mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix nas encryption stuffs

Browse Source
This commit is contained in:
mjallen18
2024-07-01 10:44:46 -05:00
parent e74020a8ce
commit cb26d2646d
2 changed files with 47 additions and 72 deletions
Download Patch File Download Diff File Expand all files Collapse all files

60
flake.lock generated
View File

@@ -11,11 +11,11 @@
"yafas": "yafas"
},
"locked": {
"lastModified": 1719337945,
"narHash": "sha256-huUuEiHzpqex8wiREzXpi8nose3zSFQebOH+eFCIvRQ=",
"lastModified": 1719839252,
"narHash": "sha256-3kMhPtLsg+wi4A0Of0uWzqnI1n1FzNbrDUp1q/UlUc8=",
"owner": "chaotic-cx",
"repo": "nyx",
"rev": "ea7cff23f3f25e1c6958f29f9aa623234a55d52c",
"rev": "0e99464b8956307678b60ec7540e6cad730ee825",
"type": "github"
},
"original": {
@@ -227,11 +227,11 @@
]
},
"locked": {
"lastModified": 1719180626,
"narHash": "sha256-vZAzm5KQpR6RGple1dzmSJw5kPivES2heCFM+ZWkt0I=",
"lastModified": 1719677234,
"narHash": "sha256-qO9WZsj/0E6zcK4Ht1y/iJ8XfwbBzq7xdqhBh44OP/M=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "6b1f90a8ff92e81638ae6eb48cd62349c3e387bb",
"rev": "36317d4d38887f7629876b0e43c8d9593c5cc48d",
"type": "github"
},
"original": {
@@ -247,11 +247,11 @@
]
},
"locked": {
"lastModified": 1718530513,
"narHash": "sha256-BmO8d0r+BVlwWtMLQEYnwmngqdXIuyFzMwvmTcLMee8=",
"lastModified": 1719827385,
"narHash": "sha256-qs+nU20Sm8czHg3bhGCqiH+8e13BJyRrKONW34g3i50=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "a1fddf0967c33754271761d91a3d921772b30d0e",
"rev": "391ca6e950c2525b4f853cbe29922452c14eda82",
"type": "github"
},
"original": {
@@ -268,11 +268,11 @@
]
},
"locked": {
"lastModified": 1719438532,
"narHash": "sha256-/Vmso2ZMoFE3M7d1MRsQ2K5sR8CVKnrM6t1ys9Xjpz4=",
"lastModified": 1719827439,
"narHash": "sha256-tneHOIv1lEavZ0vQ+rgz67LPNCgOZVByYki3OkSshFU=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "1a4f12ae0bda877ec4099b429cf439aad897d7e9",
"rev": "59ce796b2563e19821361abbe2067c3bb4143a7d",
"type": "github"
},
"original": {
@@ -305,11 +305,11 @@
]
},
"locked": {
"lastModified": 1719292813,
"narHash": "sha256-6w/buoRKo4ijH9O4D/0KjNtiWjtrJebuV7djTEEa0+k=",
"lastModified": 1719631702,
"narHash": "sha256-HMWxIehVO8pHp7OlqBYliiLOds34UJHSRn5FPdEb1j8=",
"owner": "Jovian-Experiments",
"repo": "Jovian-NixOS",
"rev": "d6222e7818aa5528f8369afe84bc53556a57c329",
"rev": "2f9668e19aff06550cd154c87c0af120735a56a4",
"type": "github"
},
"original": {
@@ -393,11 +393,11 @@
"nixpkgs": "nixpkgs_2"
},
"locked": {
"lastModified": 1719128254,
"narHash": "sha256-I7jMpq0CAOZA/i70+HDQO/ulLttyQu/K70cSESiMX7A=",
"lastModified": 1719845423,
"narHash": "sha256-ZLHDmWAsHQQKnmfyhYSHJDlt8Wfjv6SQhl2qek42O7A=",
"owner": "LnL7",
"repo": "nix-darwin",
"rev": "50581970f37f06a4719001735828519925ef8310",
"rev": "ec12b88104d6c117871fad55e931addac4626756",
"type": "github"
},
"original": {
@@ -486,11 +486,11 @@
},
"nixos-hardware": {
"locked": {
"lastModified": 1719487696,
"narHash": "sha256-pCsl9qFCuIuhIfGH03CiBOsy1LNwITC6VMb6/5tz+Qc=",
"lastModified": 1719681865,
"narHash": "sha256-Lp+l1IsREVbz8WM35OJYZz8sAH0XOjrZWUXVB5bJ2qg=",
"owner": "NixOS",
"repo": "nixos-hardware",
"rev": "14aadcba1a26c8c142453839f888afd0db8b2041",
"rev": "a59f00f5ac65b19382617ba00f360f8bc07ed3ac",
"type": "github"
},
"original": {
@@ -502,11 +502,11 @@
},
"nixpkgs": {
"locked": {
"lastModified": 1719075281,
"narHash": "sha256-CyyxvOwFf12I91PBWz43iGT1kjsf5oi6ax7CrvaMyAo=",
"lastModified": 1719690277,
"narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "a71e967ef3694799d0c418c98332f7ff4cc5f6af",
"rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"type": "github"
},
"original": {
@@ -534,11 +534,11 @@
},
"nixpkgs-stable_2": {
"locked": {
"lastModified": 1719426051,
"narHash": "sha256-yJL9VYQhaRM7xs0M867ZFxwaONB9T2Q4LnGo1WovuR4=",
"lastModified": 1719707984,
"narHash": "sha256-RoxIr/fbndtuKqulGvNCcuzC6KdAib85Q8gXnjzA1dw=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "89c49874fb15f4124bf71ca5f42a04f2ee5825fd",
"rev": "7dca15289a1c2990efbe4680f0923ce14139b042",
"type": "github"
},
"original": {
@@ -550,11 +550,11 @@
},
"nixpkgs-unstable": {
"locked": {
"lastModified": 1719254875,
"narHash": "sha256-ECni+IkwXjusHsm9Sexdtq8weAq/yUyt1TWIemXt3Ko=",
"lastModified": 1719690277,
"narHash": "sha256-0xSej1g7eP2kaUF+JQp8jdyNmpmCJKRpO12mKl/36Kc=",
"owner": "NixOS",
"repo": "nixpkgs",
"rev": "2893f56de08021cffd9b6b6dfc70fd9ccd51eb60",
"rev": "2741b4b489b55df32afac57bc4bfd220e8bf617e",
"type": "github"
},
"original": {

59
hosts/nas/configuration.nix
View File

@@ -159,10 +159,13 @@ in
consoleLogLevel = 3;
bootspec.enable = true;
supportedFilesystems = [ "zfs" ];
# zfs.extraPools = [ "junk" ];
# zfs.requestEncryptionCredentials = false;
initrd = {
kernelModules = [ "tpm" "tpm_tis" "tpm_crb" "tpm_infineon" ];
systemd = {
enable = true;
enableTpm2 = true;
};
};
};
security.tpm2 = {
@@ -286,33 +289,6 @@ in
};
systemd.services = {
# nas-mounts = {
# path = [
# pkgs.zfs
# pkgs.bash
# pkgs.tpm2-tools
# ];
# wantedBy = [ "multi-user.target" ];
# script = ''
# tpm2_nvread 0x1500016 -C o -s 65 > /tmp/mainpool
# tpm2_nvread 0x1600016 -C o -s 65 > /tmp/ssd
# zfs load-key -L file:///tmp/mainpool "MainPool"
# zfs load-key -L file:///tmp/ssd "SSD"
# rm /tmp/mainpool
# rm /tmp/ssd
# '';
# description = "Unlock ZFS pool using fTPM";
# requires = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ];
# after = [ "zfs-import-MainPool.service" "zfs-import-SSD.service" ];
# before = [ "zfs-mount.service" ];
# serviceConfig.Type = "oneshot";
# serviceConfig.RemainAfterExit = true;
# };
glances-server = {
path = [
@@ -376,7 +352,7 @@ in
hdd2 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
hdd3 UUID=4463ea6f-3fcf-4e49-80c8-ba7f424471f0 none tpm2-device=auto
hdd4 UUID=13fe7737-b72b-4d5f-a79d-1ca0d438f8f0 none tpm2-device=auto
hdd5 UUID=11ee92b0-6334-4be7-bb2d-d85f5a3f51a6 none tpm2-device=auto
hdd5 UUID=2b4be219-613d-4512-8277-0260989d5377 none tpm2-device=auto
'';
# List packages installed in system profile. To search, run:
@@ -502,7 +478,7 @@ in
"docker"
"podman"
"libvirtd"
"nas-apps"
"nix-apps"
"jallen-nas"
]; # Enable sudo for the user.
initialHashedPassword = password;
@@ -599,7 +575,6 @@ in
];
};
fileSystems."/media/nas/main/3d_printer" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
@@ -708,14 +683,14 @@ in
];
};
fileSystems."/media/nas/main/vms" = {
device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
fsType = "btrfs";
options = [
"subvol=vms"
"compress=zstd"
];
};
# fileSystems."/media/nas/main/vms" = {
# device = "/dev/disk/by-uuid/76e7cd98-3145-4cff-b78d-bab0206aae28";
# fsType = "btrfs";
# options = [
# "subvol=vms"
# "compress=zstd"
# ];
# };
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.