From 760c68c783b43c302822d5ce5025c68c99c34d62 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Mon, 27 Dec 2021 11:47:12 +0100
Subject: [PATCH] dedicated server script works now

---
 ...etzner-dedicated-wipe-and-install-nixos.sh | 30 ++++++++-----------
 1 file changed, 13 insertions(+), 17 deletions(-)

diff --git a/scripts/hetzner-dedicated-wipe-and-install-nixos.sh b/scripts/hetzner-dedicated-wipe-and-install-nixos.sh
index 31560a6..1be84b9 100644
--- a/scripts/hetzner-dedicated-wipe-and-install-nixos.sh
+++ b/scripts/hetzner-dedicated-wipe-and-install-nixos.sh
@@ -34,7 +34,7 @@
 # Notes https://mazzo.li/posts/hetzner-zfs.html
 
 # FIXME : change password
-MAIN_PASSWORD="KlEBgwLgksT71cfIixM3eNDjIaZgFFvMDY8EoBs1Il"
+MAIN_PASSWORD="YOLO"
 
 set -eu
 set -o pipefail
@@ -161,8 +161,8 @@ echo 0 > /proc/sys/dev/raid/speed_limit_max
 encrypt() {
   device=$1
   label=$2
-  echo $MAIN_PASSWORD | cryptsetup luksFormat ${device}3 -
-  echo $MAIN_PASSWORD | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
+  echo -n "$MAIN_PASSWORD" | cryptsetup luksFormat ${device}3 -
+  echo -n "$MAIN_PASSWORD" | cryptsetup --key-file - open --type luks ${device}3 ${label}_encrypted
 }
 
 encrypt /dev/sda "a"
@@ -305,7 +305,12 @@ in
     ];
 
   boot.initrd.availableKernelModules = [ "ahci" "sd_mod" ];
-  boot.initrd.kernelModules = [ "dm-snapshot" ];
+  boot.initrd.kernelModules = [
+   "dm-snapshot"
+   "dm_mirror"
+   "dm_raid"
+   "dm_region_hash"
+  ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
@@ -335,6 +340,7 @@ in
   # fileSystems."/boot-1".options = [ "nofail" ];
   # fileSystems."/boot-2".options = [ "nofail" ];
 
+  boot.initrd.luks.reusePassphrases = true;
   boot.initrd.luks.devices = {
     a_encrypted = {
       device = "/dev/sda3";
@@ -381,6 +387,7 @@ in
 
   # enable ssh on init
   # ------------------
+
   boot.kernelParams = [
     # See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
     # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
@@ -394,23 +401,12 @@ in
     authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
     port = 22;
     hostKeys = [
-    /etc/secrets/initrd/ssh_host_rsa_key
-    /etc/secrets/initrd/ssh_host_ed25519_key
+      /etc/secrets/initrd/ssh_host_rsa_key
+      /etc/secrets/initrd/ssh_host_ed25519_key
     ];
 
   };
 
-
-  # make sure ip address is set after in initrd
-  #boot.initrd.network.postCommands = ''
-  #  up ip addr add $IP_V4/32 dev eth0
-  #  #ip address add $IP_V4/32 dev eth0
-  #  #ip link set eth0 up
-  #  #ip address add $IP_V4/32 dev $NIXOS_INTERFACE
-  #  #ip link set eth0 up
-  #'';
-
-
 }
 EOF