Reinstall magnesium

hosts/default.nix

@@ -4,7 +4,7 @@ let
 in
 {
   aluminium = {
-    targetHost = "192.168.0.1";
+    targetHost = "jalr-k.duckdns.org";
     system = "x86_64-linux";
   };
   jalr-t520 = {
@@ -23,8 +23,8 @@ in
     targetHost = "jalr-bw.duckdns.org";
   };
   magnesium = {
-    system = "aarch64";
-    targetHost = "162.55.35.199";
+    system = "x86_64-linux";
+    targetHost = "magnesium.jalr.de";
   };
   tin = {
     system = "x86_64-linux";

hosts/magnesium/configuration.nix

@@ -1,58 +1,24 @@
-{ config, lib, pkgs, ... }:
+{ config, lib, ... }:
 
 {
   imports = [
-    ./hardware-configuration.nix
-    ../../users/jalr
+    ../../modules/providers/hetzner-cloud.nix
     ./services
+    ../../users/jalr
+    ./persistence.nix
   ];
 
   networking.hostName = "magnesium";
-  services.openssh.enable = true;
+
+  disko.devices.disk.virt.device = "/dev/disk/by-id/scsi-0QEMU_QEMU_HARDDISK_60640534";
+
   security.sudo.wheelNeedsPassword = false;
 
-  networking.useDHCP = false;
+  systemd.network.networks."10-wan".address = [
+    "2a01:4f8:c013:bab7::1/64"
+  ];
 
-  systemd.network = {
-    enable = true;
-    networks."10-wan" = {
-      matchConfig.Name = "enp1s0";
-      networkConfig.DHCP = "no";
-      address = [
-        "162.55.35.199/32"
-        "2a01:4f8:c012:21ba::/64"
-      ];
-      routes = [
-        {
-          Destination = "172.31.1.1";
-        }
-        {
-          Gateway = "172.31.1.1";
-          GatewayOnLink = true;
-        }
-        {
-          Gateway = "fe80::1";
-        }
-      ];
-    };
-  };
-
-  # Use the systemd-boot EFI boot loader.
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
-
-  jalr = {
-    bootloader = "systemd-boot";
-    uefi.enable = true;
-  };
-
-  # This value determines the NixOS release from which the default
-  # settings for stateful data, like file locations and database versions
-  # on your system were taken. It's perfectly fine and recommended to leave
-  # this value at the release version of the first install of this system.
-  # Before changing this value read the documentation for this option
-  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
-  system.stateVersion = "23.11"; # Did you read the comment?
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
 
+  system.stateVersion = "24.11";
 }
-

hosts/magnesium/hardware-configuration.nix

@@ -1,57 +0,0 @@
-{ config, lib, pkgs, modulesPath, ... }:
-
-{
-  imports =
-    [
-      (modulesPath + "/profiles/qemu-guest.nix")
-    ];
-
-  boot.initrd.availableKernelModules = [ "xhci_pci" "virtio_pci" "virtio_scsi" "usbhid" "sr_mod" ];
-  boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
-  boot.extraModulePackages = [ ];
-
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/45dcac99-1f65-48ab-b5bf-8a1507f0b75a";
-      fsType = "btrfs";
-      options = [
-        "subvol=root"
-        "compress=zstd"
-      ];
-    };
-    "/proc" = {
-      device = "/proc";
-      options = [ "nosuid" "noexec" "nodev" "hidepid=2" ];
-    };
-    "/home" = {
-      device = "/dev/disk/by-uuid/45dcac99-1f65-48ab-b5bf-8a1507f0b75a";
-      fsType = "btrfs";
-      options = [
-        "subvol=home"
-        "compress=zstd"
-        "nodev"
-        "nosuid"
-      ];
-    };
-    "/nix" = {
-      device = "/dev/disk/by-uuid/45dcac99-1f65-48ab-b5bf-8a1507f0b75a";
-      fsType = "btrfs";
-      options = [
-        "subvol=nix"
-        "compress=zstd"
-        "noatime"
-        "nodev"
-      ];
-    };
-    "/boot" = {
-      device = "/dev/disk/by-uuid/7836-0C48";
-      fsType = "vfat";
-      options = [ "nodev" "nosuid" "noexec" ];
-    };
-  };
-
-  swapDevices = [ ];
-
-  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
-}

hosts/magnesium/persistence.nix

@@ -0,0 +1,37 @@
+{ config, lib, ... }:
+{
+  boot.initrd.postDeviceCommands =
+    let
+      device = config.disko.devices.disk.virt.content.partitions.linux.device;
+    in
+    lib.mkAfter ''
+      mkdir /mnt
+      mount -t btrfs "${device}" /mnt
+      btrfs subvolume list -o /mnt/root | cut -f9 -d' ' |  while read subvolume; do
+        btrfs subvolume delete "/mnt/$subvolume"
+      done
+      btrfs subvolume delete /mnt/root
+      btrfs subvolume snapshot /mnt/root-blank /mnt/root
+    '';
+
+  services.openssh = {
+    hostKeys = lib.mkForce [{
+      path = "/persist/etc/ssh/ssh_host_ed25519_key";
+      type = "ed25519";
+    }];
+  };
+
+  services.forgejo.stateDir = "/persist/var/lib/forgejo";
+  services.postgresql.dataDir = "/persist/var/lib/postgresql/${config.services.postgresql.package.psqlSchema}";
+
+  fileSystems."/persist".neededForBoot = true;
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/acme"
+      "/var/lib/hedgedoc"
+      "/var/lib/nixos"
+      "/var/lib/private/ntfy-sh"
+    ];
+  };
+}

hosts/magnesium/secrets.yaml

@@ -9,27 +9,27 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1swv42gad884z2v75kateem6k2za6ltkq6wu90ewqp6dp7gxprawslwz0w0
+        - recipient: age19qkgfaq08kmyxghet48dq4gxwjuy9zpvuyxys9jkmcqa5634537qlxjcd8
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNS0svemgzNTVsOEo3cDI5
-            QVJ1dDVpK0Zyb3UwTUhWR29RalNPTENiQm1rCjdPbkZBd0hwQ3VvUmRTT2hlZEhp
-            Snk3cC9OTWZFSFhzMFBoSENMTHB4Qk0KLS0tIEltSEpUWkVmclRKdTA5b09RcGpT
-            QTBqZDZLeDFLK0k2MHF4Uk1mQTIxRHcKeLHz+lSnHLyTgw2Aq+IVGpIi9X8SQx+Q
-            bCSPPMPIZsL4VLInuZmcd2n/kEr80fQM2P3/ktW8RnViQjTU+kKbMg==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHMW5lbkRNQS9Gc0VUWndk
+            VlJiczFVM1dHUGc2QWZnMHVIVGZzdWJKUUJzCngyNGxaR2JFNG9HbG81c1ZNSlQ3
+            MlgvMlNYWVduY1diM3g2U3BiL0J3U2sKLS0tIHBscWxMTzVISkE5WW1CZTNYK1ZM
+            elNwdVlJS2NCWUlXcEZvZWsvZ29FRnMK/qa6Qj1yQc91PWk9tMKSyFkMfYcHIKpQ
+            jcPmGWbpi2NPL/F0Xz2X/zQQxWzs9uzlS1VH+y8JRe1EPMYJ78NXZw==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2025-01-11T15:28:59Z"
     mac: ENC[AES256_GCM,data:1RnyUrbEI2JKpicmA3QV+5ob+vByahMjc4+ZpLbcMyZv/KXn02VP+OQaLm9NgPfpZmSmRgbdPNQAP4f71z/EjcceyANAhnvql3zuYgSXNp5l/IYo5UFZdWgQa14XTGO518969CDLW1zJnlkBtbtLEVlMJiQ/EraV1eNtgCr5UEU=,iv:0fLjboGiejUI9LxHW80ed+/Lf+jlN5UH7tVqfBptq0w=,tag:4Tyrqy9XwQAm0etooVBNZg==,type:str]
     pgp:
-        - created_at: "2024-01-31T01:20:03Z"
+        - created_at: "2025-04-08T22:53:53Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hF4DY/xpNY5WhB0SAQdAKi5BqRHyG+CaeCKH8KuQWVWS8TbO/Kj38hTzbkBuyF8w
-            lxCni2VsyI4GDdBwy1jzJpqaqkqCwlzUXh7quHKNjZksHSsb8UTy6aZhDt+sz8Xk
-            0l4BM0Dv37SESplctQ4hj8Go48nu3KaYfiE7pyP+HfsZksGn7KTeOWoqC+ET3HX0
-            k/w1905xtcxInOalYgCpl2NzowAvKKy1mhzN8+bHW9xJq3ca5nYv0qfT0eFDJE1O
-            =pqvJ
+            hF4DY/xpNY5WhB0SAQdAbrDTh/Nvu8ky1ec34AAkKQcTH1G1nDlUCSfobMQsCmAw
+            XPI7V41rBAY2m6J1P/0oy9cHVfE/LUi4E/yCgNG7YIGdUbb9x29x7A3uoP1NAhE5
+            0l4BZQGZ+GGa69KZ2mOnWhbKfjtOVNDoaxcpgNWHxrtO35c/tNSCxJ2Uj2Q2u3Nj
+            +SRaHB3tsF8VL85Tn0FEXSWLzL7SfHj78wvaZ/3AxbqdF7WDJkl1hXEnrf2DjBCC
+            =Gi/Y
             -----END PGP MESSAGE-----
           fp: 3044E71E3DEFF49B586CF5809BF4FCCB90854DA9
     unencrypted_suffix: _unencrypted