dedicated server script works now
parent
a34de3739a
commit
760c68c783
GPG Key ID:
76BF5F1928B9618B
|
|
@ -34,7 +34,7 @@
|
|||
# Notes https://mazzo.li/posts/hetzner-zfs.html
|
||||
|
||||
# FIXME : change password
|
||||
MAIN_PASSWORD="KlEBgwLgksT71cfIixM3eNDjIaZgFFvMDY8EoBs1Il"
|
||||
MAIN_PASSWORD="YOLO"
|
||||
|
||||
set -eu
|
||||
set -o pipefail
|
||||
|
|
@ -161,8 +161,8 @@ echo 0 > /proc/sys/dev/raid/speed_limit_max
|
|||
encrypt() {
|
||||
device=$1
|
||||
label=$2
|
||||
echo $MAIN_PASSWORD | cryptsetup luksFormat ${device}3 -
|
||||
echo $MAIN_PASSWORD | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
|
||||
echo -n "$MAIN_PASSWORD" | cryptsetup luksFormat ${device}3 -
|
||||
echo -n "$MAIN_PASSWORD" | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
|
||||
}
|
||||
|
||||
encrypt /dev/sda "a"
|
||||
|
|
@ -305,7 +305,12 @@ in
|
|||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.initrd.kernelModules = [
|
||||
"dm-snapshot"
|
||||
"dm_mirror"
|
||||
"dm_raid"
|
||||
"dm_region_hash"
|
||||
];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
|
|
@ -335,6 +340,7 @@ in
|
|||
# fileSystems."/boot-1".options = [ "nofail" ];
|
||||
# fileSystems."/boot-2".options = [ "nofail" ];
|
||||
|
||||
boot.initrd.luks.reusePassphrases = true;
|
||||
boot.initrd.luks.devices = {
|
||||
a_encrypted = {
|
||||
device = "/dev/sda3";
|
||||
|
|
@ -381,6 +387,7 @@ in
|
|||
|
||||
# enable ssh on init
|
||||
# ------------------
|
||||
|
||||
boot.kernelParams = [
|
||||
# See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
|
||||
# ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
|
||||
|
|
@ -394,23 +401,12 @@ in
|
|||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
port = 22;
|
||||
hostKeys = [
|
||||
/etc/secrets/initrd/ssh_host_rsa_key
|
||||
/etc/secrets/initrd/ssh_host_ed25519_key
|
||||
/etc/secrets/initrd/ssh_host_rsa_key
|
||||
/etc/secrets/initrd/ssh_host_ed25519_key
|
||||
];
|
||||
|
||||
};
|
||||
|
||||
|
||||
# make sure ip address is set after in initrd
|
||||
#boot.initrd.network.postCommands = ''
|
||||
# up ip addr add $IP_V4/32 dev eth0
|
||||
# #ip address add $IP_V4/32 dev eth0
|
||||
# #ip link set eth0 up
|
||||
# #ip address add $IP_V4/32 dev $NIXOS_INTERFACE
|
||||
# #ip link set eth0 up
|
||||
#'';
|
||||
|
||||
|
||||
}
|
||||
EOF
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue