numbus/numbus-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed secrets. Try to fix disks mount

Browse Source
This commit is contained in:
Raphaël Numbus
2026-01-04 10:28:03 +01:00
parent 234130fe02
commit 81ec01b571
3 changed files with 18 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy.sh
+14 -14
View File
@@ -301,20 +301,6 @@ files_generation() {
cp -avu templates/nix-config/flake.nix final-nix-config/etc/nixos/ cp -avu templates/nix-config/flake.nix final-nix-config/etc/nixos/
cp -avu templates/nix-config/misc/* final-nix-config/etc/nixos/misc/ cp -avu templates/nix-config/misc/* final-nix-config/etc/nixos/misc/
echo -e "\n✅ Generating sops-nix keys..."
ssh-to-age -private-key -i final-nix-config/home/numbus-admin/.ssh/id_ed25519 > final-nix-config/var/lib/sops-nix/key.txt
export SOPS_PUBLIC_KEY=$(age-keygen -y final-nix-config/var/lib/sops-nix/key.txt)
echo -e "\n✅ Generating sops-nix configuration files..."
envsubst < templates/nix-config/sops-nix/.sops.yaml > final-nix-config/etc/nixos/.sops.yaml
echo -e "\n✅ Encrypting secrets in the correct file..."
envsubst < "templates/nix-config/sops-nix/secrets.yaml" \
| sops encrypt --filename-override secrets.yaml \
--input-type yaml --output-type yaml \
--age $SOPS_PUBLIC_KEY \
--output final-nix-config/etc/nixos/secrets/secrets.yaml
echo -e "\n✅ Writing correct ips to configuration.nix..." echo -e "\n✅ Writing correct ips to configuration.nix..."
sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix sed -i "s|HOME_SERVER_IP|${HOME_SERVER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix sed -i "s|HOME_ROUTER_IP|${HOME_ROUTER_IP}|g" final-nix-config/etc/nixos/misc/networking.nix
@@ -392,6 +378,20 @@ files_generation() {
;; ;;
esac esac
done done
echo -e "\n✅ Generating sops-nix keys..."
ssh-to-age -private-key -i final-nix-config/home/numbus-admin/.ssh/id_ed25519 > final-nix-config/var/lib/sops-nix/key.txt
export SOPS_PUBLIC_KEY=$(age-keygen -y final-nix-config/var/lib/sops-nix/key.txt)
echo -e "\n✅ Generating sops-nix configuration files..."
envsubst < templates/nix-config/sops-nix/.sops.yaml > final-nix-config/etc/nixos/.sops.yaml
echo -e "\n✅ Encrypting secrets in the correct file..."
envsubst < "templates/nix-config/sops-nix/secrets.yaml" \
| sops encrypt --filename-override secrets.yaml \
--input-type yaml --output-type yaml \
--age $SOPS_PUBLIC_KEY \
--output final-nix-config/etc/nixos/secrets/secrets.yaml
} }
disk_config_generation() { disk_config_generation() {
templates/nix-config/disks/content.nix
+2 -2
View File
@@ -13,13 +13,13 @@
settings = { settings = {
keyFile = "/etc/secrets/disks/content-${j}"; keyFile = "/etc/secrets/disks/content-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
options = [ "noauto" ]; crypttabExtraOpts = "nofail";
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
format = "xfs"; format = "xfs";
mountpoint = "/mnt/content-${j}"; mountpoint = "/mnt/content-${j}";
mountOptions = [ "noauto" "nofail" ]; mountOptions = [ "nofail" "defaults" ];
}; };
}; };
}; };
templates/nix-config/disks/parity.nix
+2 -2
View File
@@ -13,13 +13,13 @@
settings = { settings = {
keyFile = "/etc/secrets/disks/parity-${j}"; keyFile = "/etc/secrets/disks/parity-${j}";
allowDiscards = ${ALLOW_DISCARDS:-false}; allowDiscards = ${ALLOW_DISCARDS:-false};
options = [ "noauto" ]; crypttabExtraOpts = "nofail";
}; };
content = { content = {
type = "filesystem"; type = "filesystem";
format = "xfs"; format = "xfs";
mountpoint = "/mnt/parity-${j}"; mountpoint = "/mnt/parity-${j}";
mountOptions = [ "noauto" "nofail" ]; mountOptions = [ "nofail" "defaults" ];
}; };
}; };
}; };