Fachschaft/nixConfig
7
2
Fork 2
Code Issues 12 Pull requests 2 Projects Wiki Activity

Compare commits

base: Fachschaft:91763734eeb0d6b3acbee3492d7152c8a458f51e
Branches Tags
Fachschaft:main
Fachschaft:magnus-keys
...
compare: Fachschaft:41d7652cb4d5e9e54d4c72ef91b7fa004754ffff
Branches Tags
Fachschaft:main
Fachschaft:magnus-keys

3 commits
91763734ee ... 41d7652cb4

Author SHA1 Message Date
Dennis Frieberg
41d7652cb4
hardware config 2025-06-25 15:58:19 +02:00
nerf
7d88dfafa9 Merge pull request 'Enable cleartext diffs for SOPS secrets' (#90) from Gonne/nixConfig:cleartextdiff into main 
Reviewed-on: #90
Reviewed-by: nerf <nerf@noreply.localhost>
 2025-06-25 13:42:25 +00:00
Gonne
8def445ac0 Enable cleartext diffs for SOPS secrets 2025-06-24 16:14:42 +02:00
4 changed files with 67 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
.gitattributes vendored Normal file
View file

@ -0,0 +1 @@
*.secrets.yaml diff=sopsdiffer

2
README.md
View file

@ -233,6 +233,8 @@ If the accessing process is not root it must be member of the group `config.user
for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];` for systemd services this can be archived by setting `serviceConfig.SupplementaryGroups = [ config.users.groups.keys.name ];`
it the service configuration. it the service configuration.
For cleartext diffs configure your local clone with `git config diff.sopsdiffer.textconv "sops decrypt"` (see [Github](https://github.com/getsops/sops?tab=readme-ov-file#showing-diffs-in-cleartext-in-git)).
## impermanence ## impermanence
These machines are setup with `"/"` as a tmpfs. This is there to keep the machines clean. So no clutter in home These machines are setup with `"/"` as a tmpfs. This is there to keep the machines clean. So no clutter in home

25
nixos/machines/cthulhu/configuration.nix Normal file
View file

@ -0,0 +1,25 @@
{
imports = [
./hardware-configuration.nix
../../roles
../../roles/vm.nix
../../modules/vmNetwork.nix
];
# System configuration here
networking.hostName = "cthulhu";
vmNetwork.ipv4 = "192.168.0.16";
system.stateVersion = "25.05";
sops.secrets = {
backupKey = {
sopsFile = ./backupKey.secrets.yaml;
owner = "root";
group = "root";
mode = "0400";
};
};
# TODO for the network rework, make a central record of hostnames to ip adresses where every
# machine can read out their ip address and also this machine
}

39
nixos/machines/cthulhu/hardware-configuration.nix Normal file
View file

@ -0,0 +1,39 @@
{
lib,
pkgs,
...
}: {
imports = [];
fileSystems."/" = {
device = "root";
fsType = "tmpfs";
options = ["size=1G" "mode=755"];
};
fileSystems."/persist" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=persist"];
neededForBoot = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-label/boot";
fsType = "ext4";
};
fileSystems."/nix" = {
device = "/dev/disk/by-label/nixos";
fsType = "btrfs";
options = ["subvol=nix"];
};
fileSystems."/var/www" = {
device = "/dev/disk/by-label/cthulhu-website-"; # The trailing - is part of the name, i suspect it was meant to be longer
fsType = "ext4";
};
# nix puts the caching folder under /var/cache/nginx
fileSystems."/var/cache/nginx" = {
device = "/dev/disk/by-label/cthulhu";
fsType = "ext4";
};
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
}