Add 'legacy/server-config/' from commit '4bc5d57fa69a393877e7019d7673ceb33c3ab4b4'

git-subtree-dir: legacy/server-config git-subtree-mainline: dc481c24b0 git-subtree-split: 4bc5d57fa6
2026-04-18 00:45:33 -04:00
parent dc481c24b0 4bc5d57fa6
commit 6448a0427f
136 changed files with 12893 additions and 0 deletions
--- a/legacy/server-config/modules/usb-secrets.nix
+++ b/legacy/server-config/modules/usb-secrets.nix
@@ -0,0 +1,22 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+{
+  # Mount USB secrets drive via fileSystems
+  fileSystems."/mnt/usb-secrets" = {
+    device = "/dev/disk/by-label/SECRETS";
+    fsType = "vfat";
+    options = [
+      "ro"
+      "uid=root"
+      "gid=root"
+      "umask=377"
+    ];
+    neededForBoot = true;
+  };
+
+  age.identityPaths = [ "/mnt/usb-secrets/usb-secrets-key" ];
+}