nixos-config/nixos/machines/orbi/hardware-configuration/default.nix

{ config, pkgs, modulesPath, lib, ... }:

let

  # in rescue shell
  # ---------------
  # apt install -y lshw
  # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
  networkInterfaceModule = "e1000e";

  # ip addr
  networkInterface = "enp0s31f6";

  # From the Hetzner control panel
  ipv4 = {
    address = "95.216.66.212"; # the ip address
    gateway = "95.216.66.193"; # the gateway ip address
    netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
    prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
  };
  ipv6 = {
    address = "2a01:4f9:2b:326::2"; # the ipv6 addres
    gateway = "fe80::1"; # the ipv6 gateway
    prefixLength = 64; # shown in the control panel
  };

in

{
  system.stateVersion = "23.11";

  imports = [
    ./disko-config.nix
    ./hardware-configuration.nix
  ];

  environment.systemPackages = [
    pkgs.mosh
  ];

  # Use GRUB2 as the boot loader.
  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
  boot.loader.grub = {
    enable = true;
    efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
  };

  # Initial empty root password for easy login:
  users.users.root.initialHashedPassword = "";
  services.openssh.settings.PermitRootLogin = "prohibit-password";
  services.openssh.settings.PasswordAuthentication = false;

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
  ];

  services.openssh.enable = true;
  services.sshguard.enable = true;


  # enable ssh on init
  # ------------------

  #boot.kernelParams = [
  #  # See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
  #  # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
  #  # The server ip refers to the NFS server -- we don't need it.
  #  "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
  #];

  # luks unlock zeug
  #boot.initrd.systemd.services.openssh = {
  #  enable = true;
  #};
  #unlock_root(){
  #  pw=$(rbw get 'zfs encryption')
  #  ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent"
  #}
  #boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";

  #boot.kernelParams = [ "ip=dhcp" ];
  boot.initrd.kernelModules = [ networkInterfaceModule ];
  boot.initrd.network = {
    enable = true;
    ssh = {
      enable = true;
      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
      port = 2222;
      hostKeys = [
        # make sure you use --copy-host-keys during nixos-anywhere
        # (you can create ne ssh keys later, again)
        /etc/ssh/ssh_host_rsa_key
        /etc/ssh/ssh_host_ed25519_key
      ];
    };
  };

  systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
  boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
  boot.initrd.systemd.enable = true;

  # root shell if not booting (usefull for debugging)
  boot.initrd.systemd.emergencyAccess = false;

  # playing around with stuff
  # boot.initrd.luks.reusePassphrases = true;

}
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`{ config, pkgs, modulesPath, lib, ... }:`

			`let`

Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`# in rescue shell`
			`# ---------------`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`# apt install -y lshw`
			`# lshw -C network \| grep -Poh 'driver=[[:alnum:]]+'`
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`networkInterfaceModule = "e1000e";`
working on orbi and stuff 2024-03-02 12:57:01 +01:00
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`# ip addr`
			`networkInterface = "enp0s31f6";`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
			`# From the Hetzner control panel`
			`ipv4 = {`
working on orbi 2024-02-16 22:21:05 +01:00			`address = "95.216.66.212"; # the ip address`
			`gateway = "95.216.66.193"; # the gateway ip address`
			`netmask = "255.255.255.192"; # the netmask -- might not be the same for you!`
			`prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`};`
			`ipv6 = {`
working on orbi 2024-02-16 22:21:05 +01:00			`address = "2a01:4f9:2b:326::2"; # the ipv6 addres`
update robi and started with orbi 2023-12-09 17:15:50 +01:00			`gateway = "fe80::1"; # the ipv6 gateway`
			`prefixLength = 64; # shown in the control panel`
			`};`

			`in`

			`{`
working on orbi and stuff 2024-03-02 12:57:01 +01:00			`system.stateVersion = "23.11";`
orbi works and steam is a component now 2024-02-28 23:17:23 +01:00
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`imports = [`
orbi works and steam is a component now 2024-02-28 23:17:23 +01:00			`./disko-config.nix`
			`./hardware-configuration.nix`
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`];`
orbi works and steam is a component now 2024-02-28 23:17:23 +01:00
working on orbi and stuff 2024-03-02 12:57:01 +01:00			`environment.systemPackages = [`
			`pkgs.mosh`
			`];`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
			`# Use GRUB2 as the boot loader.`
			`# We don't use systemd-boot because Hetzner uses BIOS legacy boot.`
wip on orbi 2024-02-24 03:20:01 +01:00			`boot.loader.grub = {`
			`enable = true;`
working on orbi partition type. 2024-02-26 09:44:59 +01:00			`efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.`
wip on orbi 2024-02-24 03:20:01 +01:00			`};`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
			`# Initial empty root password for easy login:`
			`users.users.root.initialHashedPassword = "";`
			`services.openssh.settings.PermitRootLogin = "prohibit-password";`
			`services.openssh.settings.PasswordAuthentication = false;`

			`users.users.root.openssh.authorizedKeys.keys = [`
			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC6uza62+Go9sBFs3XZE2OkugBv9PJ7Yv8ebCskE5WYPcahMZIKkQw+zkGI8EGzOPJhQEv2xk+XBf2VOzj0Fto4nh8X5+Llb1nM+YxQPk1SVlwbNAlhh24L1w2vKtBtMy277MF4EP+caGceYP6gki5+DzlPUSdFSAEFFWgN1WPkiyUii15Xi3QuCMR8F18dbwVUYbT11vwNhdiAXWphrQG+yPguALBGR+21JM6fffOln3BhoDUp2poVc5Qe2EBuUbRUV3/fOU4HwWVKZ7KCFvLZBSVFutXCj5HuNWJ5T3RuuxJSmY5lYuFZx9gD+n+DAEJt30iXWcaJlmUqQB5awcB1S2d9pJ141V4vjiCMKUJHIdspFrI23rFNYD9k2ZXDA8VOnQE33BzmgF9xOVh6qr4G0oEpsNqJoKybVTUeSyl4+ifzdQANouvySgLJV/pcqaxX1srSDIUlcM2vDMWAs3ryCa0aAlmAVZIHgRhh6wa+IXW8gIYt+5biPWUuihJ4zGBEwkyVXXf2xsecMWCAGPWPDL0/fBfY9krNfC5M2sqxey2ShFIq+R/wMdaI7yVjUCF2QIUNiIdFbJL6bDrDyHnEXJJN+rAo23jUoTZZRv7Jq3DB/A5H7a73VCcblZyUmwMSlpg3wos7pdw5Ctta3zQPoxoAKGS1uZ+yTeZbPMmdbw=="
			`];`

			`services.openssh.enable = true;`
working on orbi 2024-02-16 22:21:05 +01:00			`services.sshguard.enable = true;`
update robi and started with orbi 2023-12-09 17:15:50 +01:00

			`# enable ssh on init`
			`# ------------------`

working on orbi 2024-02-16 22:21:05 +01:00			`#boot.kernelParams = [`
			`# # See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this`
			`# # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>`
			`# # The server ip refers to the NFS server -- we don't need it.`
			`# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"`
			`#];`

Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`# luks unlock zeug`
			`#boot.initrd.systemd.services.openssh = {`
working on orbi partition type. 2024-02-26 09:44:59 +01:00			`# enable = true;`
			`#};`
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`#unlock_root(){`
			`# pw=$(rbw get 'zfs encryption')`
			`# ssh root@eve.i -p 2222 "echo ${pw} \| systemd-tty-ask-password-agent"`
			`#}`
			`#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";`

			`#boot.kernelParams = [ "ip=dhcp" ];`
			`boot.initrd.kernelModules = [ networkInterfaceModule ];`
			`boot.initrd.network = {`
			`enable = true;`
			`ssh = {`
			`enable = true;`
			`authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;`
			`port = 2222;`
			`hostKeys = [`
			`# make sure you use --copy-host-keys during nixos-anywhere`
			`# (you can create ne ssh keys later, again)`
			`/etc/ssh/ssh_host_rsa_key`
			`/etc/ssh/ssh_host_ed25519_key`
			`];`
			`};`
			`};`
update robi and started with orbi 2023-12-09 17:15:50 +01:00
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00			`systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;`
			`boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";`
			`boot.initrd.systemd.enable = true;`
wip on orbi 2024-02-24 03:20:01 +01:00
working on orbi and stuff 2024-03-02 12:57:01 +01:00			`# root shell if not booting (usefull for debugging)`
			`boot.initrd.systemd.emergencyAccess = false;`
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00
working on orbi and stuff 2024-03-02 12:57:01 +01:00			`# playing around with stuff`
			`# boot.initrd.luks.reusePassphrases = true;`
Now it works like it should be with orbi 2024-02-29 00:32:48 +01:00
working on orbi and stuff 2024-03-02 12:57:01 +01:00			`}`