bruh

systems/test.jwe

@@ -0,0 +1 @@
+eyJhbGciOiJkaXIiLCJjbGV2aXMiOnsicGluIjoidHBtMiIsInRwbTIiOnsiaGFzaCI6InNoYTI1NiIsImp3a19wcml2IjoiQU80QUlPQU5tZ1oxQm5FSnRnWmtGNUJHTjRyYVhhYjhycjMtZ0JCWlBpT2ctRVVNQUJBMUQxUDJJYXBrWmQ0b3ZHeTdlbW9TVEQ5MGxzd2lOWDZTWnlRdk5lSTQ1OHhCaGF1S1JETUpDRXlYWVdHeGhBa0R2M3B2bVBsN2VpRl8xTTROODRPN2J4VVpzLUpxbUR1ajFkSXBMamVJQ0QwOTl4TF9wY1hHN1lCamFTSnh5dnU3Yk5vR3NqNk5rSGc0ZjF6bm80SUpKZ3hvSUw0bVlXY1ZGdENDbmVzMlpCS2haUnMtMHc1RHRfU0p0cWNPYVFMRzhNZmV2UFlVbWhJU1JKc0I2eFowcUw4Szllb2Q2a1lJMFRLT3BzS0M4UlcydFZjeldnZzlER0U5LUQyY3doV1RkUWxvUUhTOU5BTUgiLCJqd2tfcHViIjoiQUM0QUNBQUxBQUFFMGdBQUFCQUFJQnE0bHVYVDZRbENEOGVmbDBSc1hBUldES3dyRkRsRG4wSHoxSnJobjFLbiIsImtleSI6ImVjYyJ9fSwiZW5jIjoiQTI1NkdDTSJ9..0I9lRNcfUtySIzvm.nNi1-YX-l0FR6U2W.iqCTuceLKdVjRd5pe3L8_Q

systems/x86_64-linux/jallen-nas/boot.nix

@@ -17,17 +17,17 @@ in
 
     initrd = {
       supportedFilesystems = [ "bcachefs" ];
-      clevis = {
-        enable = false;
-        devices = {
-          "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
-        };
-      };
+      # clevis = {
+      #   enable = false;
+      #   devices = {
+      #     "/dev/disk/by-label/nas_pool".secretFile = "/etc/clevis/nas_pool.jwe";
+      #   };
+      # };
     };
 
     # Enable binfmt emulation for ARM
     binfmt.emulatedSystems = [ "aarch64-linux" ]; # --argstr system aarch64-linux
   };
 
-  environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
+  # environment.etc."clevis/nas_pool.jwe".source = config.sops.secrets."jallen-nas/nas_pool".path;
 }

systems/x86_64-linux/jallen-nas/default.nix

@@ -12,6 +12,7 @@ in
   imports = [
     ./boot.nix
     ./apps.nix
+    ./disabled.nix
     # ./nas-pool.nix
     ./users.nix
     ./services.nix
@@ -285,7 +286,12 @@ in
       device = "UUID=adf7b4e1-dfed-4c10-a9ab-2741c1055552";
       fsType = "bcachefs";
     };
+    # "/media/nas/test" = {
+    #   device = "UUID=621706d6-e3a8-48d6-9560-58b01129a846";
+    #   fsType = "bcachefs";
+    # };
   };
+  fileSystems."/etc".neededForBoot = true;
 
   environment.etc = {
     "crypttab".text = ''
@@ -300,43 +306,55 @@ in
     '';
   };
 
-  boot.initrd.luks.devices = {
-    hdd1-cryptroot = {
-      device = "/dev/disk/by-uuid/295d4c78-41f0-4792-bd97-ac88b2455cdc";
-    };
-    hdd2-cryptroot = {
-      device = "/dev/disk/by-uuid/7c9c2179-351c-40a5-9257-e9ee2a1e794a";
-    };
-    ssd1-cryptroot = {
-      device = "/dev/disk/by-uuid/d78fa862-212c-4d4f-ad86-bfeead5cc054";
-      allowDiscards = true;
-      bypassWorkqueues = true;
-    };
-    ssd2-cryptroot = {
-      device = "/dev/disk/by-uuid/1661c173-3809-4517-9ab8-ad94c229048d";
-      allowDiscards = true;
-      bypassWorkqueues = true;
-    };
-    ssd3-cryptroot = {
-      device = "/dev/disk/by-uuid/cfea125e-90b1-4248-834d-16dcaf310783";
-      allowDiscards = true;
-      bypassWorkqueues = true;
-    };
-    ssd4-cryptroot = {
-      device = "/dev/disk/by-uuid/96055401-6d1a-4308-9e4e-2211e1e23635";
-      allowDiscards = true;
-      bypassWorkqueues = true;
-    };
-    ssd5-cryptroot = {
-      device = "/dev/disk/by-uuid/055e27e0-c96a-4899-8ee7-cb1cd5f21476";
-      allowDiscards = true;
-      bypassWorkqueues = true;
-    };
-    ssd6-cryptroot = {
-      device = "/dev/disk/by-uuid/6e830abd-2555-4558-81a3-4a990507b5a7";
-      allowDiscards = true;
-      bypassWorkqueues = true;
+  boot.initrd = {
+    luks.devices = {
+      # "621706d6-e3a8-48d6-9560-58b01129a846" = {
+      #   device = "/dev/disk/by-uuid/621706d6-e3a8-48d6-9560-58b01129a846";
+      # };
+      hdd1-cryptroot = {
+        device = "/dev/disk/by-uuid/295d4c78-41f0-4792-bd97-ac88b2455cdc";
+      };
+      hdd2-cryptroot = {
+        device = "/dev/disk/by-uuid/7c9c2179-351c-40a5-9257-e9ee2a1e794a";
+      };
+      ssd1-cryptroot = {
+        device = "/dev/disk/by-uuid/d78fa862-212c-4d4f-ad86-bfeead5cc054";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+      ssd2-cryptroot = {
+        device = "/dev/disk/by-uuid/1661c173-3809-4517-9ab8-ad94c229048d";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+      ssd3-cryptroot = {
+        device = "/dev/disk/by-uuid/cfea125e-90b1-4248-834d-16dcaf310783";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+      ssd4-cryptroot = {
+        device = "/dev/disk/by-uuid/96055401-6d1a-4308-9e4e-2211e1e23635";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+      ssd5-cryptroot = {
+        device = "/dev/disk/by-uuid/055e27e0-c96a-4899-8ee7-cb1cd5f21476";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
+      ssd6-cryptroot = {
+        device = "/dev/disk/by-uuid/6e830abd-2555-4558-81a3-4a990507b5a7";
+        allowDiscards = true;
+        bypassWorkqueues = true;
+      };
     };
+
+    # clevis = {
+    #   enable = true;
+    #   devices = {
+    #     "621706d6-e3a8-48d6-9560-58b01129a846".secretFile = ../../../test.jwe;
+    #   };
+    # };
   };
 
   # boot.initrd.luks.devices.cryptroot.device = "/dev/disk/by-partlabel/disk-main-jallen-nas-cryptroot";
@@ -360,7 +378,6 @@ in
       protonmail-bridge
       protonvpn-gui
       qrencode
-      rcon
       sbctl
       tigervnc
       tpm2-tools

systems/x86_64-linux/jallen-nas/disabled.nix

@@ -0,0 +1,69 @@
+{
+  config,
+  lib,
+  namespace,
+  ...
+}:
+with lib; 
+let
+  inherit (lib.${namespace}) enabled disabled;
+in
+{
+  specialisation = {
+    safe-mode = {
+      configuration = {
+        ${namespace} = {
+          services = {
+            actual = mkForce disabled;
+            ai = mkForce disabled;
+            arrs = mkForce disabled;
+            attic = mkForce disabled;
+            authentik = mkForce disabled;
+            authentikRac = mkForce disabled;
+            calibre = mkForce disabled;
+            calibre-web = mkForce disabled;
+            code-server = mkForce disabled;
+            collabora = mkForce disabled;
+            crowdsec = mkForce disabled;
+            dispatcharr = mkForce disabled;
+            ersatztv = mkForce disabled;
+            free-games-claimer = mkForce disabled;
+            gitea = mkForce disabled;
+            glance = mkForce disabled;
+            glances = mkForce disabled;
+            headscale = mkForce disabled;
+            immich = mkForce disabled;
+            jellyfin = mkForce disabled;
+            jellyseerr = mkForce disabled;
+            lubelogger = mkForce disabled;
+            manyfold = mkForce disabled;
+            matrix = mkForce disabled;
+            minecraft = mkForce disabled;
+            mongodb = mkForce disabled;
+            netbootxyz = mkForce disabled;
+            nextcloud = mkForce disabled;
+            ntfy = mkForce disabled;
+            ocis = mkForce disabled;
+            onlyoffice = mkForce disabled;
+            opencloud = mkForce disabled;
+            orca-slicer = mkForce disabled;
+            paperless = mkForce disabled;
+            paperless-ai = mkForce disabled;
+            protonmail-bridge = mkForce disabled;
+            restic = mkForce disabled;
+            sunshine = mkForce disabled;
+            tdarr = mkForce disabled;
+            traefik = mkForce disabled;
+            unmanic = mkForce disabled;
+            uptime-kuma = mkForce disabled;
+            wyoming = mkForce disabled;
+          };
+        };
+
+        services = {
+          postgresql = mkForce disabled;
+        };
+      };
+    };
+  };
+}