wip on orbi

2024-02-24 03:20:01 +01:00 · 2024-02-24 03:20:01 +01:00 · 3993efb345
parent d6a51195f0
commit 3993efb345
4 changed files with 51 additions and 26 deletions
--- a/nixos/machines/orbi/configuration.nix
+++ b/nixos/machines/orbi/configuration.nix
@ -68,19 +68,8 @@

  services.smartd.enable = true;

-  # Use GRUB2 as the boot loader.
-  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
-  boot.loader.systemd-boot.enable = false;
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = false;
-  };
-  boot.loader.grub.mirroredBoots = [
-    { path = "/boot-1"; devices = [ "/dev/sda" ]; }
-    { path = "/boot-2"; devices = [ "/dev/sdb" ]; }
-  ];
-
  boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
+
  boot.supportedFilesystems = [ "zfs" ];
  # head -c4 /dev/urandom | od -A none -t x4
  networking.hostId = "5bb982a6";
--- a/nixos/machines/orbi/disko-config.nix
+++ b/nixos/machines/orbi/disko-config.nix
@ -32,7 +32,7 @@ in
              content = {
                type = "filesystem";
                format = "vfat";
-                mountpoint = "/boot_${disk}";
+                mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
                mountOptions = [ "defaults" ];
              };
            }
@ -59,7 +59,7 @@ in
            {
              name = "zfs";
              start = "500GiB";
-              end  = "100%";
+              end = "100%";
              content = {
                type = "luks";
                settings = {
@ -77,7 +77,7 @@ in
            }
          ];
        };
-      } );
+      });


    zpool = {
--- a/nixos/machines/orbi/hardware-configuration.nix
+++ b/nixos/machines/orbi/hardware-configuration.nix
@ -1,14 +1,41 @@
+## Do not modify this file!  It was generated by ‘nixos-generate-config’
+## and may be overwritten by future invocations.  Please make changes
+## to /etc/nixos/configuration.nix instead.
+#{ config, lib, pkgs, modulesPath, ... }:
+#
+#{
+#  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+#
+#  boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
+#  boot.initrd.kernelModules = [ "dm-snapshot" ];
+#  boot.kernelModules = [ "kvm-intel" ];
+#  boot.extraModulePackages = [ ];
+#
+#}
+
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:

 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];

-  boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
--- a/nixos/machines/orbi/hetzner.nix
+++ b/nixos/machines/orbi/hetzner.nix
@ -30,19 +30,27 @@ in
  imports =
    [
      # Include the results of the hardware scan.
-      # ./hardware-configuration.nix
+      ./hardware-configuration.nix
    ];

  # needed lvm for raid
  #boot.initrd.kernelModules = [ ];
+  boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
+  boot.initrd.systemd.services.openssh = {
+    enable = true;
+  };

  # Use GRUB2 as the boot loader.
  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
-  #boot.loader.systemd-boot.enable = false;
-  #boot.loader.grub = {
-  #  enable = true;
-  #  efiSupport = false;
-  #};
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false;
+  };
+  boot.loader.grub.mirroredBoots = [
+    { path = "/boot"; devices = [ "/dev/sda" ]; }
+    { path = "/boot_sda"; devices = [ "/dev/sdb" ]; }
+  ];

  networking.hostName = hostName;

@ -91,9 +99,10 @@ in
    authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
    port = 2222;
    hostKeys = [
-      /etc/secrets/initrd/ssh_host_rsa_key
-      /etc/secrets/initrd/ssh_host_ed25519_key
+      /etc/ssh/ssh_host_rsa_key
+      /etc/ssh/ssh_host_ed25519_key
    ];
  };

+
 }