Fix sops-nix failure after reboot
/home partition of lvm wasn't mounted and sops-nix couldn't find the key in that unmounted partition
This commit is contained in:
parent
02adc74c5a
commit
0c8b4ccfa9
GPG key ID:
2C2C1C62A5388E82
2 changed files with 26 additions and 28 deletions
|
|
@ -1,19 +1,17 @@
|
||||||
{
|
{ inputs
|
||||||
inputs,
|
, outputs
|
||||||
outputs,
|
, ...
|
||||||
lib,
|
}:
|
||||||
config,
|
let
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
vars = import ../../vars.nix;
|
vars = import ../../vars.nix;
|
||||||
in {
|
in
|
||||||
|
{
|
||||||
imports = [
|
imports = [
|
||||||
inputs.hardware.nixosModules.common-pc-ssd
|
inputs.hardware.nixosModules.common-pc-ssd
|
||||||
inputs.disko.nixosModules.default
|
inputs.disko.nixosModules.default
|
||||||
|
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
(import ../../disko/btrfs-swap.nix {device = "/dev/nvme0n1";})
|
(import ../../disko/btrfs-swap.nix { device = "/dev/nvme0n1"; })
|
||||||
./disko/zfs.nix
|
./disko/zfs.nix
|
||||||
|
|
||||||
../common/global
|
../common/global
|
||||||
|
|
@ -29,7 +27,7 @@ in {
|
||||||
];
|
];
|
||||||
|
|
||||||
# Enable ZFS
|
# Enable ZFS
|
||||||
boot.supportedFilesystems = ["zfs"];
|
boot.supportedFilesystems = [ "zfs" ];
|
||||||
networking.hostId = "f014fc43";
|
networking.hostId = "f014fc43";
|
||||||
services.zfs.autoScrub.enable = true;
|
services.zfs.autoScrub.enable = true;
|
||||||
|
|
||||||
|
|
@ -40,12 +38,14 @@ in {
|
||||||
systemd.services.NetworkManager-wait-online.enable = false;
|
systemd.services.NetworkManager-wait-online.enable = false;
|
||||||
|
|
||||||
# Prevent zfs from being automounted by fstab auto discovery & zfs
|
# Prevent zfs from being automounted by fstab auto discovery & zfs
|
||||||
fileSystems."/storage/dataset".options = ["noauto"];
|
fileSystems = {
|
||||||
fileSystems."/storage".options = ["noauto"];
|
"/storage/dataset".options = [ "noauto" ];
|
||||||
|
"/storage".options = [ "noauto" ];
|
||||||
|
|
||||||
fileSystems."/home/ghoscht/.zfs" = {
|
"/home/ghoscht/.zfs" = {
|
||||||
device = "/dev/disk/by-label/SECRET_KEYS";
|
device = "/dev/disk/by-label/SECRET_KEYS";
|
||||||
fsType = "vfat";
|
fsType = "vfat";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
|
|
||||||
users.mutableUsers = true;
|
users.mutableUsers = true;
|
||||||
|
|
|
||||||
|
|
@ -1,18 +1,16 @@
|
||||||
{
|
{ pkgs
|
||||||
pkgs,
|
, inputs
|
||||||
inputs,
|
, ...
|
||||||
config,
|
}: {
|
||||||
...
|
|
||||||
}: let
|
|
||||||
vars = import ../../vars.nix;
|
|
||||||
in {
|
|
||||||
imports = [
|
imports = [
|
||||||
inputs.sops-nix.nixosModules.sops
|
inputs.sops-nix.nixosModules.sops
|
||||||
];
|
];
|
||||||
|
|
||||||
environment.systemPackages = with pkgs; [sops];
|
environment.systemPackages = with pkgs; [ sops ];
|
||||||
|
|
||||||
sops.defaultSopsFile = ../../secrets/franz.yaml;
|
sops = {
|
||||||
sops.defaultSopsFormat = "yaml";
|
defaultSopsFile = ../../secrets/franz.yaml;
|
||||||
sops.age.keyFile = "/home/${vars.user}/.config/sops/age/keys.txt";
|
defaultSopsFormat = "yaml";
|
||||||
|
age.keyFile = "/sops-nix/sops.txt";
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue