From 12ebfe03542df92ee1567e7bb2a210571c7ad676 Mon Sep 17 00:00:00 2001
From: ahuston-0 <aliceghuston@gmail.com>
Date: Thu, 22 Aug 2024 00:50:54 -0400
Subject: [PATCH] palatine-hill revamp

---
 .sops.yaml                         |  3 +-
 systems/palatine-hill/hardware.nix | 63 +++++++++++++++++++-----------
 systems/palatine-hill/secrets.yaml | 42 ++++++++++----------
 3 files changed, 63 insertions(+), 45 deletions(-)

diff --git a/.sops.yaml b/.sops.yaml
index 3c5974c..2732bf9 100644
--- a/.sops.yaml
+++ b/.sops.yaml
@@ -9,7 +9,8 @@ keys:
   # cspell:disable
   - &artemision age1jd2dcpykagz20kpk2kkchte3augqncwfn6nywursx0dkfyze6feqdzxkq2
   - &artemision-home age1t29a6z6cfy8m3cnc8uva0ey833vhcppue8psyumts7mtyf0zufcqvfshuc
-  - &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+    #- &palatine-hill age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+  - &palatine-hill age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
   # cspell:enable
 
 servers: &servers
diff --git a/systems/palatine-hill/hardware.nix b/systems/palatine-hill/hardware.nix
index 2e08fcd..517ec12 100644
--- a/systems/palatine-hill/hardware.nix
+++ b/systems/palatine-hill/hardware.nix
@@ -1,48 +1,65 @@
+# Do not modify this file!  It was generated by ‘nixos-generate-config’
+# and may be overwritten by future invocations.  Please make changes
+# to /etc/nixos/configuration.nix instead.
 {
   config,
   lib,
+  pkgs,
   modulesPath,
   ...
 }:
+
 {
   imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
 
-  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
-  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
-  swapDevices = [ { device = "/dev/disk/by-uuid/2b01e592-2297-4eb1-854b-17a63f1d4cf6"; } ];
   boot = {
+    initrd.availableKernelModules = [
+      "xhci_pci"
+      "mpt3sas"
+      "ahci"
+      "nvme"
+      "usb_storage"
+      "usbhid"
+      "sd_mod"
+    ];
+    initrd.kernelModules = [ "dm-snapshot" ];
     kernelModules = [ "kvm-amd" ];
     extraModulePackages = [ ];
-    initrd = {
-      kernelModules = [ ];
-      availableKernelModules = [
-        "ahci"
-        "mpt3sas"
-        "nvme"
-        "sd_mod"
-        "usb_storage"
-        "usbhid"
-        "xhci_pci"
-      ];
-    };
   };
 
   fileSystems = {
-    "/" = lib.mkDefault {
-      device = "/dev/disk/by-uuid/b3b709ce-fe88-4267-be47-bf991a512cbe";
+    "/" = {
+      device = "/dev/disk/by-uuid/8bfaa32b-09dd-45c8-831e-05e80be82f9e";
       fsType = "ext4";
     };
 
-    "/boot" = {
-      device = "/dev/disk/by-uuid/4CBA-2451";
-      fsType = "vfat";
+    "/home" = {
+      device = "/dev/disk/by-uuid/4f1e4cc5-b0e1-402c-895c-b28368905ccc";
+      fsType = "ext4";
     };
+
     "/nix" = {
       device = "ZFS-primary/nix";
       fsType = "zfs";
-      depends = [ "/crypto/keys" ];
-      neededForBoot = true;
-      options = [ "noatime" ];
     };
+
+    "/boot" = {
+      device = "/dev/disk/by-uuid/F774-5A2D";
+      fsType = "vfat";
+    };
+
   };
+  swapDevices = [ { device = "/dev/disk/by-uuid/96f3107b-db94-47b3-963e-6a2cb8b4e66a"; } ];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno1.useDHCP = lib.mkDefault true;
+  # networking.interfaces.eno2.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp72s0f3u1u2c2.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/systems/palatine-hill/secrets.yaml b/systems/palatine-hill/secrets.yaml
index 3f2cbb3..79ef7ae 100644
--- a/systems/palatine-hill/secrets.yaml
+++ b/systems/palatine-hill/secrets.yaml
@@ -28,36 +28,36 @@ sops:
     azure_kv: []
     hc_vault: []
     age:
-        - recipient: age1z8q02wdp0a2ep5uuffgfeqlfam4ztl95frhw5qhnn6knn0rrmcnqk5evej
+        - recipient: age1qw5k8h72k3fjg5gmlxx8q8gwlc2k6n6u08d8hdzpm2pk9r0fnfxsmw33nh
           enc: |
             -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBZzhuWkE1czhNdm1zMjRK
-            cTVhZWlmZnVqRG5RQ2FxSEpyVTdEWHdvUFRzCkJOVFJ4eTk4bUpVVlVoUnZSRTdw
-            SVdhc29UQktlb2lEN3VQcVZhVjFsRlUKLS0tIFpHWXZRSk1leWpIeGxub3hXOUU4
-            bDRzTzhIa1N2Q1lHcG54akdOV2RyQ0EKHM4aD6KEyn8+JglVSGui3ROHyStDdAgh
-            BXXeg6BRwANFzxfUrpAZLoVh/pc1q9rmaxBUQ4NOM3mw+gKuv2NFrA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSArVTd5WENRV3UzbGx6MVRw
+            OGRJSmZFRlV5cmJsK254dzUxNzhOT25hWERjCkJnTDErMWFEMXBucExjczBsdzU3
+            akdrK3FndmgxalRGNUNnaXlNU1Y3NU0KLS0tIGNHWVh0cmlGY2xaYzZ4M0dhTU1j
+            TkYva25xYUxySkRuL0pPakZRdlhnMnMK/PapdNI40z/pALp9+uaZCIYmpD6uWfN9
+            Cl2wD8f8wOuBxI/Mw1hxtJtcF+XubW/Lexjft27lcbuw76N9//ngWA==
             -----END AGE ENCRYPTED FILE-----
     lastmodified: "2024-08-18T00:53:19Z"
     mac: ENC[AES256_GCM,data:IxvUHA5Rx/icbar+7H4ii0M2llOaMD7c3Nx57hR74FhDVgXj8/eCX/yJW3K8+w9ZGYasFmuJZrvd9Zan7kcPeiSMVJJUJNNyoURkBZeF2xPcVq56GYGrzzFsUIfzhrjz4PI5nEX/X1ODs+8KeIDb8pNPILoJXHhHWHSXavWvx/c=,iv:v4U+AeUDsBxKyrbu8sEmTy+RAAJvITK1IMY7mziRwtU=,tag:BWedhwz4hNXsou5FO53XMA==,type:str]
     pgp:
-        - created_at: "2024-08-21T00:13:00Z"
+        - created_at: "2024-08-22T04:47:56Z"
           enc: |-
             -----BEGIN PGP MESSAGE-----
 
-            hQIMA/3GV3g+HEdPAQ//dEHZoDJ9BWiaZQVE8CTsKz6nvngBoAJZ/t9FH8RSaSo2
-            8K/Ix9VwpxZt5T7SDh6w6gAHPmb4gjvMFZU85DiNTumrK6zDecl3XVlcb1FaI6AY
-            vxIpAbHhvv6on6Yp3rst1fTvm7FQfxwPkRhR/IwQsehaXbXHw03HBpah/KAAhac/
-            KVyqy8BfT0iK1YU1CEMroIAKEJi2jwBY5K0ur7u4He9IYZmJzp8kI3N/GQo9fj0R
-            lnGov/Q139dwA7Xi+nf0pwGeWMJ4DfJXRzEwqD0PfhYeS8qXxnMjNESojTttrOgD
-            3yZ5D1Z+SHUeOEwmgyinFx5ls04TYl/XoQFnt1YwOvs8FVrnRTDKPrZ72CcGYNAG
-            8Wj5SzGMlL969q/luslqyVMvRf9sxAOApjPu0be4tYoL5WfDPs1aDdSAvK/3nW8x
-            VTBtQu4uIqmdfP5KAbt/HyIIKQ+93dkxYVd0vOODR6fbM97cN7TCzgqnSUUhA3e8
-            sIBx98SbvDbfsXVSlkPM6dLSQhvdisvlI0FkPnmDk1xFlxlOqN7Yo5iO0pk2yNDw
-            tW0BY2CiRNZCRshSCbQXF6yJGl76WgfIZ69NgoACB5FjXdG5t+6CHqKGIpaybowj
-            zb/w4wiGCxDw0GmHTfN16etKEn+GkxPR6jOzMzBc3fgwF4eyd5/+daUcU67SpTPS
-            XgHkZPTOPP9f2AvGDjvK6pc58LE2SzVB+eGdg8W7wc5MYpLlwsCjpH9RJUiVjj40
-            0P3V5BbGFFHHMRrpE8F8Lc2iUHRTeWHQtzv2ks2ywqmKA4bu5/tT+R6GxvRNBl0=
-            =MxRN
+            hQIMA/3GV3g+HEdPAQ/+PqkO8Jpr3v4NRB6jvlx4pXcrC2uJfZiB+EYamQ9ROqGH
+            oy9K7DTcn0q8Y0kfMs9AwOo26nSeuZqTRpF9NJw5p19r686Hibbg64FkmCjw8Egj
+            VPxzVi1GFOJo+hTuesqFJWSRHo5tPnx2mGq1L1oBAAFu43xjKRHAiJUCaAYQpXVz
+            aBQmr199+JAMIW2laW6SOtBbz+LeeY+1QH4VHOWT2SYzuDh9pW7CvGMKmfI1wy/A
+            Rh/OWC1rdZmoYHbvf9907qCId9+hnq+ybvsX8NoDhhn00dmHGPpQTVN2NbAoi0PS
+            N5AqsEeZGP0oYeMJ8Dh3fXNxkGjxZ95w+TpaqPF5Mj2RQVMr6zo0edUYxzgS/nBQ
+            hI+UufnX0qflciuv95DRPL4BAP4oRHWIClHKp0dWQU19vQPglfoPO2Jd3q8J3tB3
+            TsgthVCJYGftlafuDdolofoulOmM2gya/aNvhghlnri+PmBt3b4GI4rDW1IVnIk5
+            aIlhyCZ7BJog6RCd/dJts+q+RXdxYxjGGSdpgcGkFJ/EmDpdqpXizdZK5Ws9o7dY
+            h8M0JErrC5FXyQ27wfaSVugT5dDIflHFM2nqkV8CQlUtCU2voy77/468KHTgPKz/
+            Swl2BazGpK3g1x3aMRGTTA5NNDVMDy3HDimRi1IW2Yxf1wDXn3sHS917SVpdaBjS
+            XgG0FUKo/jmOHQjQTK9/2LvclPAlCdPwbXv/ZUFcvAV225rDyYHMevjlEseq2v1J
+            6IU6IB50LT0IbRuLdpLFYYM8NFg2BFJAG0QWTpNCQzagUEbHDWp5vSoOwXdEWbM=
+            =3GbE
             -----END PGP MESSAGE-----
           fp: F63832C3080D6E1AC77EECF80B4245FFE305BC82
     unencrypted_suffix: _unencrypted