mobi: create mobi system on usb stick
This commit is contained in:
parent
efbe61921e
commit
8bfbb60956
7 changed files with 132 additions and 14 deletions
14
assets/tinc/mobi_host_file
Normal file
14
assets/tinc/mobi_host_file
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
Ed25519PublicKey = 94CccmfAuNtQzopd5NiVYjTjZvSgabMh66BI/iyVmnJ
|
||||||
|
-----BEGIN RSA PUBLIC KEY-----
|
||||||
|
MIICCgKCAgEA8m9cBRv+9K8ywH19CZKDidwmzEa+2j3rkFjek+uPLVCHX5FlVQv+
|
||||||
|
flX5fY06DuaPzWKf4MoXHxmVa9T/WOcKZJUmhSJC2AVorhuPihOx0FNrQr69bamy
|
||||||
|
x03fiH0pHmDXumNdGMUcNf+06Zu2Nr9yze8rE1B97zb0RPBf+XC1uHw4E4PrWC/F
|
||||||
|
swibj9U45bp07wFvJrkAsngw4c6+TFERW6TK5DPKDQs7KfgdsqFGLvg2cY5phwC1
|
||||||
|
08HBC7eTf2xG6paaS7gEbhDMQ/K47Lbhbv2srnYfaBw5iyc8f29ZwEuNfE4V15B3
|
||||||
|
foz/kGAhceTuBKNCVvKvqSIL2yEsibFVyl7zlgGp3EKWuR5ETQAspJViGILwiyq6
|
||||||
|
iRYQ1AxxyroqS146CUAB8/68w0PwroKt8lXMEtx58S7/OAW0KnXGxwqSfocH+iE4
|
||||||
|
qry9pPuSs7RR6lXBB0nvSfTbaZDMUXtiyV24+pyZgl5Q31kDgUWgFpzGRBc/CTO2
|
||||||
|
h8OmUcvEyLxh3bruu0SQGXa35G1Igsumuh/uLifgHB/odLYY00PhEdpp52BswgXe
|
||||||
|
yz88nfXMOyvm7ROEyA7r2qruM1kEHDSQ8IRuxhd8YebyI7k6mYVE8CR5T89QfVl3
|
||||||
|
mrNk+f6Q/cpFiNBxr7+UBCiHix3/GDAD4NEgvu5nfqinTA34FuscTS8CAwEAAQ==
|
||||||
|
-----END RSA PUBLIC KEY-----
|
33
configs/mobi/configuration.nix
Normal file
33
configs/mobi/configuration.nix
Normal file
|
@ -0,0 +1,33 @@
|
||||||
|
{ config, pkgs, lib, ... }: {
|
||||||
|
|
||||||
|
imports = [
|
||||||
|
|
||||||
|
<system/desktop>
|
||||||
|
./hardware-configuration.nix
|
||||||
|
|
||||||
|
./tinc.nix
|
||||||
|
|
||||||
|
];
|
||||||
|
|
||||||
|
system.custom.wifi.interfaces = [ ];
|
||||||
|
|
||||||
|
networking.hostName = "mobi";
|
||||||
|
|
||||||
|
security.wrappers = {
|
||||||
|
pmount.source = "${pkgs.pmount}/bin/pmount";
|
||||||
|
pumount.source = "${pkgs.pmount}/bin/pumount";
|
||||||
|
};
|
||||||
|
|
||||||
|
# fonts
|
||||||
|
# -----
|
||||||
|
programs.custom.urxvt.fontSize = 12;
|
||||||
|
programs.custom.xterm.fontSize = 12;
|
||||||
|
system.custom.fonts.dpi = 100;
|
||||||
|
|
||||||
|
configuration.desktop = {
|
||||||
|
width = 1366;
|
||||||
|
height = 768;
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
||||||
|
|
59
configs/mobi/hardware-configuration.nix
Normal file
59
configs/mobi/hardware-configuration.nix
Normal file
|
@ -0,0 +1,59 @@
|
||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules =
|
||||||
|
[ "ehci_pci" "ahci" "xhci_pci" "usb_storage" "sd_mod" "sdhci_pci" ];
|
||||||
|
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
# efi boot loader configuration using grub
|
||||||
|
boot.loader.efi.canTouchEfiVariables = false;
|
||||||
|
boot.loader.grub = {
|
||||||
|
device = "nodev";
|
||||||
|
efiInstallAsRemovable = true;
|
||||||
|
efiSupport = true;
|
||||||
|
enable = true;
|
||||||
|
version = 2;
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/share/" = {
|
||||||
|
device = "/dev/ram1";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
};
|
||||||
|
|
||||||
|
powerManagement.cpuFreqGovernor = lib.mkDefault "powersave";
|
||||||
|
|
||||||
|
# NTFS support
|
||||||
|
# ------------
|
||||||
|
environment.systemPackages = [ pkgs.ntfs3g ];
|
||||||
|
|
||||||
|
# lvm volume group
|
||||||
|
# ----------------
|
||||||
|
boot.initrd.luks.devices = [{
|
||||||
|
name = "secure_vg";
|
||||||
|
device = "/dev/disk/by-uuid/e138095f-c703-4dea-bb1c-bf888b8e1b81";
|
||||||
|
preLVM = true;
|
||||||
|
}];
|
||||||
|
|
||||||
|
# root
|
||||||
|
# ----
|
||||||
|
fileSystems."/" = {
|
||||||
|
options = [ "noatime" "nodiratime" "discard" ];
|
||||||
|
device = "/dev/secure_vg/root";
|
||||||
|
fsType = "ext4";
|
||||||
|
};
|
||||||
|
|
||||||
|
# boot
|
||||||
|
# ----
|
||||||
|
fileSystems."/boot" = {
|
||||||
|
device = "/dev/disk/by-uuid/064D-3144";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
14
configs/mobi/tinc.nix
Normal file
14
configs/mobi/tinc.nix
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
{ config, lib, pkgs, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
{
|
||||||
|
module.cluster.services.tinc = {
|
||||||
|
"private" = {
|
||||||
|
enable = true;
|
||||||
|
openPort = true;
|
||||||
|
connectTo = [ "sputnik" ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
}
|
|
@ -13,7 +13,7 @@
|
||||||
boot.kernelModules = [ "kvm-intel" ];
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
boot.extraModulePackages = [ ];
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
# Use the systemd-boot EFI boot loader.
|
# Use the systemd-boot EFI boot loader, not grub
|
||||||
boot.loader.systemd-boot.enable = true;
|
boot.loader.systemd-boot.enable = true;
|
||||||
boot.loader.efi.canTouchEfiVariables = true;
|
boot.loader.efi.canTouchEfiVariables = true;
|
||||||
|
|
||||||
|
|
19
shell.nix
19
shell.nix
|
@ -1,5 +1,8 @@
|
||||||
let
|
let
|
||||||
|
|
||||||
|
# host used to install stuff. (can be an onion id if you use torify)
|
||||||
|
installHost = "localhost";
|
||||||
|
|
||||||
#ops = import ../plops ;
|
#ops = import ../plops ;
|
||||||
ops = import ((import <nixpkgs> { }).fetchgit {
|
ops = import ((import <nixpkgs> { }).fetchgit {
|
||||||
url = "https://github.com/mrVanDalo/plops.git";
|
url = "https://github.com/mrVanDalo/plops.git";
|
||||||
|
@ -131,14 +134,6 @@ let
|
||||||
switch
|
switch
|
||||||
];
|
];
|
||||||
|
|
||||||
serverPushSecrets = name:
|
|
||||||
{ host ? (hostPattern name), user ? "root" }:
|
|
||||||
with ops;
|
|
||||||
jobs "push-${name}" "${user}@${host}" [
|
|
||||||
(populateTmpfs (source.keys name))
|
|
||||||
(populate (source.secrets name))
|
|
||||||
];
|
|
||||||
|
|
||||||
desktopDeployment = name:
|
desktopDeployment = name:
|
||||||
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
|
{ host ? (hostPattern name), target ? "/var/src/", user ? "root"
|
||||||
, commandPrefix ? "deploy", enableSwitch ? true }:
|
, commandPrefix ? "deploy", enableSwitch ? true }:
|
||||||
|
@ -172,20 +167,18 @@ let
|
||||||
let
|
let
|
||||||
serverList = [ "workhorse" "sputnik" "porani" ];
|
serverList = [ "workhorse" "sputnik" "porani" ];
|
||||||
deployments = flip map serverList (name: serverDeployment name { });
|
deployments = flip map serverList (name: serverDeployment name { });
|
||||||
secretPushes = flip map serverList (name: serverPushSecrets name { });
|
|
||||||
cleanup = flip map serverList (name: cleanupNix name);
|
cleanup = flip map serverList (name: cleanupNix name);
|
||||||
in deployments ++ secretPushes ++ cleanup;
|
in deployments ++ cleanup;
|
||||||
|
|
||||||
desktops = with lib;
|
desktops = with lib;
|
||||||
let
|
let
|
||||||
desktopList = [ "pepe" "workout" "sterni" ];
|
desktopList = [ "pepe" "workout" "sterni" "mobi" ];
|
||||||
deployments = flip map desktopList (name: desktopDeployment name { });
|
deployments = flip map desktopList (name: desktopDeployment name { });
|
||||||
cleanup = flip map desktopList (name: cleanupNix name);
|
cleanup = flip map desktopList (name: cleanupNix name);
|
||||||
install = flip map desktopList (name:
|
install = flip map desktopList (name:
|
||||||
desktopDeployment name {
|
desktopDeployment name {
|
||||||
commandPrefix = "install";
|
commandPrefix = "install";
|
||||||
host =
|
host = installHost;
|
||||||
"wz7tdziakduqtmqbbt65ttmmj2q23jkjdyeyg2vfwe52vbvsp6tjimqd.onion";
|
|
||||||
target = "/mnt/var/src";
|
target = "/mnt/var/src";
|
||||||
enableSwitch = false;
|
enableSwitch = false;
|
||||||
});
|
});
|
||||||
|
|
|
@ -43,6 +43,7 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
# nix-shell -p tinc_pre --run "tinc --config . generate-keys 4096"
|
||||||
"private" = {
|
"private" = {
|
||||||
networkSubnet = "10.23.42.0/24";
|
networkSubnet = "10.23.42.0/24";
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
|
@ -64,6 +65,10 @@ in {
|
||||||
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
|
# publicKey = lib.fileContents <assets/tinc/sterni_host_file>;
|
||||||
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
|
publicKey = lib.fileContents <assets/tinc/workout_host_file>;
|
||||||
};
|
};
|
||||||
|
mobi = {
|
||||||
|
tincIp = "10.23.42.23";
|
||||||
|
publicKey = lib.fileContents <assets/tinc/mobi_host_file>;
|
||||||
|
};
|
||||||
porani = {
|
porani = {
|
||||||
tincIp = "10.23.42.31";
|
tincIp = "10.23.42.31";
|
||||||
publicKey = lib.fileContents <assets/tinc/porani_host_file>;
|
publicKey = lib.fileContents <assets/tinc/porani_host_file>;
|
||||||
|
|
Loading…
Reference in a new issue