diff --git a/.sops.yaml b/.sops.yaml index f2a6579..3740488 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,5 +1,5 @@ keys: - - &london_system age1rr2u4kk5jc0zk5mmgcfzlddzz82u9ldqwnd2mkcspnps7pzegsms7fys7u + - &london_system age1ea4egj69ghxwyw9lyjfdp24qyvqj9ha5gcu36lqfp3d5yg6nmpgqm7w96m - &london_dala age19m7s6rl4l88nv0f7el70k9u9mv6fd0nq5nw5a3f6p3ffzch274lsksu3y7 - &camelot_system age1qp54d5gzvpyedcv26uckz7lmy2a48m27astawa62hkey59qgmg8setufp5 - &fuyuki_system age1lpk05l443jd7ra27hssvkc9xctpl990dy78tghmr4e8x7lfndy3qwhakwm diff --git a/configurations/london/hardware.nix b/configurations/london/hardware.nix index 58a070f..3494b90 100644 --- a/configurations/london/hardware.nix +++ b/configurations/london/hardware.nix @@ -12,34 +12,39 @@ # Volumes boot.initrd.luks.devices = { crypted-nixos = { - device = "/dev/disk/by-uuid/5a1ac4ae-d74f-4599-bc5a-fc0a3501a196"; + device = "/dev/disk/by-uuid/a4483eca-b546-4519-8591-c922a0d7732a"; preLVM = true; }; }; fileSystems = { "/" = { - device = "/dev/disk/by-uuid/8dd700f8-7bf7-426c-8869-d31687e343df"; + device = "/dev/disk/by-uuid/ce6814ce-808e-42c3-ba79-ae821b2935ba"; fsType = "ext4"; }; "/boot" = { - device = "/dev/disk/by-uuid/F2B6-C8CA"; + device = "/dev/disk/by-uuid/66D3-9AE4"; fsType = "vfat"; }; "/nix" = { - device = "/dev/disk/by-uuid/b7a643f6-a78e-4e32-a1a3-22b321465bf6"; + device = "/dev/disk/by-uuid/dc3a9b6f-da04-4e9b-a39d-a55300b5ecba"; fsType = "ext4"; }; "/home" = { - device = "/dev/disk/by-uuid/e26f6727-3712-4830-b8e8-fdbce5e3584b"; + device = "/dev/disk/by-uuid/5daead25-3e7b-4f40-9540-7283e2fc239d"; fsType = "ext4"; }; }; - swapDevices = [ { device = "/dev/disk/by-uuid/5fe5e76b-df3d-43ce-abf9-d2b63078df09"; } ]; + swapDevices = [ + { + device = "/dev/mapper/NixOS-swap"; + randomEncryption.enable = true; + } + ]; my.hardware.gpu = "nvidia"; hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware; diff --git a/configurations/london/secrets/secrets.yaml b/configurations/london/secrets/secrets.yaml index ddb2ba8..1770609 100644 --- a/configurations/london/secrets/secrets.yaml +++ b/configurations/london/secrets/secrets.yaml @@ -1,21 +1,33 @@ -wg0_private: ENC[AES256_GCM,data:z5G2EFh1vZk1yEwj0pFIU49u84bOjBZRzvKgqluWoQ6vqm+cMQt/dyGqXg4=,iv:XOiExUWxJczO+aJ+BogtlibqVshEkc6r8xeTPmdru4Y=,tag:+v/3JE1rqTm2x2MJUNltqw==,type:str] +wg0_private: ENC[AES256_GCM,data:nQCsWrjg9j8WGk9Ph2mCoe4pysGLTDH1DBtIi+iiT9+FOsTBb3K3wly4Nj4=,iv:Oki3CpsgZnrkuNLqmUn/w7ZcIU5L+x0T2dSUOF2iLGQ=,tag:0Hh/6bSXZzPcbdklq/hByg==,type:str] sops: kms: [] gcp_kms: [] azure_kv: [] hc_vault: [] age: - - recipient: age1rr2u4kk5jc0zk5mmgcfzlddzz82u9ldqwnd2mkcspnps7pzegsms7fys7u + - recipient: age1ea4egj69ghxwyw9lyjfdp24qyvqj9ha5gcu36lqfp3d5yg6nmpgqm7w96m enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNOVhvOFRQQ1ppenZQdEN6 - S3FPYkNTTnZWUnBFUXMxNEFWcUQ4WVhzK1g4CitLWktOamUyU2dPOHBUaG40WWxN - Nkw5M2pCWFBtTWtQMjQ0azN3Rjh3ZDAKLS0tIFNyNGxiNE41RUdDVkZmNUxyVVR5 - dXhiMUhVc1ZBb0F0bFArZU5OU1ZRK0EKdjtUBIRrw1AhNPczQJiDw6GywJL/jm2r - 4o3XkFqMkP93YAoprHw7egH6t/6QVCFQTZPU4cAwJ0y1bLx9ju44uQ== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBiZE8vS0ZMQTE0NFdHR1hQ + N1pFYTgrS0NRdmFKRUsrWlZOTDEzMmlBZFZvCm1zUVJFQTQ4NmU1dVc4THgrM21Q + VnFJUmZFdURVSTl0WnlHMWFLYTVJencKLS0tIFJqN3cwbTEra05WRTM5Z0pERCtC + WmJuZm5oVjVwVTliOThVaUJtOGFXSkEKAi/Q3IHdvtn9u3W/AoR6STeC3KQalm8G + Rz7idBAXHDtyN+UPBq1QQazoE0+l4+FGC442UUDf4/5FVm4OjL264w== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-11-01T17:15:27Z" - mac: ENC[AES256_GCM,data:zL3UgmKuyzZzBTlBAyP7+nN1If7AMjq1qGkbbXKW2rlzl41x6orMdZQfOWG06eBdd7CGBoNgBNV7A9SE11RhXUvr1gdQGILie0ER2/UCEkEgXIV3tpto1C/tsEYDL7z8LSlcuPt3GJkca1Ym6yhIoe576ho7du3HclUCFBPIBQY=,iv:O3/aYlFPiueoByTyvefahrmFwGq5DAEdUaYvJXB1TFI=,tag:1Al7Lw18AZZ8spnITBuGMw==,type:str] - pgp: [] + lastmodified: "2024-08-31T07:33:51Z" + mac: ENC[AES256_GCM,data:SDXAICCzGdN25PWQuqp9qMXoVAxc16WOcX34FIlFzfonCivhc73jTQ6O1i0vLDZsEvgxTydiJns9kz/SG1iZ8+bLMSE1ERpDDW/dV/vX1MIRsjC9v6FDi/FCuZ2YqvUpT+mMPDpELVQZWtGD4tl4awOyMntnbYnYFUcGV/+jZQQ=,iv:YlytWjuePftyT15E4sK3ZueyULNeLdsnp+uIdQP6vy4=,tag:qMdNsMFCy5MtJOGjgSdn0A==,type:str] + pgp: + - created_at: "2024-08-31T07:33:22Z" + enc: |- + -----BEGIN PGP MESSAGE----- + + hF4D0ZiEKlLM+TsSAQdAABFBh9/4DIYjwdMKnAYydump+IeUrBB8HLq9iPmmjwkw + hiFhI1zc0TYbht+oIuacq0e1iqTmCkCWqv42MXP1bP0sTQI5PTWWcUAjngWgClHK + 1GgBCQIQFfTg97RZ8osA2D4ndwp5291BcnAW9CbUrQ0tPAaNyz8yPehJM2xklspG + vJ0hN38TTn1ypQXqjphKGsR7giGNhyp8RXkdIlCBrmQCpPXbPPqTSzcod7MceHRr + aH+cjp8GidBRRw== + =zw46 + -----END PGP MESSAGE----- + fp: 2763F2B50E63CE401A3EB9C040DE2FEE4D3C5E2C unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 diff --git a/configurations/okeanos/wireguard.nix b/configurations/okeanos/wireguard.nix index 66475f7..db6a8b4 100644 --- a/configurations/okeanos/wireguard.nix +++ b/configurations/okeanos/wireguard.nix @@ -1,4 +1,9 @@ -{ config, pkgs, ... }: +{ + config, + pkgs, + extraInfo, + ... +}: { environment.systemPackages = with pkgs; [ wireguard-tools ]; @@ -17,8 +22,8 @@ } { - # PC Fixe - publicKey = "AvW61c9iSO0NiMrXpPsdeWigTO3JTCadqY5Wq5xLPH8="; + # london + publicKey = extraInfo.wireguard.londonPublicKey; allowedIPs = [ "10.100.0.4" ]; } diff --git a/flake.lock b/flake.lock index 4ce9a55..3450e4b 100644 --- a/flake.lock +++ b/flake.lock @@ -23,11 +23,11 @@ }, "extra-config": { "locked": { - "lastModified": 1722362784, - "narHash": "sha256-BREwW6SlaX5kshXXRCkDgJUVvgf+Wd1/icSx6jALPR0=", + "lastModified": 1725089963, + "narHash": "sha256-lUPSW3t46rJQThatY2nP/JoKZ9SSfeaIGfBh8srh4MU=", "ref": "refs/heads/main", - "rev": "14fdbdd08db2759d733a6f349e1920c0c636c6d1", - "revCount": 5, + "rev": "68fdf50688fed8fa37c2f28c279cdb22920b0afb", + "revCount": 6, "type": "git", "url": "ssh://forgejo@git.dalaran.fr/dala/nixos-config-extra.git" }, @@ -346,11 +346,11 @@ }, "nixpkgs-stable_2": { "locked": { - "lastModified": 1724316499, - "narHash": "sha256-Qb9MhKBUTCfWg/wqqaxt89Xfi6qTD3XpTzQ9eXi3JmE=", + "lastModified": 1724855419, + "narHash": "sha256-WXHSyOF4nBX0cvHN3DfmEMcLOVdKH6tnMk9FQ8wTNRc=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "797f7dc49e0bc7fab4b57c021cdf68f595e47841", + "rev": "ae2fc9e0e42caaf3f068c1bfdc11c71734125e06", "type": "github" }, "original": { @@ -378,11 +378,11 @@ }, "nixpkgs-unstable": { "locked": { - "lastModified": 1724224976, - "narHash": "sha256-Z/ELQhrSd7bMzTO8r7NZgi9g5emh+aRKoCdaAv5fiO0=", + "lastModified": 1724819573, + "narHash": "sha256-GnR7/ibgIH1vhoy8cYdmXE6iyZqKqFxQSVkFgosBh6w=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "c374d94f1536013ca8e92341b540eba4c22f9c62", + "rev": "71e91c409d1e654808b2621f28a327acfdad8dc2", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index 8a4a19f..de259db 100644 --- a/flake.nix +++ b/flake.nix @@ -143,6 +143,7 @@ colmena nixfmt-rfc-style nil + sops ]; }; } diff --git a/machines.nix b/machines.nix index 9987b89..b107329 100644 --- a/machines.nix +++ b/machines.nix @@ -3,7 +3,7 @@ nixpkgs = "unstable"; system = "x86_64-linux"; enableHomeManager = true; - stateVersion = "23.11"; + stateVersion = "24.05"; localDeployment = true; };