Secrets

2025-10-01 15:49:39 +02:00 · 2025-10-01 15:49:39 +02:00 · 7c1625d365
commit 7c1625d365
parent 03ce19bbcf
3 changed files with 32 additions and 26 deletions
--- a/flake.nix
+++ b/flake.nix
@ -260,18 +260,18 @@
            ];
          };

-          # sif = inputs.nixpkgs-u.lib.nixosSystem {
-          #   system = "x86_64-linux";
-          #   modules = [
-          #     inputs.nixos-hardware.nixosModules.common-cpu-intel
-          #     inputs.nixos-hardware.nixosModules.common-pc-ssd
-          #     self.nixosModules.mainModules
-          #     ./instances/sif/hardware-configuration.nix
-          #     ./instances/sif/configuration.nix
+          sif = inputs.nixpkgs-u.lib.nixosSystem {
+            system = "x86_64-linux";
+            modules = [
+              inputs.nixos-hardware.nixosModules.common-cpu-intel
+              inputs.nixos-hardware.nixosModules.common-pc-ssd
+              self.nixosModules.mainModules
+              ./instances/sif/hardware-configuration.nix
+              ./instances/sif/configuration.nix

-          #     { home-manager.users.bertof = import ./instances/sif/hm.nix; }
-          #   ];
-          # };
+              { home-manager.users.bertof = import ./instances/sif/hm.nix; }
+            ];
+          };

          odin = inputs.nixpkgs-u.lib.nixosSystem {
            system = "x86_64-linux";
--- a/instances/sif/hardware-configuration.nix
+++ b/instances/sif/hardware-configuration.nix
@ -26,25 +26,28 @@
    extraModulePackages = [ ];
  };
  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
+  "/" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
      fsType = "btrfs";
      options = [ "subvol=@root" ];
    };
-    "/nix" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
-      fsType = "btrfs";
-      options = [ "subvol=@nix" ];
-    };
-    "/home" = {
-      device = "/dev/disk/by-uuid/80a5d8d9-c083-43cf-b7f9-8afdbc26628e";
+
+  "/home" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
      fsType = "btrfs";
      options = [ "subvol=@home" ];
    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/5BD2-463F";
+
+  "/nix" =
+    { device = "/dev/disk/by-uuid/c3e09b0e-d2bc-4e28-a96e-5de7f4c10539";
+      fsType = "btrfs";
+      options = [ "subvol=@nix" ];
+    };
+
+  "/boot" =
+    { device = "/dev/disk/by-uuid/2E59-DAA6";
      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" "noatime" ];
+      options = [ "fmask=0022" "dmask=0022" ];
    };
  };

--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@ -1,10 +1,11 @@
 let
-  bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin";
+  # bertof_odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIC3W3Btk1qtLHU69aFwseDuKU6PJMA+NxVXJXiRNhDce bertof@odin";
  bertof_thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKT+D5QE4TkgoKw5IvSYpvnvIIRM87RBePHce1Aaz3xJ bertof@thor";
+  bertof_sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK+e756v7ZKk4c0/juDhKtqnYumEWXNnrMRXi3oQQJQA bertof@sif";

  devUsers = [
    bertof_thor
-    bertof_odin
+    bertof_sif
  ];

  baldur = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMZKc/X9TsoN3UbEJUa0PIx96RGYoDEzDlZPZb0ctwTN";
@ -13,6 +14,7 @@ let
  loki = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAICeomEH/27XFlOjQ/GTO2mo8qPMHTbzLIsX0dloxXfhb";
  odin = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP8bfOYmFN+KRjnAOdt9IazGeaRKm5tvGyblHD7MUhtr";
  thor = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJbMiGx/QZ/RKgad3UNyEzgLfqRU0zBo8n0AU3s244Zw";
+  sif = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINohU3qJcAdtx0jbqttqepXDeV+fTBlrTizeMmUwhVsP root@sif";

  systems = [
    baldur
@ -20,6 +22,7 @@ let
    heimdall
    loki
    odin
+    sif
    thor
  ];
 in
@ -39,7 +42,7 @@ in
  "spotify_password.age".publicKeys = devUsers ++ systems;
  "thor_wg_priv.age".publicKeys = devUsers ++ [ thor ];
  "wg_psk.age".publicKeys = devUsers ++ systems;
-  "rclone_bertof.age".publicKeys = devUsers ++ [ thor odin heimdall baldur ];
+  "rclone_bertof.age".publicKeys = devUsers ++ [ baldur heimdall odin sif thor ];
  "rclone_tiziano.age".publicKeys = devUsers ++ [ odin ];
  "ollama.age".publicKeys = devUsers ++ [ thor ];
  "heimdall-gitlab-runner-nix.age".publicKeys = devUsers ++ [ heimdall ];