c8h4/nixos-config
1
0
Fork 0
Code Issues Activity Actions

machines: zero: switch from networkmanager to systemd-networkd
All checks were successful
flake / build (push) Successful in 6m12s
Details

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2024-11-21 22:57:57 +01:00
parent 02449e0a77
commit 8b65739221
Signed by: c8h4
GPG key ID: 73D5E7FDEE3DE49A
5 changed files with 76 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
.sops.yaml
View file

@ -40,3 +40,10 @@ creation_rules:
- *christoph_maui - *christoph_maui
- *machine_trek - *machine_trek
- *machine_zero - *machine_zero
- path_regex: secrets/sops/zero\.yaml
key_groups:
- age:
- *christoph_trek
- *christoph_zero
- *christoph_maui
- *machine_zero

19
machines/zero.nix
View file

@ -50,10 +50,23 @@
services.btrfs.autoScrub.fileSystems = [ "/" ]; services.btrfs.autoScrub.fileSystems = [ "/" ];
networking.interfaces.eno1.wakeOnLan.enable = true; networking = {
interfaces.eno1.wakeOnLan.enable = true;
networkmanager.enable = false;
useDHCP = false;
};
networking.networkmanager.connectionConfig."ipv6.dhcp-duid" = systemd.network = {
my.machines.zero.duid; enable = true;
networks."10-upstream" = {
name = "eno1";
networkConfig.DHCP = "ipv6";
dhcpV6Config = {
DUIDType = "vendor";
DUIDRawData = my.machines.zero.duid;
};
};
};
home-manager.users.christoph = { home-manager.users.christoph = {
my = { my = {

BIN
secrets/machines/zero.nix
View file

Binary file not shown.

52
secrets/sops/zero.yaml Normal file
View file

@ -0,0 +1,52 @@
wireguard:
#ENC[AES256_GCM,data:JpRcsMXbOlu6Mgc65UJxeliVHyBgZyILKQ==,iv:9knkl8MwzoXV4GtCDy2D78PtvQm2glkhKEDnNw/dQfg=,tag:TSD89KI0I/H7N+vqf+OyEw==,type:comment]
2e02e9d5-1eb9-4f71-8ff9-41611d75221a: ENC[AES256_GCM,data:6oPYll6zb8E+M8w2LpjM1PK7kLYHo4sfW8dsED6BHPpvSMslCe1nDgqQaDU=,iv:cC6gMgutZgJJ+hpKbaat3xO4qeSJKJtP38Hg3NSDxPo=,tag:aQQxrBbabbE18ecaKr7E5g==,type:str]
#ENC[AES256_GCM,data:n6645Rh/Rs6/nVfl5KULxn1ZHvHljvYq3Wwc,iv:JccoHMxv3HgmGkt0+uyZGFETGeDU/1//rRUh2ZVm7eE=,tag:pXDP3hSEBo2z+0gUmGvEqg==,type:comment]
34ff649d-b8a8-4178-9cc9-4ac5254f479d: ENC[AES256_GCM,data:rzzmC9+48Kxn92e6gS8fiBkpFQGRQVADnNKt3XxPHLEEmKKpR4f4a9huD+w=,iv:J1b/g/K/LGRZ170GjUx2DNHEMGT6782VjMkQgMjjpdM=,tag:IJdO8DBiP1Mj4U4a7tQ9iA==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kdkzjqy88en4m65s7ld28srupzwaq30gu2e63ylayhqedpgfxews9kf6fy
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBJbTEvS280ZnZySGozTmha
VHJjRXRqWHRPelBvbXk2UkNwc3BmbUxtdkVRCjcyVTh3Q0U4U2R0RU1uWDFkNTlL
cVg3SDk5cVVGcytKVHFhL3RNYVZFQW8KLS0tIGhRVXdSeGZWUUdyd09qSDA2Qktn
aWNHTTJVVFRhTVd6RngzcktHdUtxMUEKkf91Dfz1iQSX+mlLrIGnZIwgL9RdvyP6
jT4fWAFesJ0cM4HEXp9bgO9glDn3Nra5wyOBHWjEsHDr4HVoGYUA3Q==
-----END AGE ENCRYPTED FILE-----
- recipient: age1es8273vc2yq89kvs4s84m6qffep86sm924k4my47a5qtau4ueypsgz3kqh
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBNNzd5UTVGdHplQzcrMjFo
NnFTU3IxaGwzSnM2SExOYmdNWS9QSmZNY1hBCjZ5TXZPYTdKSjBPRUxhZDY3bzVN
cFJnZDFHMDJzbnZkZGpQcWhjbFFOaDgKLS0tIFloZldRL0ZDdzhtbzF4cnVONWJJ
THIzODBtbVZWNkNzWmhMZ09tQ2tmeHMKeITJgFL6PdND5jCEzSdJssUln7apSmUS
pKkSrvOmWU2Ya57POI9loqmVoJ+5s0jYVmGDowoRrXBmX+k8h1V+wQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1ul99nmekam6rs9fpjka32aaxmnjq0p3a8x8drzxwtxa4g2u23anq6p2g6s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBDMnh0MUtYTUNoRnFkSHZK
QVQycXRrMEZZcXcrUjhkVjhsQW5Hc3lLN0VVCkppR3RzQnhDang3VStieUhMZnpF
T3BMUXloc3laMG82RXRIWFFiRDBSL2sKLS0tIGZxdEp2RlFSQlYwTDU0eXArVlRi
KzhJMkNxNldrcTRyay9rUWhvWmV2eUkKSJBDPdkxxLfZayyDHSZzUCyvrC5yitDu
O2VQjROY0E4u94i/VoynH8XCaBT+mUA+WThQFws4j63HPxyfPlrvCg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1xdd0mzt7mhr30rzvt34ygxurlvdvs53svg7lxd6843lx83vy0guqew578d
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBacHYrQkROeW5yVFdZclEw
cmFyeVhYZ2V0T25mREtOT1puYnlEekNYVnpFCmprNTZoVnZxU1pWZDhQVCt4TnVB
TS8yRUZ6ZWZqVHB3ZmJjekpSc2FPeTgKLS0tIEhTYUt6UjJDNlUyekRuYlQ0cjdH
VjQraGQ4d2Y2UkZOYS8xMFBrS0lnQ1UKjBVix5GHs30Le2nS8klpKNtNyKEvZ8uY
ELoNSH08o/XS7FvEUz7P1MmPXjeUbvJdL3fEH4N0X8jjhbZJp4RJZg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-11-21T16:04:39Z"
mac: ENC[AES256_GCM,data:MVH7IRzaXbYPNTWQUlFlEiqKBra/uDfFT9YeemLJsWt97KuHF4+JJfp5sD6Gzdcyf3mzuYK4wZd4li4TUMJWHqNkiTBS7J3+R7FiGqW93cSZ0QYdcbI8XdlfiEHA9YANHeHameQkV49z6Nngcgt5kgJRnnG9VLfddS6KRw8QF7M=,iv:aMZ/hd0/j0+0K/XoEDsl0e8Pjd2ScLfiKxuI22E8YYg=,tag:KW8fNqHZ5YVPcI/IiFX/vg==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.9.1

2
system/desktop.nix
View file

@ -31,7 +31,7 @@
# NetworkManager for easier setup and management of dynamic networks on desktops # NetworkManager for easier setup and management of dynamic networks on desktops
networking.networkmanager = { networking.networkmanager = {
enable = true; enable = lib.mkDefault true;
# https://wiki.archlinux.org/title/NetworkManager#Configure_a_unique_DUID_per_connection # https://wiki.archlinux.org/title/NetworkManager#Configure_a_unique_DUID_per_connection
connectionConfig."ipv6.dhcp-duid" = lib.mkDefault "stable-uuid"; connectionConfig."ipv6.dhcp-duid" = lib.mkDefault "stable-uuid";
}; };