cleanup

disk.sh

@@ -2,25 +2,19 @@ set -o errexit
 set -o nounset
 set -o pipefail
 
-opts=$(getopt --options r:m:b:l:c: --longoptions=root:,mapping:,boot-label:,main-label:,cryptmain-label: --name "$0" -- "$@")
+opts=$(getopt --options r:m:b:l:c: --longoptions=root:,boot-label:,main-label: --name "$0" -- "$@")
 
 eval set -- "$opts"
 
 root=/mnt
-mapping=main
 bootlbl=BOOT
 mainlbl=main
-cryptmainlbl=cryptmain
 while true; do
   case "$1" in
   -r | --root)
     root=$2
     shift 2
     ;;
-  -m | --mapping)
-    mapping=$2
-    shift 2
-    ;;
   -b | --boot-label)
     bootlbl=${2^^}
     shift 2
@@ -29,10 +23,6 @@ while true; do
     mainlbl=$2
     shift 2
     ;;
-  -c | --cryptmain-label)
-    cryptmainlbl=$2
-    shift 2
-    ;;
   --)
     shift
     break
@@ -59,38 +49,10 @@ while IFS= read -r k; do
 done < <(jq '.partitiontable.partitions | keys[]' <<<"$json")
 
 bootfs="${parts[0]}"
-mainblkdev="${parts[1]}"
+mainfs="${parts[1]}"
 
 mkfs.vfat -F 32 -n "$bootlbl" -- "$bootfs" >/dev/null
 
-while true; do
-  read -r -p 'Do you want your main partition to be encrypted [y/N]? ' luks
-  case "$luks" in
-  [Yy]*)
-    while true; do
-      read -r -s -p 'Enter password: ' password
-      printf '\n'
-      read -r -s -p 'Re-enter password: ' repassword
-      printf '\n'
-      if [[ "$password" == "$repassword" ]]; then
-        break
-      fi
-    done
-
-    cryptsetup luksFormat --batch-mode --label "$cryptmainlbl" "$mainblkdev" <<<"$password"
-    cryptsetup open "$mainblkdev" "$mapping" <<<"$password"
-
-    mainfs=/dev/mapper/$mapping
-    break
-    ;;
-  '' | [Nn]*)
-    mainfs=$mainblkdev
-    break
-    ;;
-  *) printf 'Please answer with yes or no\n' 1>&2 ;;
-  esac
-done
-
 mkfs.ext4 -q -F -L "$mainlbl" -- "$mainfs"
 mkdir --parents -- "$root"
 mount --options noatime -- "$mainfs" "$root"

flake.nix

@@ -19,6 +19,8 @@
 
       flake = {
         nixosConfigurations = let
+          hostsDir = "hosts";
+
           commonNixosSystem = name:
             nixpkgs.lib.nixosSystem {
               specialArgs = {
@@ -29,14 +31,14 @@
                 inputs.agenix.nixosModules.default
 
                 ./common
-                ./hosts/${name}
+                ./${hostsDir}/${name}
 
                 ({lib, ...}: {networking.hostName = lib.mkDefault name;})
               ];
             };
 
-          genHosts = nixpkgs.lib.pipe (builtins.readDir ./hosts) [
+          genHosts = nixpkgs.lib.pipe (builtins.readDir ./${hostsDir}) [
-            (nixpkgs.lib.filterAttrs (name: type: type == "directory" && name != "default.nix"))
+            (nixpkgs.lib.filterAttrs (name: type: type == "directory"))
             builtins.attrNames
             nixpkgs.lib.genAttrs
           ];

pubkeys.nix

@@ -1,4 +1,4 @@
-let
+{
   users = {
     "lukas@flamingo" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAztZgcRBHqX8Wb2nAlP1qCKF205M3un/D1YnREcO7Dy";
     "lukas@glacier" = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK4U9RzV/gVGBfrCOye7BlS11g5BS7SmuZ36n2ZIJyAX";
@@ -8,14 +8,4 @@ let
     abacus = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHoUgClpkOlBEffQOb9KkVn970RwnIhU0OiVr7P2WVzg";
     vessel = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKkYcOb1JPNLTJtob1TcuC08cH9P2APAhLR26RYd573d";
   };
-in {
-  inherit users hosts;
-
-  desktops = {
-    inherit (hosts) glacier flamingo;
-  };
-
-  servers = {
-    inherit (hosts) abacus vessel;
-  };
 }