luks

single disk array
disk
2026-01-15 14:09:07 +01:00 · 2026-01-15 10:32:07 +01:00 · 2026-01-13 22:33:20 +01:00 · 2026-01-09 16:58:32 +01:00 · 2026-01-09 16:56:05 +01:00 · 2026-01-09 16:43:09 +01:00
9 changed files with 29 additions and 64 deletions
--- a/.gitea/workflows/deploy.yaml
+++ b/.gitea/workflows/deploy.yaml
@@ -5,6 +5,9 @@ on:

 jobs:
  deploy:
+    container:
+      volumes:
+        - /nix/store:/var/nix/hosted-store
    permissions:
      contents: read
      id-token: write
@@ -26,7 +29,7 @@ jobs:
        with:
          extra_nix_config: |
            extra-trusted-public-keys = localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=
-            substituters = http://localhost:5000
+            extra-substituters = "local?store=/var/nix/hosted-store&priority=20"
            secret-key-files = /var/secrets/cache_privkey
            post-build-hook = /etc/nix/upload-to-cache.sh
      - name: Install SSH key
--- a/flake.nix
+++ b/flake.nix
@@ -65,6 +65,26 @@
        );
    in
    {
+      nixosConfigurations = {
+        sin = nixpkgs.lib.nixosSystem {
+           system = "x86_64-linux";
+          
+           modules = [
+              disko.nixosModules.disko
+              agenix.nixosModules.default
+              ./hosts/sin/configuration.nix
+              ./hosts/sin/hardware-configuration.nix
+            ]
+            ++ [
+              # modules
+              ./modules/gitea/sin
+            ];
+            
+            specialArgs = {
+             inherit inputs;
+           };
+        };
+      };
      colmenaHive = colmena.lib.makeHive {
        meta = {
          nixpkgs = import nixpkgs {
@@ -118,6 +138,7 @@
            ];

            deployment.targetHost = "192.168.1.14";
+            deployment.allowLocalDeployment = true;
          };
      };
      devShells = forEachSupportedSystem (
--- a/hosts/sin/luks-btrfs-raid.nix
+++ b/hosts/sin/luks-btrfs-raid.nix
@@ -50,39 +50,17 @@
        };
      };

-      data1 = {
+      data = {
        type = "disk";
        device = "/dev/sda";
        content = {
          type = "gpt";
          partitions = {
-            crypt_p1 = {
+            crypt_p = {
              size = "100%";
              content = {
                type = "luks";
-                name = "p_data1"; # device-mapper name when decrypted
-                # Remove settings.keyFile if you want to use interactive password entry
-                settings = {
-                  allowDiscards = true;
-                  keyFile = "/dev/disk/by-uuid/2021-07-11-12-33-27-00";
-                  keyFileSize = 4096;
-                };
-              };
-            };
-          };
-        };
-      };
-      data2 = {
-        type = "disk";
-        device = "/dev/sdb";
-        content = {
-          type = "gpt";
-          partitions = {
-            crypt_p2 = {
-              size = "100%";
-              content = {
-                type = "luks";
-                name = "p_data2";
+                name = "p_data";
                # Remove settings.keyFile if you want to use interactive password entry
                settings = {
                  allowDiscards = true;
@@ -91,10 +69,6 @@
                };
                content = {
                  type = "btrfs";
-                  extraArgs = [
-                    "-d raid0"
-                    "/dev/mapper/p_data1" # Use decrypted mapped device, same name as defined in disk1
-                  ];
                  subvolumes = {
                    "/" = {
                      mountpoint = "/mnt/fs";
--- a/hosts/thea/configuration.nix
+++ b/hosts/thea/configuration.nix
@@ -20,7 +20,6 @@ in
    # ./cybercoffee
    ./ollama.nix
    ./minecraft.nix
-    ./secrets
    ./nix-serve.nix
  ];

--- a/hosts/thea/nix-serve.nix
+++ b/hosts/thea/nix-serve.nix
@@ -1,12 +0,0 @@
-{
-  pkgs,
-  config,
-  lib,
-  ...
-}:
-{
-  services.nix-serve = {
-    enable = true;
-    secretKeyFile = config.age.secrets.cache-privkey.path;
-  };
-}
--- a/hosts/thea/ressources/cache/pubkey.pem
+++ b/hosts/thea/ressources/cache/pubkey.pem
@@ -1 +0,0 @@
-localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=
--- a/hosts/thea/secrets/cache-privkey.age
+++ b/hosts/thea/secrets/cache-privkey.age
@@ -1,10 +0,0 @@
-age-encryption.org/v1
-> ssh-ed25519 QvCxGg uhxooXKWZwPQUJ2Dxu127JDdXC3fjcEZPHK1n1nXSHs
-8ZGyYyxHfQ2xpquGVWRaNBILDPGfxRxVWYXTTbPcmvU
-> ssh-ed25519 /uqj4A ZJjtn6qWDXjOfYm/wa9Ch87yC7Wn/xIPvfLZkNfLD1A
-oh84B629HMAX7d6kBAks/mnbwYla0gzLxZ1yTTGuYrE
-> ssh-ed25519 70Re8Q B01cYHBUptpfgjrZrEb1UO7mjFNBxYQRphMIMDmh4QQ
-KOwjzGz+DIlX0dhJyhjAG5Z6j+MERa/+tDO4FOgxnGo
--- l76GMa1frNIiNiloxdLv9HqSpMPVZYFhS5oVE10U9QI
-<EFBFBD>îá²KÍ!›*dí¾”7N¦í½›3S7×è9þ$öWšLõªa¦7¹(Ì<>áØ¼Cå¦ç¨<C3A7>„acøíßì
-†ÝÅÞ†‹ `OŠê-òP<C3B2>áïïXf<58>:ê¯È+‰ìº½½
--- a/hosts/thea/secrets/default.nix
+++ b/hosts/thea/secrets/default.nix
@@ -1,9 +0,0 @@
-{ ... }:
-{
-  age.secrets = {
-    cache-privkey = {
-      file = ./cache-privkey.age;
-      mode = "700";
-    };
-  };
-}
--- a/modules/gitea/thea/virtualisation.nix
+++ b/modules/gitea/thea/virtualisation.nix
@@ -24,7 +24,7 @@
          container:
            network: "host"
            valid_volumes:
-              - "/nix/store:/nix/store"
+              - "/var/nix/hosted-store"
        '';
      };
    in
Author	SHA1	Message	Date
sin serhao	07ae2f1996	luks All checks were successful / perform flake analysis (push) Successful in 36s Details	2026-01-15 14:09:07 +01:00
sin serhao	679e8e2781	single disk array All checks were successful / perform flake analysis (push) Successful in 40s Details	2026-01-15 10:32:07 +01:00
sin serhao	637433e101	disk All checks were successful / perform flake analysis (push) Successful in 37s Details	2026-01-13 22:33:20 +01:00
Sin Ser'hao	5c1dec5c27	remove secrets Some checks failed / build hive configuration (push) Failing after 1m7s Details / perform flake analysis (push) Successful in 1m23s Details	2026-01-09 16:58:32 +01:00
Sin Ser'hao	a194e1fb90	mkem Some checks failed / perform flake analysis (push) Successful in 36s Details / build hive configuration (push) Failing after 1m11s Details	2026-01-09 16:56:05 +01:00
Sin Ser'hao	9a20f7846e	remove nix-serve	2026-01-09 16:43:09 +01:00
				`@@ -1 +0,0 @@`
				`localhost:TiRpr2LzamX/MCKBUmFlZ8inWz94QWGL88fMEHg9Kgc=`