From 3993efb345cbd9f1368174eae6ee09e1b51484ea Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Sat, 24 Feb 2024 03:20:01 +0100
Subject: [PATCH] wip on orbi

---
 nixos/machines/orbi/configuration.nix         | 13 +-------
 nixos/machines/orbi/disko-config.nix          |  6 ++--
 .../machines/orbi/hardware-configuration.nix  | 33 +++++++++++++++++--
 nixos/machines/orbi/hetzner.nix               | 25 +++++++++-----
 4 files changed, 51 insertions(+), 26 deletions(-)

diff --git a/nixos/machines/orbi/configuration.nix b/nixos/machines/orbi/configuration.nix
index 9b64665..60375ea 100644
--- a/nixos/machines/orbi/configuration.nix
+++ b/nixos/machines/orbi/configuration.nix
@@ -68,19 +68,8 @@
 
   services.smartd.enable = true;
 
-  # Use GRUB2 as the boot loader.
-  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
-  boot.loader.systemd-boot.enable = false;
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = false;
-  };
-  boot.loader.grub.mirroredBoots = [
-    { path = "/boot-1"; devices = [ "/dev/sda" ]; }
-    { path = "/boot-2"; devices = [ "/dev/sdb" ]; }
-  ];
-
   boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
+
   boot.supportedFilesystems = [ "zfs" ];
   # head -c4 /dev/urandom | od -A none -t x4
   networking.hostId = "5bb982a6";
diff --git a/nixos/machines/orbi/disko-config.nix b/nixos/machines/orbi/disko-config.nix
index a3c5aec..4f7093c 100644
--- a/nixos/machines/orbi/disko-config.nix
+++ b/nixos/machines/orbi/disko-config.nix
@@ -32,7 +32,7 @@ in
               content = {
                 type = "filesystem";
                 format = "vfat";
-                mountpoint = "/boot_${disk}";
+                mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
                 mountOptions = [ "defaults" ];
               };
             }
@@ -59,7 +59,7 @@ in
             {
               name = "zfs";
               start = "500GiB";
-              end  = "100%";
+              end = "100%";
               content = {
                 type = "luks";
                 settings = {
@@ -77,7 +77,7 @@ in
             }
           ];
         };
-      } );
+      });
 
 
     zpool = {
diff --git a/nixos/machines/orbi/hardware-configuration.nix b/nixos/machines/orbi/hardware-configuration.nix
index 3a99b1b..5e9cebd 100644
--- a/nixos/machines/orbi/hardware-configuration.nix
+++ b/nixos/machines/orbi/hardware-configuration.nix
@@ -1,14 +1,41 @@
+## Do not modify this file!  It was generated by ‘nixos-generate-config’
+## and may be overwritten by future invocations.  Please make changes
+## to /etc/nixos/configuration.nix instead.
+#{ config, lib, pkgs, modulesPath, ... }:
+#
+#{
+#  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+#
+#  boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
+#  boot.initrd.kernelModules = [ "dm-snapshot" ];
+#  boot.kernelModules = [ "kvm-intel" ];
+#  boot.extraModulePackages = [ ];
+#
+#}
+
 # Do not modify this file!  It was generated by ‘nixos-generate-config’
 # and may be overwritten by future invocations.  Please make changes
 # to /etc/nixos/configuration.nix instead.
 { config, lib, pkgs, modulesPath, ... }:
 
 {
-  imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
+  imports =
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
+    ];
 
-  boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
+  boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
 }
diff --git a/nixos/machines/orbi/hetzner.nix b/nixos/machines/orbi/hetzner.nix
index 3acab2b..d3f4a9a 100644
--- a/nixos/machines/orbi/hetzner.nix
+++ b/nixos/machines/orbi/hetzner.nix
@@ -30,19 +30,27 @@ in
   imports =
     [
       # Include the results of the hardware scan.
-      # ./hardware-configuration.nix
+      ./hardware-configuration.nix
     ];
 
   # needed lvm for raid
   #boot.initrd.kernelModules = [ ];
+  boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
+  boot.initrd.systemd.services.openssh = {
+    enable = true;
+  };
 
   # Use GRUB2 as the boot loader.
   # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
-  #boot.loader.systemd-boot.enable = false;
-  #boot.loader.grub = {
-  #  enable = true;
-  #  efiSupport = false;
-  #};
+  boot.loader.systemd-boot.enable = false;
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false;
+  };
+  boot.loader.grub.mirroredBoots = [
+    { path = "/boot"; devices = [ "/dev/sda" ]; }
+    { path = "/boot_sda"; devices = [ "/dev/sdb" ]; }
+  ];
 
   networking.hostName = hostName;
 
@@ -91,9 +99,10 @@ in
     authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
     port = 2222;
     hostKeys = [
-      /etc/secrets/initrd/ssh_host_rsa_key
-      /etc/secrets/initrd/ssh_host_ed25519_key
+      /etc/ssh/ssh_host_rsa_key
+      /etc/ssh/ssh_host_ed25519_key
     ];
   };
 
+
 }