mobi: create mobi system on usb stick

This commit is contained in:
Ingolf Wagner 2020-01-24 23:19:48 +13:00
parent efbe61921e
commit 8bfbb60956
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
7 changed files with 132 additions and 14 deletions

View file

@ -0,0 +1,14 @@
Ed25519PublicKey = 94CccmfAuNtQzopd5NiVYjTjZvSgabMh66BI/iyVmnJ
-----BEGIN RSA PUBLIC KEY-----
MIICCgKCAgEA8m9cBRv+9K8ywH19CZKDidwmzEa+2j3rkFjek+uPLVCHX5FlVQv+
flX5fY06DuaPzWKf4MoXHxmVa9T/WOcKZJUmhSJC2AVorhuPihOx0FNrQr69bamy
x03fiH0pHmDXumNdGMUcNf+06Zu2Nr9yze8rE1B97zb0RPBf+XC1uHw4E4PrWC/F
swibj9U45bp07wFvJrkAsngw4c6+TFERW6TK5DPKDQs7KfgdsqFGLvg2cY5phwC1
08HBC7eTf2xG6paaS7gEbhDMQ/K47Lbhbv2srnYfaBw5iyc8f29ZwEuNfE4V15B3
foz/kGAhceTuBKNCVvKvqSIL2yEsibFVyl7zlgGp3EKWuR5ETQAspJViGILwiyq6
iRYQ1AxxyroqS146CUAB8/68w0PwroKt8lXMEtx58S7/OAW0KnXGxwqSfocH+iE4
qry9pPuSs7RR6lXBB0nvSfTbaZDMUXtiyV24+pyZgl5Q31kDgUWgFpzGRBc/CTO2
h8OmUcvEyLxh3bruu0SQGXa35G1Igsumuh/uLifgHB/odLYY00PhEdpp52BswgXe
yz88nfXMOyvm7ROEyA7r2qruM1kEHDSQ8IRuxhd8YebyI7k6mYVE8CR5T89QfVl3
mrNk+f6Q/cpFiNBxr7+UBCiHix3/GDAD4NEgvu5nfqinTA34FuscTS8CAwEAAQ==
-----END RSA PUBLIC KEY-----

View file

@ -0,0 +1,33 @@
{ config, pkgs, lib, ... }: {
imports = [
<system/desktop>
./hardware-configuration.nix
./tinc.nix
];
system.custom.wifi.interfaces = [ ];
networking.hostName = "mobi";
security.wrappers = {
pmount.source = "${pkgs.pmount}/bin/pmount";
pumount.source = "${pkgs.pmount}/bin/pumount";
};
# fonts
# -----
programs.custom.urxvt.fontSize = 12;
programs.custom.xterm.fontSize = 12;
system.custom.fonts.dpi = 100;
configuration.desktop = {
width = 1366;
height = 768;
};
}

View file

@ -0,0 +1,59 @@
# Do not modify this file! It was generated by nixos-generate-config
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{ config, lib, pkgs, ... }:
{
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
boot.initrd.availableKernelModules =
[ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# efi boot loader configuration using grub
boot.loader.efi.canTouchEfiVariables = false;
boot.loader.grub = {
device = "nodev";
efiInstallAsRemovable = true;
efiSupport = true;
enable = true;
version = 2;
};
fileSystems."/share/" = {
device = "/dev/ram1";
fsType = "tmpfs";
};
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
# NTFS support
# ------------
environment.systemPackages = [ pkgs.ntfs3g ];
# lvm volume group
# ----------------
boot.initrd.luks.devices = [{
name = "secure_vg";
device = "/dev/disk/by-uuid/e138095f-c703-4dea-bb1c-bf888b8e1b81";
preLVM = true;
}];
# root
# ----
fileSystems."/" = {
options = [ "noatime" "nodiratime" "discard" ];
device = "/dev/secure_vg/root";
fsType = "ext4";
};
# boot
# ----
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/064D-3144";
fsType = "vfat";
};
}

14
configs/mobi/tinc.nix Normal file
View file

@ -0,0 +1,14 @@
{ config, lib, pkgs, ... }:
with lib;
{
module.cluster.services.tinc = {
"private" = {
enable = true;
openPort = true;
connectTo = [ "sputnik" ];
};
};
}

View file

@ -13,7 +13,7 @@
boot.kernelModules = [ "kvm-intel" ];
boot.extraModulePackages = [ ];
# Use the systemd-boot EFI boot loader.
# Use the systemd-boot EFI boot loader, not grub
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;

View file

@ -1,5 +1,8 @@
let
# host used to install stuff. (can be an onion id if you use torify)
installHost = "localhost";
#ops = import ../plops ;
ops = import ((import <nixpkgs> { }).fetchgit {
url = "https://github.com/mrVanDalo/plops.git";
@ -131,14 +134,6 @@ let
switch
];
serverPushSecrets = name:
{ host ? (hostPattern name), user ? "root" }:
with ops;
jobs "push-${name}" "${user}@${host}" [
(populateTmpfs (source.keys name))
(populate (source.secrets name))
];
desktopDeployment = name:
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
, commandPrefix ? "deploy", enableSwitch ? true }:
@ -172,20 +167,18 @@ let
let
serverList = [ "workhorse" "sputnik" "porani" ];
deployments = flip map serverList (name: serverDeployment name { });
secretPushes = flip map serverList (name: serverPushSecrets name { });
cleanup = flip map serverList (name: cleanupNix name);
in deployments ++ secretPushes ++ cleanup;
in deployments ++ cleanup;
desktops = with lib;
let
desktopList = [ "pepe" "workout" "sterni" ];
desktopList = [ "pepe" "workout" "sterni" "mobi" ];
deployments = flip map desktopList (name: desktopDeployment name { });
cleanup = flip map desktopList (name: cleanupNix name);
install = flip map desktopList (name:
desktopDeployment name {
commandPrefix = "install";
host =
"wz7tdziakduqtmqbbt65ttmmj2q23jkjdyeyg2vfwe52vbvsp6tjimqd.onion";
host = installHost;
target = "/mnt/var/src";
enableSwitch = false;
});

View file

@ -43,6 +43,7 @@ in {
};
};
};
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
"private" = {
networkSubnet = "10.23.42.0/24";
extraConfig = ''
@ -64,6 +65,10 @@ in {
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
};
mobi = {
tincIp = "10.23.42.23";
publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
};
porani = {
tincIp = "10.23.42.31";
publicKey = lib.fileContents <assets/tinc/porani_host_file>;