diff --git a/.stow-local-ignore b/.stow-local-ignore index 080e887f..f7ef87f1 100644 --- a/.stow-local-ignore +++ b/.stow-local-ignore @@ -12,6 +12,8 @@ result default.nix nix +shell.nix +\.envrc # repo related ^/README.* diff --git a/nix/configurations/vanadium.nix b/nix/configurations/vanadium.nix index 6a274b8a..72151a32 100644 --- a/nix/configurations/vanadium.nix +++ b/nix/configurations/vanadium.nix @@ -71,7 +71,7 @@ in # Extern modules # (sources.disko + "/module.nix") - ../disko/vanadium + ../disko/vanadium/btrfs.nix (sources.agenix + "/modules/age.nix") diff --git a/nix/configurations/vanadium/nixos/fs.nix b/nix/configurations/vanadium/nixos/fs.nix index 26f06b5e..e998b645 100644 --- a/nix/configurations/vanadium/nixos/fs.nix +++ b/nix/configurations/vanadium/nixos/fs.nix @@ -3,6 +3,15 @@ pkgs, ... }: { + services.btrfs.autoScrub = { + enable = true; + fileSystems = [ + "/" + "/home" + "/nix" + ]; + }; + systemd.tmpfiles.rules = [ # tmux-sessionizer directories "d /home/leana/r 0700 leana leana - -" diff --git a/nix/configurations/vanadium/nixos/misc.nix b/nix/configurations/vanadium/nixos/misc.nix index 0368ad30..27a57908 100644 --- a/nix/configurations/vanadium/nixos/misc.nix +++ b/nix/configurations/vanadium/nixos/misc.nix @@ -1,5 +1,5 @@ {pkgs, ...}: { - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; boot.loader = { systemd-boot = { diff --git a/nix/disko/vanadium/btrfs.nix b/nix/disko/vanadium/btrfs.nix new file mode 100644 index 00000000..dae326ba --- /dev/null +++ b/nix/disko/vanadium/btrfs.nix @@ -0,0 +1,102 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + device = "/dev/nvme0n1"; + content = { + type = "gpt"; + partitions = { + ESP = { + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = ["umask=0077"]; + }; + }; + + # Use LUKS for disk encryption + luks = { + size = "100%"; + content = { + type = "luks"; + name = "crypted"; + extraOpenArgs = []; + settings.allowDiscards = true; + content = { + type = "lvm_pv"; + vg = "pool"; + }; + }; + }; + }; + }; + }; + }; + + # Use LVM to create a partition for swap + lvm_vg = { + pool = { + type = "lvm_vg"; + lvs = { + # Set swap device as resume device + swap = { + size = "48G"; # > 32G for hibernation + content = { + type = "swap"; + discardPolicy = "both"; + resumeDevice = true; + }; + }; + + # Use btrfs over ext4 for: + # - compression + # nix store can be shrinked using this feature + # - more transparent partitions (subvolumes) + # no more "I need more space here and not there" + btrfs = { + size = "100%"; + content = { + type = "btrfs"; + + mountpoint = "/btrfs-root"; + + # # DANGER: + # # Override existing partition at partition creation + # extraArgs = ["-f"]; + + subvolumes = { + "/root" = { + mountpoint = "/"; + }; + + "/home" = { + mountOptions = ["compress=zstd"]; + mountpoint = "/home"; + }; + + "/nix" = { + mountOptions = ["compress=zstd" "noatime"]; + mountpoint = "/nix"; + }; + }; + }; + }; + }; + }; + }; + + # It's nice to have a scratch space + nodev = { + "/tmp" = { + fsType = "tmpfs"; + mountOptions = [ + "size=4G" + ]; + }; + }; + }; +} diff --git a/nix/secrets/four_pwd.age b/nix/secrets/four_pwd.age index da648910..248837d2 100644 Binary files a/nix/secrets/four_pwd.age and b/nix/secrets/four_pwd.age differ diff --git a/nix/secrets/hoot_token.age b/nix/secrets/hoot_token.age index bcd5296d..8bd03167 100644 Binary files a/nix/secrets/hoot_token.age and b/nix/secrets/hoot_token.age differ diff --git a/nix/secrets/ltex_dict.age b/nix/secrets/ltex_dict.age index 47896667..90cf0bfb 100644 Binary files a/nix/secrets/ltex_dict.age and b/nix/secrets/ltex_dict.age differ diff --git a/nix/secrets/parrot_token.age b/nix/secrets/parrot_token.age index 90529822..2ebc0972 100644 Binary files a/nix/secrets/parrot_token.age and b/nix/secrets/parrot_token.age differ diff --git a/nix/secrets/restic_backblaze_env.age b/nix/secrets/restic_backblaze_env.age index 65b10b93..0477dd27 100644 --- a/nix/secrets/restic_backblaze_env.age +++ b/nix/secrets/restic_backblaze_env.age @@ -1,11 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ IQwjCUcoeJdCB0t+PbROjKlSUovxzZ588AnUDbLKfXg -RIapw6fvGvXDS1YAyYQzlhR7elOunHcJNotyl9KJ9AI --> ssh-ed25519 5dpZEQ 6YlJfVW/DnjTcf0DT84y9riUKNaQA4QEFRNxXYE5f14 -71LcqS1H/RlvCVpEy1pn946SP7TXdT0lKoQmrcf0YKk --> ssh-ed25519 gFLKzg LdRsm6mEv30HPBUNx/o4mgT4jaYPedj9n3Iy5o8ed2I -1AenWvRflROQ2UF/6l+SXYboLBxmgEG8fpXRk+ZJybU --> ssh-ed25519 zp0Cfw 3lyhwlG2hLc/PSaqLZy4ItDOvpWJDRtDrnLid2P/xjI -ZWunvQLIgYrvVV5Tcs2lFljsemvHip62E32sVGE8xAc ---- 4c2hqCUsLHpDs0LqVfQGOxvWtahtoFilWmNJC4BvNSU -Tcﲲ9k\UW>5М%!f!9:oYZȶ)jt׵>3ha/6vb$I= %g&  \ No newline at end of file +-> ssh-ed25519 7owkuQ rd3EZwldcI+U4OPT3dTL9TsWFI+2azh66HRL79O8WRQ +nh8jLSZfuqOO2inU4kIyh5HrfEPqWrbGb82EulWn3dI +-> ssh-ed25519 Y8XJnA oZOhDFlwaydJhii01vwBGJwjnj+Wz8VWqvHn5cyFFUI +9vyNd1BtTFqBdnGqFV8Ehsp9FRQefxyLin7us5YEASI +-> ssh-ed25519 gFLKzg bdSTF8mPe1xiZZf53Lic7FmIociuRKvVpwCYldAoJks ++uque6eV5koi5mq8gCSaTS+RkgElT3Jprjebe0GtfOI +-> ssh-ed25519 zp0Cfw mZVEFkbCviPQo8x/JW5M6rodOkrAngzc6OhrDkofZ3g +3MiXHLbTGlpT+cOhfYa0jkfkR5kzfrciFlv7c83cQv8 +--- cc6CWPYifqAdBFZ86OkrSlmG6KewW6nXUP+jd4mJ4Dc +%`F!U:Fޠa +ud;aD6H߿3YozI5·W.b%&dSUyŠ=0ٛ0I_##>';6H5~P@ oGS* \ No newline at end of file diff --git a/nix/secrets/restic_backblaze_pwd.age b/nix/secrets/restic_backblaze_pwd.age index 8b0f98ab..75d7137c 100644 Binary files a/nix/secrets/restic_backblaze_pwd.age and b/nix/secrets/restic_backblaze_pwd.age differ diff --git a/nix/secrets/restic_backblaze_repo.age b/nix/secrets/restic_backblaze_repo.age index b0b3a360..6e0bbbfe 100644 --- a/nix/secrets/restic_backblaze_repo.age +++ b/nix/secrets/restic_backblaze_repo.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ 7xYeY51Eo1FMmanLvwDhbLRLHfFCfu6T37VaAwAMcCA -idjwxWgm3MVon2XUwKhC1ZS9k2sCaEk5/Syisy5A9Kg --> ssh-ed25519 5dpZEQ Df3kq0CxZoZCfeP5P0kJiv/t18toHjevPUxDpKG1GyQ -aUXrq0vHSXPOx3k1vZR7SyJELNEsKNa3fugMVG5n2Bk --> ssh-ed25519 gFLKzg eAcqNJUr7RpzPJmKzNSgrvaYEusjbbT5gqJUYgURUE4 -JKJ0zoRbNzh2cGxgynEb6cRJTQ9DELIX12oNcBqJIGU --> ssh-ed25519 zp0Cfw KIQuFRbsQ51xyNmeiKnJsDQerNl1G+QsGH8XGOkbuXE -tMFsLXcNv8QEwrbEBMwc+fU4FNlsqDZPm+g8XsmRwzc ---- 132mcjb5oUsywuv9jJuH5BdTFuMsJGdV1/IztoyV/r4 -CÓ?۝ ! &Z|WDeXNY/OA) {p?<#(%;+_W!-5$)&T-FD7oX /ka!r9 \ No newline at end of file +-> ssh-ed25519 7owkuQ 7+8t2oE+AIjwRfvoFjwYm7z3jSQuxZogXuu4cFlILXs +ibdkl1XX0+JJswbHqlTVvbXCRrVZMr9zuz2K+EylhuE +-> ssh-ed25519 Y8XJnA w794CRnrScQIDv7Ho38H7iGnRLVgk4/Bta5T0Qio8Fk +wx9D9yanhiNR3qb0Eq4B3CfbU2E+B12hwpeZiYSOZO8 +-> ssh-ed25519 gFLKzg wdMao+vR53TyeMQBIgnK/JivunNKfee8Egw38Nzq6zw +CVcxP0Xr7vSnGaMkJqoCTgB39Fm2iKLUNul4U4iUUx0 +-> ssh-ed25519 zp0Cfw TQ91UMluVhlWI4XbWL+SVu4iZLL1/ZSrMNXQ4Q8f20c +qFtcXOBzXMSfwxXjeTyqoQTmXNYWBFPJoQgeU4jZYfo +--- ZcVSHz1RoF0+A/3uvj6CbZvqBdFK+y8ml0e4D51ZzEs +MPO1A/2;g] } 嘾-.q;8uTw ̈́)Vl"hd7?w&RgGa⹲sIt \ No newline at end of file diff --git a/nix/secrets/restic_four_pwd.age b/nix/secrets/restic_four_pwd.age index 12906019..466e88fb 100644 --- a/nix/secrets/restic_four_pwd.age +++ b/nix/secrets/restic_four_pwd.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ JmcIImKWc73PYFj3mtckN6YE/ZGqmWw3/pfGJnL2hmk -uLkl4Hma4mFHMeGldD1AKZPUz9OaAMaEF1icFtzzLpU --> ssh-ed25519 5dpZEQ 8cUoY+KBb08rv85d/PaGAA3RcT/PijGWoLWj53JJESM -/jS5n0CZ2KKp9d97Ety9nmWuBp2155tfA0fw9FH4s6k --> ssh-ed25519 gFLKzg SoABIosMZTVfJDc/UX/BrTwOR2auXEfMdR+GlVpbWHE -7OxRs7recbO/SS3MMa9ZQM5TK0NoI7piQ6ErxZPRWqc --> ssh-ed25519 zp0Cfw xLL6WiM0KeYWV5eCkQ5dAQxty0O2Jv+37/8ovgb3DFA -Es02nivP5uRm1/UiVBPZjHegmPcYTKnmWL/2dbIV81g ---- q/0wLvbKVsCKDI7FlP2u6LA11SzX6ViDCDQFxbcXpaA -+UFWs/5_`oE7&>M|Xdzc'iGqr. \ No newline at end of file +-> ssh-ed25519 7owkuQ oHuCDN+x3LKlhtRn46El75a2uiyvwg7/HuutemsR7nY +xYat3RqB63D/M4hWmxplZVTNlsl3ukjVFrAzYJeVNCA +-> ssh-ed25519 Y8XJnA wvlzQ4eRMybsrT7ansGe9CEn2RnkadhcfKqJQYpObTk +rWrEoVtu3XOGE9FOukb+LY3IyF4iut++58VxhUbD4/U +-> ssh-ed25519 gFLKzg KP6yyqb6zDtgLlFyClaHKXj8+wJwnY1Fmak1YyLqalA +tv9BAGmuXHzkCrhGUk+lM0pYEyPs+whH/ydmPAF394E +-> ssh-ed25519 zp0Cfw WidN1frzMJzoBo70xejM6Qk2uKXu2vgJmVggjtY2vwM +FqXvxEW7hASb5toMjDe+/Zlxt4YkkXq40h26EmZEZrc +--- vY9Qle8UDnQJGX5vnk4XzwsMDb+dzfw4eZUMEfn0898 +7M鉌Ad&?Dw.X{|i&SXt \ No newline at end of file diff --git a/nix/secrets/restic_sgbk_pwd.age b/nix/secrets/restic_sgbk_pwd.age index 53a77e85..55fd53f8 100644 --- a/nix/secrets/restic_sgbk_pwd.age +++ b/nix/secrets/restic_sgbk_pwd.age @@ -1,12 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ EfQT1yelq5hGWJZPfTnPe37XkHK3QWQGbgikAWgHfzA -EL5PU9cOtM5k/qqlSX3qvRiXePQaK1LPMWpdLJjRrtE --> ssh-ed25519 5dpZEQ vp12U8UgGlg5tPaGTOX7iV/b8RlDm+xghtKPRLL7O0U -CtwTletRUklN5uFmP8Tbj2jh6n2MqMRRn7fAzLbwQxk --> ssh-ed25519 gFLKzg ovHOZXxgPZbNjlNLE/AbMKZ83p/sUuTbNUm1tnmelTk -bBVUeW2TvLT9/qu9h+TiPIgh/YOFMGDmY7QVFgwAeXg --> ssh-ed25519 zp0Cfw ZWtsg42NwwuoAblnNBAwFdfSxnh8+RQGs9LdlphY5k4 -87WANVnbHAobOx8fMKyoufxwJZwbNvVkjLqt6mFpYPU ---- 0z1pPXT+1ToLe4BfKCTGMycPKVJRZ13DMpHJb7gM0O8 -Uj*s'MP#httw rcJpg -'81"J*H \ No newline at end of file +-> ssh-ed25519 7owkuQ 0Kpa/boD7cPyMSeFvq0watODH9Ub/Bthzdprn3BLuUE +4i1Td337iBbT4dwA+A/IAoUd2cyFicSMP2u3YfIpatY +-> ssh-ed25519 Y8XJnA 7sansKcB94DS6lefScrQzCq5SrlOq5x142/kljXAWW0 +D4bp9mRyzFGETN36FfhPJapCpBFc6rwUTEdHhonaY5E +-> ssh-ed25519 gFLKzg hgR6j4PwYHrHijt+J8GaIDSaoVwMbfmBq10Bz4nkRVE +gN94qAKFpb4yh87ieO8Var63f3+17RDmGsXCjWqoOYw +-> ssh-ed25519 zp0Cfw 1LY3vkQZKNbl3WKUdLIMOMD519p306bEl5JCs3BMQVU +2xG8ToIemouKxwPPJ22v4ZND9YMNjx0aP5xBkNKoJ3c +--- oSsulGEG+f+okkusI0I5Skhz84160FMhUuBsVtMXjow +YF}JC+s h'85Y D;Pb@jjB \ No newline at end of file diff --git a/nix/secrets/secrets.nix b/nix/secrets/secrets.nix index 57c72bfb..a25e1114 100644 --- a/nix/secrets/secrets.nix +++ b/nix/secrets/secrets.nix @@ -1,7 +1,7 @@ let vanadium = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGPq2o9pbmLRGrOpAP76eYCAscmfakDC7wPm9fmsCCQM leana@vanadium" - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIF52lTIu9kT4gb6RnAefriQkeTKs/hKG6kI/M8zTDWyo root@vanadium" + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAodIJHcxZM8lPdd7tGJloVqgP2AlkYn+kfMDYNA5gSZ root@vanadium" ]; tungsten = [ diff --git a/nix/secrets/sgbk_pwd.age b/nix/secrets/sgbk_pwd.age index 009e93ab..037b0439 100644 --- a/nix/secrets/sgbk_pwd.age +++ b/nix/secrets/sgbk_pwd.age @@ -1,11 +1,11 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ MVzZvxcL29ripa3xJN1i+99KfR1Y+eME5Ec0XssG0mU -HYaaqHne8D46RPz46Y4BP7clSea/i0cwRNqEDM5nf38 --> ssh-ed25519 5dpZEQ WEQ9Eln/C/n1FX7dzwzLEU9STcTxfFJ4SjQbJevH5i4 -tOJ0vc9yEJfmrSrI/wKryzLWQmeyTJcs7N4vwHg58DY --> ssh-ed25519 gFLKzg FFemREWoTrmz4q2ikdv6ncsqGdQE6Xgm8J4JyzxtK0c -aJsOa2Fhoo8JEuP2oOQ5MOKIigDDXzpFK6WpDhz/yLw --> ssh-ed25519 zp0Cfw 8/FOJ3lzjbUxM+wWjvuJoaPy7bTbX+jh2CnW2VxG2Uw -+DbH6UQzQ87cwnQPpYZ+jg5tIAF1e6Sdo+zERbJPb9U ---- UylIHe7jjfuTbrTFl7gA3NTryboK4MDEbeMjIy03UmQ -\B'G|`{כ> SC,4I7w6G\-gF: \ No newline at end of file +-> ssh-ed25519 7owkuQ 1s6xTdS3y6Rty9oH8kd9C38MbVkdUFhxfkpwBGBdSWc +OdhHkx6oNSlob3FmSGl5OX+PmHV2jdoPYH4W597o1jU +-> ssh-ed25519 Y8XJnA 1Lbr5YCq66VDLXSaLWUMyfjPVs+i1+DemLWKHFRssmA +aKyXk3P8yJGYUuEGRabrMyFzMR/6t3RAIv/iiW3wiR8 +-> ssh-ed25519 gFLKzg XVJZTEc9wzxF+EnFjsASn1ugGAZuTYIbqLnVKhrsV04 +KlSI6k71bjn00lljWPu2YtuSCik33Idv0ChmBKmeWdY +-> ssh-ed25519 zp0Cfw 1kJqBAn2C5VM6p/tr5PlPFWZdN3SfHtixHJAk2Ct7jE +aD8f6snqi92xwjy2B6vyNZjQTJslHf5iOqakUoqnra8 +--- sRJtqap+h8ndESvcKwA8UyXQEwxGBdxDiPJKFGWmlas +[ÝHc |bnšyƃǷٜH;_7:194r~bɭr \ No newline at end of file diff --git a/nix/secrets/sshconfig.age b/nix/secrets/sshconfig.age index 5df966b9..b82a0ed6 100644 Binary files a/nix/secrets/sshconfig.age and b/nix/secrets/sshconfig.age differ diff --git a/nix/secrets/two_pwd.age b/nix/secrets/two_pwd.age index a16d18e4..49c0d545 100644 Binary files a/nix/secrets/two_pwd.age and b/nix/secrets/two_pwd.age differ diff --git a/nix/secrets/typst-bot_token.age b/nix/secrets/typst-bot_token.age index b74d18db..bc41e25d 100644 Binary files a/nix/secrets/typst-bot_token.age and b/nix/secrets/typst-bot_token.age differ diff --git a/nix/secrets/wpa_password.age b/nix/secrets/wpa_password.age index b48c6185..6030b400 100644 --- a/nix/secrets/wpa_password.age +++ b/nix/secrets/wpa_password.age @@ -1,11 +1,12 @@ age-encryption.org/v1 --> ssh-ed25519 7owkuQ BzumCTV2qAMv8WuCZOEsV/LoDHkai/3qUlgAcCyo8DY -KP1mwaAEDkAZmsR0bsrHZEqm1VodUWw+RvGSsYNF4lc --> ssh-ed25519 5dpZEQ Nl0g/lcPFg+yr2glYmi+LAP2usLHNtCz+kJkUB8f8Sg -BM19SfXeagbsVZtyfCWKisMp/wV0XvihjAimbrhkkaU --> ssh-ed25519 gFLKzg 6Dhz8r2OWsFv3PHCXCInu6+FiJCo4epC1bEZX3HpRV0 -0NhLjYJuJ+iG41HdriSUI+lTGk4jpi+VyojjVQtoPk8 --> ssh-ed25519 zp0Cfw pZKYOx2n6K6MnSZ5jNAWff8tssUejUAsGW3JMXD64kg -eZgZaXqkFCIqUnBgWCj+aHiUSykKg+XrzUXXq+fGWvE ---- 7l6Pr9G+Ke+ic5l1T3nmNufFaL1opY9BAMf73B4DEYw -!͋܁\qb2>luϣ*Ǟ3P$֎$xlVV[/-2жDJ(yԸaPF E6{陙\:5 L1r \ No newline at end of file +-> ssh-ed25519 7owkuQ eEeU1XSeT9WNVIFTXB2tXVmFMACL8oKuwdZi+pnYoFE +Iy/f58v4Fr9+9XcCsbuccQruHU8tYmEQez8anKm92rU +-> ssh-ed25519 Y8XJnA ZZI+GUlc0FwH/yrLjeQoufbf1EmrVOHFOxR1alUb+zg +nR1OGprP75LGX5+xBV9Qz1gBRYVQS0WT0kAktqWVtiw +-> ssh-ed25519 gFLKzg Lk2F9/yE7C7wuCIVmWxZ7nrDoS+C3KL7MhHUwXU+2k4 +1VhVbgmA/xv8+KMD1gbWlDGMYCPbqpkQVWdo1LsdJUA +-> ssh-ed25519 zp0Cfw hkx5UUywMK5cIP0oyPTiexJcpbwZf7a8zx1IDtKxnk8 +GHeoYwUxnzbBupROmi/O7st2hDyjJfrEbWhKyVH7T6Q +--- TOvv7vml1HhP9TJL8YFoVZSKTmh8GG3pZFIgeT/m0tI +ÖGF1`=63ꜻ}.)o=3'O٬K4wxVw'Oء,s^n 9|Qucߓ`J +Ni0