Move server!

2022-12-01 19:14:40 +01:00 · 2022-12-01 19:14:40 +01:00 · 6eb7b95b12
commit 6eb7b95b12
parent 9f8e9ddccc
7 changed files with 48 additions and 20 deletions
--- a/nki-personal-do/configuration.nix
+++ b/nki-personal-do/configuration.nix
@ -41,7 +41,7 @@

  # Secret management
  sops.defaultSopsFile = ./secrets/secrets.yaml;
-  sops.age.sshKeyPaths = [ "/root/.ssh/id_ed25519" ];
+  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

  # tinc
  services.my-tinc.enable = true;
@ -75,7 +75,7 @@
  cloud.mail = {
    enable = true;
    debug = true;
-    local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
+    # local_ip = (builtins.elemAt config.networking.interfaces.eth0.ipv4.addresses 0).address;
    tls.certFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/certificate.crt";
    tls.keyFile = "${config.cloud.traefik.certsDumper.destination}/${config.cloud.mail.hostname}/privatekey.key";
    usersFile = config.sops.secrets.mail-users.path;
--- a/nki-personal-do/hardware-configuration.nix
+++ b/nki-personal-do/hardware-configuration.nix
@ -1,10 +1,10 @@
 { modulesPath, ... }:
 {
  imports = [ (modulesPath + "/profiles/qemu-guest.nix") ];
-  boot.loader.grub.device = "/dev/vda";
+  boot.loader.grub.device = "/dev/sda";
+  boot.initrd.availableKernelModules = [ "ata_piix" "uhci_hcd" "xen_blkfront" "vmw_pvscsi" ];
  boot.initrd.kernelModules = [ "nvme" ];
-  fileSystems."/" = { device = "/dev/vda1"; fsType = "ext4"; };
-
+  fileSystems."/" = { device = "/dev/sda1"; fsType = "ext4"; };
  # swap
-  swapDevices = [{ device = "/var/swapfile"; }];
+  swapDevices = [{ device = "/var/swapfile"; size = 2 * 1024; }];
 }
--- a/nki-personal-do/secrets/recipient.txt
+++ b/nki-personal-do/secrets/recipient.txt
@ -1 +1,2 @@
 age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
+age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
--- a/nki-personal-do/secrets/secrets.yaml
+++ b/nki-personal-do/secrets/secrets.yaml
@ -12,14 +12,32 @@ sops:
    azure_kv: []
    hc_vault: []
    age:
+        - recipient: age1hw22lrsskyvsrwgq9kl48eekwyzgnwt57pe9d9zx3q9xrwyrte4qgvft78
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHY2Y0lsVFViMHBTUHRp
+            L2RROGV3OGhSZGVmRnJTZWlZNVJVMFJ4N2hzCllXRXg3bTBjZFBvM3FPRlhBbkRu
+            VWR1UkFKUmJhT25OUWQ1aXJiRkhkV2sKLS0tIEF1Zkp0bUFsTGFaMjFYTUNNYmFx
+            N2RGSHpTajRuV3JEcElkN0VZdCtrczgKbpjSE6pSDD/bIa6he0sfH9dE74Z5ZpTG
+            DmPwclKkBarbCY50w1U4crHkhwICkHKNX0K1YwAdwuXBsgGEEJsPug==
+            -----END AGE ENCRYPTED FILE-----
+        - recipient: age1n8tnmmgredzltzwkspag7aufhrn6034ny8ysjeulhkwdnf7vqqaqec4mg5
+          enc: |
+            -----BEGIN AGE ENCRYPTED FILE-----
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPVWVZMm53L3ViaWhwZVFD
+            bWhwUDFaVmp4VE1IanFkeUIrYmxnS3IrZ0VNCnFicjJVamxDTmJ4VWVFRmYyUmRV
+            OW50RlRlN3pzK3VZbko4dkN1QklnMncKLS0tIG55Zi95dTl1akFQczNlbFY2Nmt1
+            VUJWS09UMU9PS3pnL01zR05Id01wVXcK15My8g1eqxq89XxrBs5uCIxX6qTq/HEK
+            pJRrUlz9VEsbvi2Lr2SfQT84ouNc0nk6/8qlzmJUNAktydw5VCyDug==
+            -----END AGE ENCRYPTED FILE-----
        - recipient: age1z2h24mjt80fryqupajkh3kg5r4sjgw65uqy489xeqxhqj8u2a9fsm3ff36
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB2eUo1WjJtdDhzWjFrM3Rm
-            QkovcmoxdjNsMXdyaVZiNFhZZGlqOUMvcEJ3Ckk3TnJzNDVBWVFTNUd5RXhlcDU5
-            Y2xmdmVjYUZRMXF1Y1RZZDZGMXM3NDgKLS0tIGdreURjTFVxSWQ5ODJPQlpySWxY
-            NUovcTZlOVpyTm5WWGkyUmdLRUVpcmMK1YIwNE/5avvplxqtUFs1JZn7f2AuTzyR
-            lRtXUm8InT5GwV50Ot6FLdai5aVxpicafduH/J5RSAXqL8LssQi7HA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBob0N3bk91S3JSOGxqQm5J
+            YnJlMjZEL2ppamdkM2lyZXNvOEozWGJXSUVzCmxnbldrNVZLSWt4TnJveEg4ZGpO
+            bENvWG5VV1FRTUtLaDV5Y3FsQmVFOGcKLS0tIFd3WTZ6bTF1WW5TRFJwckN3dERQ
+            U1V2ZGozMWc3NzJMamgwbXB6dE4vME0Kxw2aeENkO0hg0bvpshoI1rMbw8T6LpXf
+            n1bnkmfCSE2V5JlI7z6jvuW/6C7bo6RDbbmLOA8dbF4sVTbnymsqsw==
            -----END AGE ENCRYPTED FILE-----
    lastmodified: "2022-10-17T11:49:07Z"
    mac: ENC[AES256_GCM,data:T2fDMcgfP+CVO3UyPhE2LnwZrCjnQfyxIAYE/L3kANAf6+dW7p3NsWvV6N9K39sdDKJ1ZWa239efCcFIRwiE91vbuTZQAudfP9pDvRAo2TfWis0PhB32S3Vs2e1MGQiYyEtPzLuLOGzDldUEexQfiUCpWd1NGGvpE3Fo378QCig=,iv:fSwa5xmasrNlQkaBL0kcJK3NjhLnRH6txlzhPW8LlMc=,tag:xWuajzQ1F3HWXXRJfFS8fg==,type:str]