dedicated server script works now

This commit is contained in:
Ingolf Wagner 2021-12-27 11:47:12 +01:00
parent a34de3739a
commit 760c68c783
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B

View file

@ -34,7 +34,7 @@
# Notes https://mazzo.li/posts/hetzner-zfs.html
# FIXME : change password
MAIN_PASSWORD="KlEBgwLgksT71cfIixM3eNDjIaZgFFvMDY8EoBs1Il"
MAIN_PASSWORD="YOLO"
set -eu
set -o pipefail
@ -161,8 +161,8 @@ echo 0 > /proc/sys/dev/raid/speed_limit_max
encrypt() {
device=$1
label=$2
echo $MAIN_PASSWORD | cryptsetup luksFormat ${device}3 -
echo $MAIN_PASSWORD | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
echo -n "$MAIN_PASSWORD" | cryptsetup luksFormat ${device}3 -
echo -n "$MAIN_PASSWORD" | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
}
encrypt /dev/sda "a"
@ -305,7 +305,12 @@ in
];
boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.initrd.kernelModules = [
"dm-snapshot"
"dm_mirror"
"dm_raid"
"dm_region_hash"
];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
@ -335,6 +340,7 @@ in
# fileSystems."/boot-1".options = [ "nofail" ];
# fileSystems."/boot-2".options = [ "nofail" ];
boot.initrd.luks.reusePassphrases = true;
boot.initrd.luks.devices = {
a_encrypted = {
device = "/dev/sda3";
@ -381,6 +387,7 @@ in
# enable ssh on init
# ------------------
boot.kernelParams = [
# See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
# ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
@ -394,23 +401,12 @@ in
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 22;
hostKeys = [
/etc/secrets/initrd/ssh_host_rsa_key
/etc/secrets/initrd/ssh_host_ed25519_key
/etc/secrets/initrd/ssh_host_rsa_key
/etc/secrets/initrd/ssh_host_ed25519_key
];
};
# make sure ip address is set after in initrd
#boot.initrd.network.postCommands = ''
# up ip addr add $IP_V4/32 dev eth0
# #ip address add $IP_V4/32 dev eth0
# #ip link set eth0 up
# #ip address add $IP_V4/32 dev $NIXOS_INTERFACE
# #ip link set eth0 up
#'';
}
EOF