From f836aa06b45171b51a6a824f76b249f37be11b1e Mon Sep 17 00:00:00 2001 From: Simon Gardling Date: Wed, 29 Jan 2025 23:47:35 -0500 Subject: [PATCH] zfs full pool encryption --- configuration.nix | 13 ++++++------- flake.lock | 12 ++++++------ services/minecraft.nix | 4 ++-- services/qbittorrent.nix | 24 +++++++++++++----------- 4 files changed, 27 insertions(+), 26 deletions(-) diff --git a/configuration.nix b/configuration.nix index ae78331..09703e9 100644 --- a/configuration.nix +++ b/configuration.nix @@ -101,14 +101,10 @@ mkdir -p ${config.boot.lanzaboote.pkiBundle} ${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${config.boot.lanzaboote.pkiBundle} ''; - - "zfs-encryption-keys".text = '' - #!/bin/sh - rm -fr /etc/zfs-key - cp /etc/nixos/secrets/zfs-key /etc/zfs-key - ''; }; + boot.initrd.secrets."/etc/zfs-key" = /etc/nixos/secrets/zfs-key; + environment.etc = { "issue".text = ""; }; @@ -292,6 +288,9 @@ "wheel" "video" "render" + "postgres" + "owntracks" + "immich" ]; hashedPasswordFile = "/etc/nixos/secrets/hashedPass"; @@ -353,5 +352,5 @@ "d ${config.services.postgresql.dataDir} 0700 postgres postgres" ]; - system.stateVersion = "24.05"; + system.stateVersion = "24.11"; } diff --git a/flake.lock b/flake.lock index dfb48bb..f018f11 100644 --- a/flake.lock +++ b/flake.lock @@ -163,11 +163,11 @@ ] }, "locked": { - "lastModified": 1738028598, - "narHash": "sha256-0AjsOFj8Tyl1S8mEgr2MKCHIj0Y+/Gy275xas2kduqQ=", + "lastModified": 1738201338, + "narHash": "sha256-yO1zdfkSyNWywriGUTRbDnJsoZkjFwpl/1DVwdv9GNA=", "owner": "Infinidoge", "repo": "nix-minecraft", - "rev": "381b2e789876208216b26725009826c80c99399f", + "rev": "ce78a3fcb768948c3b2ed1196fdd124a4316a863", "type": "github" }, "original": { @@ -194,11 +194,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1737885640, - "narHash": "sha256-GFzPxJzTd1rPIVD4IW+GwJlyGwBDV1Tj5FLYwDQQ9sM=", + "lastModified": 1738023785, + "narHash": "sha256-BPHmb3fUwdHkonHyHi1+x89eXB3kA1jffIpwPVJIVys=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "4e96537f163fad24ed9eb317798a79afc85b51b7", + "rev": "2b4230bf03deb33103947e2528cac2ed516c5c89", "type": "github" }, "original": { diff --git a/services/minecraft.nix b/services/minecraft.nix index 469a17b..62f1f8b 100644 --- a/services/minecraft.nix +++ b/services/minecraft.nix @@ -64,8 +64,8 @@ in }; moonrise = fetchurl { - url = "https://cdn.modrinth.com/data/KOHu7RCS/versions/a8Zqa1bJ/Moonrise-Fabric-0.2.0-beta.7%2B6ec14ff.jar"; - sha512 = "4ebc97764038aebd0b4bc5f6b25f9356419cf32f6c8bd64016665d9aad5c9f79ca9df2decac3038f7f713ff595c2b3286b3a1eb4d6debcd6639a52556416581a"; + url = "https://cdn.modrinth.com/data/KOHu7RCS/versions/J5ayzvZp/Moonrise-Fabric-0.2.0-beta.8%2B0cbff02.jar"; + sha512 = "d6f8b698226ebfcd87635cc2796022b0dad030f1d9ff5fd77d184b729c4d0c1f7dcfd265ab0f80186178c8c89fbdce20407b1025af05edec8c4a4f8df605ebf6"; }; squaremap = fetchurl { diff --git a/services/qbittorrent.nix b/services/qbittorrent.nix index 28f9900..87bad24 100644 --- a/services/qbittorrent.nix +++ b/services/qbittorrent.nix @@ -64,17 +64,19 @@ QueueingSystemEnabled = false; # seed all torrents all the time AddTrackersEnabled = true; - AdditionalTrackers = (lib.concatStrings ( - map (url: url + "\\n") [ - "udp://tracker.opentrackr.org:1337/announce" - "udp://open.stealth.si:80/announce" - "udp://open.demonii.com:1337" - "udp://exodus.desync.com:6969/announce" - "udp://tracker.dler.org:6969/announce" - "udp://tracker.bittor.pw:1337/announce" - "udp://tracker.torrent.eu.org:451/announce" - ] - )); + AdditionalTrackers = ( + lib.concatStrings ( + map (url: url + "\\n") [ + "udp://tracker.opentrackr.org:1337/announce" + "udp://open.stealth.si:80/announce" + "udp://open.demonii.com:1337" + "udp://exodus.desync.com:6969/announce" + "udp://tracker.dler.org:6969/announce" + "udp://tracker.bittor.pw:1337/announce" + "udp://tracker.torrent.eu.org:451/announce" + ] + ) + ); }; }; };