From 7b0d60428dbf17a9049c7c2fa9406d52f6018135 Mon Sep 17 00:00:00 2001 From: Simon Bruder Date: Wed, 8 Dec 2021 17:42:01 +0100 Subject: [PATCH] raven: reinstall for production --- .sops.yaml | 2 +- keys/machines/raven.asc | 48 +++++++++++------------ machines/default.nix | 2 +- machines/raven/configuration.nix | 19 +++------ machines/raven/hardware-configuration.nix | 12 ++++-- 5 files changed, 40 insertions(+), 43 deletions(-) diff --git a/.sops.yaml b/.sops.yaml index 475d0f6..69351cd 100644 --- a/.sops.yaml +++ b/.sops.yaml @@ -1,7 +1,7 @@ keys: - &jalr 7C207509562C208C4EC1676E87A8E5662DF00274 - &simon 47E7559E037A35652DBBF8AA8D3C82F9F309F8EC - - &raven 2855242612275730D456C3F0DBF3508960495F3C + - &raven 10E468768E3BCD6459F9F11AC8F765CF8AD1F892 creation_rules: - path_regex: secrets\.yaml$ key_groups: diff --git a/keys/machines/raven.asc b/keys/machines/raven.asc index c1208ec..6bb0c08 100644 --- a/keys/machines/raven.asc +++ b/keys/machines/raven.asc @@ -1,28 +1,28 @@ -----BEGIN PGP PUBLIC KEY BLOCK----- -xsFNBAAAAAABEADJuRGmEF1kSUg8qjGCk2/lBaDa2FYKM77dTRh7z9dHIABG+jy2 -3VdQPwT/M94Vipb1m7vkF5qd1DnYFuyOrM38ql/9gq16tihq9EKTsJulv8IcKjY8 -+nVD76srojho09G6Y94xcE0np0chZVSVyDQ/o8Bj4b4TYfGcDg8GljL+X8MRQz3Y -W6E1oUjSraDS10DeApsBB//MtIMvzqjpvU7NfA6ny1zM6hrUnsDb+WLgouYONJI3 -ZZXuVSwmGYO8NkkdmTVSGA9iytwonceDT+GXt45agr0ry9i0txzji/HC8ma5nR1R -WitDIhYHl6eRNfqAxGhABdi/dmOm4c7w3AZ2hEUMHXjYpj2LTG82G/zS7Iuvdxcb -u+KptBWOXUe4ye54agQSTlCIbFKrDPKkk0gQACuJ5FZkp8VmoBL5gjW7TYOW06Re -iRS7TBAroebnssUOr/OU4zs3WTMJQd5psj4EcVFniSteleDhjo85wxFTIerCDclw -/cC2HU8yNn+6cDcA05MKC/ZusIopH1+WcfTt9wnEf9glRHT4NMuOgrDO/cZocRge -hg2kKgN8kVffCt7z3rHCrDvtQB7vIsATyRHWdJBe2WtC+Lv74vuldyYrrCe6XOAl -wCOTy6rRfQFijfa6zp/MBiXWv5Sy+jXnNbbgu9w6aZ4e40Uy6fft/zF1JwARAQAB +xsFNBAAAAAABEAC5RX7E07G3dOlgwYW7D/Cgq7xD288JWNTotXAnGTPQbF04yx62 +EUEjQ3ggxcTz4t/7Sv9WOfbWBvlRy48rhW+zxN9de8ld9FhPW0hG6GKfgN88LCSG +pVSY4WQ1wqry2ZF68n4YNdrXCZ6PG0EgbrTSSOHaxHVxiVsfZIGWrAUcTyIEhmka +60tenlQVXj8c45WTRAXQ7kLpXLZAfYmetlyDhUMGj1c46+551GXWnxTYnGZGXS2X +4gavMnGZWOG0mNtY0TPaDxfJ+1kgANUbtPc9UNIZuhWHuz/K6LdBybMKsDWv+8Of +962TXj8NlEjRs+t1bhalSWl2zFZ0gI3/gQc8RM4fO7yBht5oFAlSh9fUBuFjyp0c +KuCs1twQ32NNHlm2+RjVPUN+ITWKCRr0c05OGC2cE7M2ks44F/bMKRvH3v28biZC +6bj00novLw8dSQzya34nZttA7htySJTbyt7H9aBCyZhs22TxRNIed3UrkmFZr4QH +QiEzZ44SJ1QYOVtRVcAeLDRcyfJWjUqo7QxPnJS27iN4cjaeWkm6AFk+bsx2nIcb +10vM6Y5rMcwcWTwZnEbqmhTvO+l661yQAR+RrdeVl+J2MQHZ6fsxbDFyW0YdaSnZ +0geev9lqbg86nLIPdQANkFHtnYZIURliitxT9OahUce4xdUds3Iaep4pbwARAQAB zSlyb290IChJbXBvcnRlZCBmcm9tIFNTSCkgPHJvb3RAbG9jYWxob3N0PsLBYgQT -AQgAFgUCAAAAAAkQ2/NQiWBJXzwCGw8CGQEAABfaEAAjGpldJ2VsitBFkb7oqa0R -+JBLPlhPcdCFW7cDpzpaMoZ1DR04NR21vFg4IpIoxkqYWznepUPgYVE/SP56l/B0 -n7rapuIPg9VdxLSFoVNoFX7jXviBUsOrGKSXBp6hPugvh/0Vwt/L2F/9OsnWje3E -jM2mgFOR63G/rGQMn4sCs4UEXUz1sSmrSacpFgKNYZoMx9aYMMR3bHKMqLWU3zkW -ugRqjaxe9jOV73qhENSPYgMoXZEa1IahXC8aeV1Bznw2tQKD/ixMycN2W66/azAU -kdyEUoBE+gCBw0JAgHWZ/jcmiycUD2eZ9Yju/rz2YaDvkpP0rx4Z1s6eF3af0k6K -gMChTD0me8H1Cid7bAMdqcvd1hEmIGJviMXlSAZMJtDxF+QRzUAwP87M9lsu1BdR -WFRi45tLwRUwp9H32oFwu3l+qi/DGSVP1B/PWcG6uEmdcp+HEp7cyclCv7obc+4f -0ew0QPEkZ24aPWeH5mI/y4IJW8wC9cK8I0MYdNWUHLNKzTGEkqHIkY0hHfB8AmT7 -MNsSUBh0ozbLAZzYOWHXsRXndJ71OAg8auoxKWWmo7gE3BO1YDM4wxyTRDsmsQuY -OPoh/8kmJpVKvOEzchxz/xHmIBXOwImAMCUTMC+P+PPtWPXbVyOv12ZrPZz7wpI9 -+Djsrk2spQ4me4x/Lri+eQ== -=MFPD +AQgAFgUCAAAAAAkQyPdlz4rR+JICGw8CGQEAACCnEABp7v2daTeTU3kZJb5M3Le7 +pQpY4VxnAQtekhm3zLoUtjYS4jJIIxCKDwKCVlQvGJG7YQtH/kr6P6AN25me/zOu +vvPPTGwnfDN2yVNjV6f1odsLcDOdNHAh+/ZRhUd+nHNSxZ0ZNttHxNotgJJOCPxV +HkJzYzHZkePvK1ICmxFyWR4XwM/yHiBnWguxJ40a/iA6RCsPt+DpWGlF/3+rX1nA +tU7P+j1ENtkbZLUdRFHmNTBBwo9XEVsZ+U3r6gezncmA/D5OTq4MRS5yHSwAX0+o +PWK5LJogTUn82fZ6+0I90bifHlUID1JVAtif76EUNwqQ9e5LcCbgzw0W34djLpKd +vKWj2kp4FeqKlKCJD7xtqieC5F01rfgEjUKRYZMif9E6RBzvz4awC7KEw4k+LON2 +ApKz0S8QGSCTqfKCSJx8sevTvJ3dlDR9qiDv89pI7QaMr2VRgDeNFkS61X9Wb9kD +AADJkXdjwYovknk2SiHyFjSjDWjRR42HhHudD3D3GtTGlbsE8AI9bpc5P6zaQRXZ +IIFOu4/EytTS4BoJGhz0IOjQbhdvlug7DlUvxxUg64GQU3NOMYsQIfGffjf2yNyt +ZUNlkTBqgdWiES1o1Z2wlAFe/X+qcZuouYRLiqjL7arSGNyahSPRPferuY8YbZqR +xdV1XP8tYVK8ecb+OM2tsw== +=ar+A -----END PGP PUBLIC KEY BLOCK----- diff --git a/machines/default.nix b/machines/default.nix index a8a11f3..da35b91 100644 --- a/machines/default.nix +++ b/machines/default.nix @@ -4,7 +4,7 @@ let in { raven = { - targetHost = "10.105.255.242"; # FIXME + targetHost = "192.168.94.1"; system = "x86_64-linux"; extraModules = [ hardware.common-cpu-intel diff --git a/machines/raven/configuration.nix b/machines/raven/configuration.nix index 49e8864..d29f3fd 100644 --- a/machines/raven/configuration.nix +++ b/machines/raven/configuration.nix @@ -13,31 +13,22 @@ networking = { useDHCP = false; vlans = { - jt = { - id = 2; - interface = "enp0s25"; - }; labprod = { id = 1; - interface = "enp0s25"; - }; - labdev = { - id = 5; - interface = "enp0s25"; + interface = "eno1"; }; }; interfaces = { - labprod.useDHCP = true; - jt.useDHCP = true; - labdev.ipv4.addresses = [{ + eno2.useDHCP = true; + labprod.ipv4.addresses = [{ address = "192.168.94.1"; prefixLength = 24; }]; }; nat = { enable = true; - externalInterface = "jt"; - internalInterfaces = lib.singleton "labdev"; + externalInterface = "eno2"; + internalInterfaces = lib.singleton "labprod"; }; }; diff --git a/machines/raven/hardware-configuration.nix b/machines/raven/hardware-configuration.nix index fab0cda..c0fdfc5 100644 --- a/machines/raven/hardware-configuration.nix +++ b/machines/raven/hardware-configuration.nix @@ -19,8 +19,14 @@ "aesni_intel" "cryptd" ]; + kernelModules = [ "dm-snapshot" ]; - luks.devices."cryptroot".device = "/dev/disk/by-uuid/ad04bc72-bc84-42e3-856f-152c162ad88c"; + luks.devices.root = { + name = "root"; + device = "/dev/disk/by-uuid/ee78659c-52a5-4e81-8028-b43de08b6a55"; + preLVM = true; + allowDiscards = true; + }; }; loader = { @@ -32,12 +38,12 @@ fileSystems = { "/" = { - device = "/dev/disk/by-uuid/1ac13504-fb49-4739-a0e3-f87a3f840fb1"; + device = "/dev/disk/by-uuid/80209d1b-27c6-423d-93e8-cd39e1893873"; fsType = "btrfs"; options = [ "discard=async" "noatime" "compress=zstd" ]; }; "/boot" = { - device = "/dev/disk/by-uuid/0FEA-FAF6"; + device = "/dev/disk/by-uuid/20A0-5FD8"; fsType = "vfat"; }; };