Add elara

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2024-12-18 20:57:26 +00:00
parent f96a5c7776
commit e23e71560f
48 changed files with 655 additions and 246 deletions
--- a/hosts/common/system/configs/libvirt/default.nix
+++ b/hosts/common/system/configs/libvirt/default.nix
@@ -24,8 +24,10 @@
  environment = {
    systemPackages = [ config.virtualisation.libvirtd.qemu.swtpm.package ];
    etc = {
-      "ovmf/edk2-x86_64-secure-code.fd".source = "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-x86_64-secure-code.fd";
-      "ovmf/edk2-i386-vars.fd".source = "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd";
+      "ovmf/edk2-x86_64-secure-code.fd".source =
+        "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-x86_64-secure-code.fd";
+      "ovmf/edk2-i386-vars.fd".source =
+        "${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd";
    };
    persistence."/persist"."/var/lib/libvirt" = { };
  };
--- a/hosts/common/system/configs/nix-cleanup/cleanup.sh
+++ b/hosts/common/system/configs/nix-cleanup/cleanup.sh
@@ -0,0 +1,36 @@
+if [[ "${EUID}" -ne 0 ]]; then
+  echo "Please run the script as root."
+  exit 1
+fi
+
+delete_subvolume_recursively() {
+  IFS=$'\n'
+  for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+    delete_subvolume_recursively "/mnt/btrfs/${i}"
+  done
+  btrfs subvolume delete "$1"
+}
+
+if [[ -e /mnt/btrfs && -n $(mountpoint -q /mnt/btrfs) ]]; then
+  echo "/mnt/btrfs is already mounted. Exiting."
+  exit 1
+fi
+
+mkdir -p /mnt/btrfs
+mount /dev/mapper/luks /mnt/btrfs
+
+if [[ -e /mnt/btrfs/@.bak ]]; then
+  if [[ -n "$(ls -A /mnt/btrfs/@.bak)" ]]; then
+    for i in /mnt/btrfs/@.bak/*; do
+      delete_subvolume_recursively "${i}"
+    done
+  else
+    echo "/mnt/btrfs/@.bak is empty. Nothing to delete."
+  fi
+fi
+
+umount /mnt/btrfs
+rmdir /mnt/btrfs
+
+nix-collect-garbage -d
+nix-store --gc -v
--- a/hosts/common/system/configs/nix-cleanup/default.nix
+++ b/hosts/common/system/configs/nix-cleanup/default.nix
@@ -0,0 +1,16 @@
+{ pkgs, ... }:
+{
+  environment.systemPackages = [
+    (pkgs.writeShellApplication {
+      name = "nix-cleanup";
+      runtimeInputs = with pkgs; [
+        coreutils
+        util-linux
+        findutils
+        btrfs-progs
+        nix
+      ];
+      text = builtins.readFile ./cleanup.sh;
+    })
+  ];
+}
--- a/hosts/common/system/configs/nix/default.nix
+++ b/hosts/common/system/configs/nix/default.nix
@@ -1,6 +1,9 @@
 { config, inputs, ... }:
 {
-  sops.secrets."nix/accessTokens/github".group = "users";
+  sops.secrets."nix/accessTokens/github" = {
+    sopsFile = ../../../../../secrets/personal/secrets.yaml;
+    group = "users";
+  };

  nix = {
    settings = {
--- a/hosts/common/system/configs/ssh/default.nix
+++ b/hosts/common/system/configs/ssh/default.nix
@@ -3,6 +3,7 @@
  programs.ssh = {
    knownHosts = {
      eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
+      elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
    };
  };
 }