palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

wip on orbi

Browse source
This commit is contained in:
Ingolf Wagner 2024-02-24 03:20:01 +01:00
parent d6a51195f0
commit 3993efb345
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 51 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/machines/orbi/configuration.nix
View file

@ -68,19 +68,8 @@
services.smartd.enable = true; services.smartd.enable = true;
# Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
boot.loader.systemd-boot.enable = false;
boot.loader.grub = {
enable = true;
efiSupport = false;
};
boot.loader.grub.mirroredBoots = [
{ path = "/boot-1"; devices = [ "/dev/sda" ]; }
{ path = "/boot-2"; devices = [ "/dev/sdb" ]; }
];
boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!)
boot.supportedFilesystems = [ "zfs" ]; boot.supportedFilesystems = [ "zfs" ];
# head -c4 /dev/urandom | od -A none -t x4 # head -c4 /dev/urandom | od -A none -t x4
networking.hostId = "5bb982a6"; networking.hostId = "5bb982a6";

6
nixos/machines/orbi/disko-config.nix
View file

@ -32,7 +32,7 @@ in
content = { content = {
type = "filesystem"; type = "filesystem";
format = "vfat"; format = "vfat";
mountpoint = "/boot_${disk}"; mountpoint = if disk == "sda" then "/boot" else "/boot_${disk}";
mountOptions = [ "defaults" ]; mountOptions = [ "defaults" ];
}; };
} }
@ -59,7 +59,7 @@ in
{ {
name = "zfs"; name = "zfs";
start = "500GiB"; start = "500GiB";
end = "100%"; end = "100%";
content = { content = {
type = "luks"; type = "luks";
settings = { settings = {
@ -77,7 +77,7 @@ in
} }
]; ];
}; };
} ); });
zpool = { zpool = {

33
nixos/machines/orbi/hardware-configuration.nix
View file

@ -1,14 +1,41 @@
## Do not modify this file! It was generated by nixos-generate-config
## and may be overwritten by future invocations. Please make changes
## to /etc/nixos/configuration.nix instead.
#{ config, lib, pkgs, modulesPath, ... }:
#
#{
# imports = [ (modulesPath + "/installer/scan/not-detected.nix") ];
#
# boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
# boot.initrd.kernelModules = [ "dm-snapshot" ];
# boot.kernelModules = [ "kvm-intel" ];
# boot.extraModulePackages = [ ];
#
#}
# Do not modify this file! It was generated by nixos-generate-config # Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes # and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead. # to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, modulesPath, ... }: { config, lib, pkgs, modulesPath, ... }:
{ {
imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; imports =
[
(modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "usbhid" ];
boot.initrd.kernelModules = [ "dm-snapshot" ]; boot.initrd.kernelModules = [ ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ]; boot.extraModulePackages = [ ];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
networking.useDHCP = lib.mkDefault true;
# networking.interfaces.enp0s31f6.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
} }

25
nixos/machines/orbi/hetzner.nix
View file

@ -30,19 +30,27 @@ in
imports = imports =
[ [
# Include the results of the hardware scan. # Include the results of the hardware scan.
# ./hardware-configuration.nix ./hardware-configuration.nix
]; ];
# needed lvm for raid # needed lvm for raid
#boot.initrd.kernelModules = [ ]; #boot.initrd.kernelModules = [ ];
boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
boot.initrd.systemd.services.openssh = {
enable = true;
};
# Use GRUB2 as the boot loader. # Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot. # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
#boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;
#boot.loader.grub = { boot.loader.grub = {
# enable = true; enable = true;
# efiSupport = false; efiSupport = false;
#}; };
boot.loader.grub.mirroredBoots = [
{ path = "/boot"; devices = [ "/dev/sda" ]; }
{ path = "/boot_sda"; devices = [ "/dev/sdb" ]; }
];
networking.hostName = hostName; networking.hostName = hostName;
@ -91,9 +99,10 @@ in
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222; port = 2222;
hostKeys = [ hostKeys = [
/etc/secrets/initrd/ssh_host_rsa_key /etc/ssh/ssh_host_rsa_key
/etc/secrets/initrd/ssh_host_ed25519_key /etc/ssh/ssh_host_ed25519_key
]; ];
}; };
} }