Mount dalinar media on lift
This commit is contained in:
parent
7773a20fb4
commit
8e304f189a
@ -6,3 +6,7 @@ creation_rules:
|
||||
- age:
|
||||
- *admin
|
||||
- age1y5lmqqzpapjmtxzvsmf6a9cchhhpq05uwdlqv2q6yz9kkx3s6ars6szsc7
|
||||
- path_regex: hosts/lift/secrets.yaml
|
||||
key_groups:
|
||||
- age:
|
||||
- *admin
|
||||
|
@ -40,6 +40,7 @@
|
||||
lift = nixpkgs.lib.nixosSystem {
|
||||
inherit system;
|
||||
modules = [
|
||||
sops-nix.nixosModules.sops
|
||||
./hosts/lift
|
||||
];
|
||||
};
|
||||
|
@ -1,4 +1,4 @@
|
||||
{ pkgs, ... }:
|
||||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
# Bootloader.
|
||||
@ -22,6 +22,25 @@
|
||||
systemd.network.wait-online.enable = false;
|
||||
boot.initrd.systemd.network.wait-online.enable = false;
|
||||
|
||||
sops.defaultSopsFile = ./secrets.yaml;
|
||||
sops.age.sshKeyPaths = [];
|
||||
sops.age.keyFile = "/home/rothe/.config/sops/age/keys.txt";
|
||||
sops.secrets."samba/user" = { };
|
||||
sops.secrets."samba/password" = { };
|
||||
sops.templates.sambacreds.content = ''
|
||||
username=${config.sops.placeholder."samba/user"}
|
||||
password=${config.sops.placeholder."samba/password"}
|
||||
'';
|
||||
|
||||
fileSystems."/mnt/media" = {
|
||||
device = "//dalinar.home.johannes-rothe.de/media";
|
||||
fsType = "cifs";
|
||||
options = let
|
||||
# this line prevents hanging on network split
|
||||
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
|
||||
|
||||
in ["${automount_opts},credentials=${config.sops.templates.sambacreds.path},uid=1000,gid=100"];
|
||||
};
|
||||
|
||||
# bluetooth
|
||||
hardware.bluetooth.enable = true;
|
||||
@ -29,6 +48,7 @@
|
||||
environment.systemPackages = with pkgs; [
|
||||
avrdude
|
||||
cryptsetup
|
||||
cifs-utils
|
||||
ffmpeg
|
||||
fzf
|
||||
gammastep
|
||||
|
23
hosts/lift/secrets.yaml
Normal file
23
hosts/lift/secrets.yaml
Normal file
@ -0,0 +1,23 @@
|
||||
samba:
|
||||
user: ENC[AES256_GCM,data:gxlxZYtLyom7,iv:wCNASjPzkcf0IPV1Hy5PF5fznTbs1blG3CIRK2D30Yw=,tag:q1uaEx/raTxR5XKEhBYqHw==,type:str]
|
||||
password: ENC[AES256_GCM,data:SNyQ6MFZkq7Vik2kzuJXgA==,iv:dc9HMgDd/xH6EXjM55QxKJGkT9/nOtU4a1/sCLFvstM=,tag:b5HBuhuANo63OgMkeuEMdQ==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1xy66lg9eh572ge0y7zzh34f78s8l9hnkxhg3r4gn98ph95mz25tszgerul
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdnFSRUlYWDNoc2h4RGdS
|
||||
TEN3TlpiWkVZaHFyWXJLSE9nRjBEd243RWh3CmtBd3dyYzlVTzJHMUdyYjNVQTk1
|
||||
WVdTajg4b2JMRWlwNXhhOEtUTTRmdFkKLS0tIEJqakloNHNlQlgwRVNMT2lQWWlh
|
||||
ejY4UDlFZlYvak5kZmM2Ylp3dkJHNk0KE8hC2CybCA8YJ5F4hv/szIOcn1XXp8+a
|
||||
c62iDMBYWV6TjzQSqYryDoejj9eE/fnbSRoj632MUbZzu87toCj/pw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2025-03-30T16:45:13Z"
|
||||
mac: ENC[AES256_GCM,data:O0JI59PeSgb/49EMTIcjALXBhN6sK6CTKwqvlU6PPcCz02ibiuivQD1ow8lAP67GaCzOlNOuDdtr0rTx6cuc7BuPGsfD/MGjw+Aw2OS57fPRUyGVMKLIXgpCOaakXTkfKwDSqjTgtrPdgqVyQgJB1osRR5ji2nAj1Cmk3/JEqPA=,iv:mbUrOBkyb+M7cxW971gnCLyaABYLnHMjrJlxy+lW5Jo=,tag:7asKES378gynGN4Bqjsw0A==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.9.4
|
Loading…
x
Reference in New Issue
Block a user