Mount dalinar media on lift

This commit is contained in:
Johannes Rothe 2025-03-30 19:18:56 +02:00
parent 7773a20fb4
commit 8e304f189a
4 changed files with 49 additions and 1 deletions

View File

@ -6,3 +6,7 @@ creation_rules:
- age:
- *admin
- age1y5lmqqzpapjmtxzvsmf6a9cchhhpq05uwdlqv2q6yz9kkx3s6ars6szsc7
- path_regex: hosts/lift/secrets.yaml
key_groups:
- age:
- *admin

View File

@ -40,6 +40,7 @@
lift = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
sops-nix.nixosModules.sops
./hosts/lift
];
};

View File

@ -1,4 +1,4 @@
{ pkgs, ... }:
{ config, pkgs, ... }:
{
# Bootloader.
@ -22,6 +22,25 @@
systemd.network.wait-online.enable = false;
boot.initrd.systemd.network.wait-online.enable = false;
sops.defaultSopsFile = ./secrets.yaml;
sops.age.sshKeyPaths = [];
sops.age.keyFile = "/home/rothe/.config/sops/age/keys.txt";
sops.secrets."samba/user" = { };
sops.secrets."samba/password" = { };
sops.templates.sambacreds.content = ''
username=${config.sops.placeholder."samba/user"}
password=${config.sops.placeholder."samba/password"}
'';
fileSystems."/mnt/media" = {
device = "//dalinar.home.johannes-rothe.de/media";
fsType = "cifs";
options = let
# this line prevents hanging on network split
automount_opts = "x-systemd.automount,noauto,x-systemd.idle-timeout=60,x-systemd.device-timeout=5s,x-systemd.mount-timeout=5s";
in ["${automount_opts},credentials=${config.sops.templates.sambacreds.path},uid=1000,gid=100"];
};
# bluetooth
hardware.bluetooth.enable = true;
@ -29,6 +48,7 @@
environment.systemPackages = with pkgs; [
avrdude
cryptsetup
cifs-utils
ffmpeg
fzf
gammastep

23
hosts/lift/secrets.yaml Normal file
View File

@ -0,0 +1,23 @@
samba:
user: ENC[AES256_GCM,data:gxlxZYtLyom7,iv:wCNASjPzkcf0IPV1Hy5PF5fznTbs1blG3CIRK2D30Yw=,tag:q1uaEx/raTxR5XKEhBYqHw==,type:str]
password: ENC[AES256_GCM,data:SNyQ6MFZkq7Vik2kzuJXgA==,iv:dc9HMgDd/xH6EXjM55QxKJGkT9/nOtU4a1/sCLFvstM=,tag:b5HBuhuANo63OgMkeuEMdQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1xy66lg9eh572ge0y7zzh34f78s8l9hnkxhg3r4gn98ph95mz25tszgerul
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZdnFSRUlYWDNoc2h4RGdS
TEN3TlpiWkVZaHFyWXJLSE9nRjBEd243RWh3CmtBd3dyYzlVTzJHMUdyYjNVQTk1
WVdTajg4b2JMRWlwNXhhOEtUTTRmdFkKLS0tIEJqakloNHNlQlgwRVNMT2lQWWlh
ejY4UDlFZlYvak5kZmM2Ylp3dkJHNk0KE8hC2CybCA8YJ5F4hv/szIOcn1XXp8+a
c62iDMBYWV6TjzQSqYryDoejj9eE/fnbSRoj632MUbZzu87toCj/pw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-03-30T16:45:13Z"
mac: ENC[AES256_GCM,data:O0JI59PeSgb/49EMTIcjALXBhN6sK6CTKwqvlU6PPcCz02ibiuivQD1ow8lAP67GaCzOlNOuDdtr0rTx6cuc7BuPGsfD/MGjw+Aw2OS57fPRUyGVMKLIXgpCOaakXTkfKwDSqjTgtrPdgqVyQgJB1osRR5ji2nAj1Cmk3/JEqPA=,iv:mbUrOBkyb+M7cxW971gnCLyaABYLnHMjrJlxy+lW5Jo=,tag:7asKES378gynGN4Bqjsw0A==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.4