhzdjSc8Wjv+IroaiMXMzNCSrFjpK07i7w0hs6bSKzvNtpIbwf7+tgFISe5dXrEq9HD+Z1JC6xwo45V+XAyguXUXa37YoCM5aG41f/LMCsoGQYsEPuq6djeraKXEfElQbGnjZOjHxy/nNlgiyuqze9+AScG+JsKr/DOd2+ACw=,iv:yGHLJw39HRujbcRB/2dDWaec/6GmSAUVnKUvjlCiGY0=,tag:/M9iuG8aegOK5Spa2uM30Q==,type:str] + lastmodified: "2025-11-04T09:28:17Z" + mac: ENC[AES256_GCM,data:A+xfYhnoq/JWYGZOleieF5vjrsPOtkKnXPbd94iBAbnuuBKx8Vgkpuum+hJzVIBdDSCVm8hl2Tpcw7NqWLSkXtBR/NKixzk6eIwFvOZz4h7Qe1Zue10pB25IkIzR34sLnWSHtsxuRRG6fZnf0CNtp7baf4XU3doyDwy5A384Jf0=,iv:i0y0UEY7SSCOBIBc+97qIiq4obpUJYb3gFo1yEc5eUI=,tag:c5zONd6zTv3sq4bPqT73OQ==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/node/default.nix b/hosts/node/default.nix index 358adc6..5b1fa2a 100755 --- a/hosts/node/default.nix +++ b/hosts/node/default.nix @@ -1,7 +1,6 @@ { inputs, username, - lib, ... }: { imports = [ @@ -10,6 +9,7 @@ (import ./disko.nix { device = "/dev/nvme0n1"; device2 = "/dev/nvme1n1"; + device3 = "/dev/sda"; }) ./hardware.nix diff --git a/hosts/node/disko.nix b/hosts/node/disko.nix index de00413..ee51714 100644 --- a/hosts/node/disko.nix +++ b/hosts/node/disko.nix @@ -1,6 +1,7 @@ { device ? throw "Set this to the disk device, e.g. /dev/nvme0n1", device2 ? throw "Set this to the disk device2, e.g. /dev/nvme1n1", + device3 ? throw "Set this to the disk device3, e.g. /dev/nvme1n1", ... }: { disko.devices = { @@ -45,6 +46,23 @@ }; }; }; + hdd = { + type = "disk"; + device = "${device3}"; + content = { + type = "gpt"; + partitions = { + data = { + size = "100%"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/mnt/hdd"; + }; + }; + }; + }; + }; }; mdadm = { raid0 = {