challenger: finalize init

.sops.yaml

@@ -1,15 +1,14 @@
 keys:
-  - &user_felixalb_old age1n6j9umxfn5ekvmsrqngdhux0y994yh72sd5xdt6sxec86k4dyu9shsgjkw
+  - &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
-  - &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
-  - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
   - &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
+  - &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
+  - &user_felixalb age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
 
 creation_rules:
   # Global secrets
   - path_regex: secrets/[^/]+\.yaml$
     key_groups:
     - age:
-      - *user_felixalb_old
       - *user_felixalb
 
   # Host specific secrets
@@ -17,7 +16,6 @@ creation_rules:
     key_groups:
     - age:
       - *host_voyager
-      - *user_felixalb_old
       - *user_felixalb
 
   - path_regex: secrets/defiant/[^/]+\.yaml$
@@ -29,5 +27,5 @@ creation_rules:
   - path_regex: secrets/challenger/[^/]+\.yaml$
     key_groups:
     - age:
-      # - *host_defiant
+      - *host_challenger
       - *user_felixalb

base.nix

@@ -57,6 +57,7 @@
     rsync
     screen
     unzip
+    vim
     wget
     zip
   ];

hosts/challenger/configuration.nix

@@ -12,7 +12,7 @@
 
   networking = {
     hostName = "challenger";
-    bridges.br0.interfaces = [ "eno1" ]; # TODO
+    bridges.br0.interfaces = [ "enp5s0" ];
     interfaces.br0.useDHCP = false;
     interfaces.br0.ipv4.addresses = [
       { address = "192.168.10.161"; prefixLength = 24; }

hosts/challenger/filesystems.nix

@@ -6,7 +6,7 @@
 
   # Local zfs
   boot = {
-    zfs.extraPools = [ "tank" ];
+    # zfs.extraPools = [ "tank" ];
     supportedFilesystems = [ "zfs" ];
     kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
   };

hosts/challenger/hardware-configuration.nix

@@ -8,22 +8,26 @@
     [ (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "ehci_pci" "ahci" "mpt3sas" "usbhid" "usb_storage" "sd_mod" "sr_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "nvme" "usb_storage" "usbhid" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
-  boot.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/TODO";
+    { device = "/dev/disk/by-uuid/a4ed02e2-4223-4686-95b0-b29cbd517afe";
       fsType = "ext4";
     };
 
   fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/TODO";
+    { device = "/dev/disk/by-uuid/2467-77B7";
       fsType = "vfat";
+      options = [ "fmask=0077" "dmask=0077" ];
     };
 
-  swapDevices = [ ];
+  swapDevices = [ {
+    device = "/swapfile";
+    size = 16*1024;
+  } ];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's