From 1b60bfbe215e1d041099bc57e7e84e57cdd4987a Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Wed, 7 Aug 2024 11:07:10 +0200 Subject: [PATCH] probe encryption --- flake.nix | 2 +- machines/probe/configuration.nix | 3 ++ .../probe/hardware-configuration/default.nix | 4 +- .../disko-config-encrypted.nix | 43 +++++++++++++++++++ ...sko-config.nix => disko-config-simple.nix} | 0 5 files changed, 48 insertions(+), 4 deletions(-) create mode 100644 machines/probe/hardware-configuration/disko-config-encrypted.nix rename machines/probe/hardware-configuration/{disko-config.nix => disko-config-simple.nix} (100%) diff --git a/flake.nix b/flake.nix index c62bc0d..7ddbfe9 100644 --- a/flake.nix +++ b/flake.nix @@ -477,7 +477,7 @@ probe = clanSetup { name = "probe"; - host = "probe.bear"; + host = "95.217.18.54"; modules = [ homeManagerModules stylixModules diff --git a/machines/probe/configuration.nix b/machines/probe/configuration.nix index 2ada334..1020664 100644 --- a/machines/probe/configuration.nix +++ b/machines/probe/configuration.nix @@ -10,6 +10,9 @@ components.mainUser.enable = true; components.network.enable = true; + components.nixos.boot.enable = true; + components.nixos.boot.tor.enable = false; + networking.hostName = "probe"; users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJkqVvuJSvRMO5pG2CHNNBxjB7HlJudK4TQs3BhbOWOD" ]; users.users.root.initialPassword = "admin"; diff --git a/machines/probe/hardware-configuration/default.nix b/machines/probe/hardware-configuration/default.nix index 0c2cbf0..662830b 100644 --- a/machines/probe/hardware-configuration/default.nix +++ b/machines/probe/hardware-configuration/default.nix @@ -1,13 +1,11 @@ { config, factsGenerator, clanLib, ... }: { imports = [ - ./disko-config.nix + ./disko-config-encrypted.nix ./hardware-configuration.nix ./hetzner.nix # to more me to components ]; boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) - - } diff --git a/machines/probe/hardware-configuration/disko-config-encrypted.nix b/machines/probe/hardware-configuration/disko-config-encrypted.nix new file mode 100644 index 0000000..c1c7aca --- /dev/null +++ b/machines/probe/hardware-configuration/disko-config-encrypted.nix @@ -0,0 +1,43 @@ +# Example to create a bios compatible gpt partition +{ lib, ... }: +{ + disko.devices = { + disk.disk1 = { + device = lib.mkDefault "/dev/sda"; + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + name = "boot"; + size = "1M"; + type = "EF02"; + }; + esp = { + name = "ESP"; + size = "500M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + }; + }; + root = { + name = "root"; + size = "100%"; + content = { + type = "luks"; + name = "root"; + content = { + type = "filesystem"; + format = "ext4"; + mountpoint = "/"; + }; + }; + }; + }; + }; + }; + }; +} diff --git a/machines/probe/hardware-configuration/disko-config.nix b/machines/probe/hardware-configuration/disko-config-simple.nix similarity index 100% rename from machines/probe/hardware-configuration/disko-config.nix rename to machines/probe/hardware-configuration/disko-config-simple.nix