Fix sops-nix failure after reboot

/home partition of lvm wasn't mounted and sops-nix couldn't find the key
in that unmounted partition
This commit is contained in:
GHOSCHT 2024-12-25 22:37:51 +01:00
parent 02adc74c5a
commit 0c8b4ccfa9
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
2 changed files with 26 additions and 28 deletions

View file

@ -1,19 +1,17 @@
{ { inputs
inputs, , outputs
outputs, , ...
lib, }:
config, let
pkgs,
...
}: let
vars = import ../../vars.nix; vars = import ../../vars.nix;
in { in
{
imports = [ imports = [
inputs.hardware.nixosModules.common-pc-ssd inputs.hardware.nixosModules.common-pc-ssd
inputs.disko.nixosModules.default inputs.disko.nixosModules.default
./hardware-configuration.nix ./hardware-configuration.nix
(import ../../disko/btrfs-swap.nix {device = "/dev/nvme0n1";}) (import ../../disko/btrfs-swap.nix { device = "/dev/nvme0n1"; })
./disko/zfs.nix ./disko/zfs.nix
../common/global ../common/global
@ -29,7 +27,7 @@ in {
]; ];
# Enable ZFS # Enable ZFS
boot.supportedFilesystems = ["zfs"]; boot.supportedFilesystems = [ "zfs" ];
networking.hostId = "f014fc43"; networking.hostId = "f014fc43";
services.zfs.autoScrub.enable = true; services.zfs.autoScrub.enable = true;
@ -40,13 +38,15 @@ in {
systemd.services.NetworkManager-wait-online.enable = false; systemd.services.NetworkManager-wait-online.enable = false;
# Prevent zfs from being automounted by fstab auto discovery & zfs # Prevent zfs from being automounted by fstab auto discovery & zfs
fileSystems."/storage/dataset".options = ["noauto"]; fileSystems = {
fileSystems."/storage".options = ["noauto"]; "/storage/dataset".options = [ "noauto" ];
"/storage".options = [ "noauto" ];
fileSystems."/home/ghoscht/.zfs" = { "/home/ghoscht/.zfs" = {
device = "/dev/disk/by-label/SECRET_KEYS"; device = "/dev/disk/by-label/SECRET_KEYS";
fsType = "vfat"; fsType = "vfat";
}; };
};
users.mutableUsers = true; users.mutableUsers = true;
users.users.${vars.user} = { users.users.${vars.user} = {

View file

@ -1,18 +1,16 @@
{ { pkgs
pkgs, , inputs
inputs, , ...
config, }: {
...
}: let
vars = import ../../vars.nix;
in {
imports = [ imports = [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
]; ];
environment.systemPackages = with pkgs; [sops]; environment.systemPackages = with pkgs; [ sops ];
sops.defaultSopsFile = ../../secrets/franz.yaml; sops = {
sops.defaultSopsFormat = "yaml"; defaultSopsFile = ../../secrets/franz.yaml;
sops.age.keyFile = "/home/${vars.user}/.config/sops/age/keys.txt"; defaultSopsFormat = "yaml";
age.keyFile = "/sops-nix/sops.txt";
};
} }