Now it works like it should be with orbi
parent
41c802081a
commit
aa288642e0
GPG Key ID:
76BF5F1928B9618B
|
|
@ -1,4 +1,4 @@
|
|||
{ pkgs, lib, ... }:
|
||||
{ pkgs, lib, config, ... }:
|
||||
with lib;
|
||||
{
|
||||
options.components.gui = {
|
||||
|
|
@ -23,5 +23,6 @@ with lib;
|
|||
|
||||
config = mkIf config.components.gui.enable {
|
||||
# todo extract xorg stuff to prepare wayland
|
||||
environment.enableAllTerminfo = true;
|
||||
};
|
||||
}
|
||||
|
|
|
|||
|
|
@ -17,6 +17,8 @@ with lib;
|
|||
wget
|
||||
curl
|
||||
|
||||
gimoji
|
||||
|
||||
# todo : configure this properly
|
||||
tldr
|
||||
|
||||
|
|
|
|||
|
|
@ -2,13 +2,13 @@
|
|||
|
||||
let
|
||||
|
||||
|
||||
# in rescue shell
|
||||
# ---------------
|
||||
# apt install -y lshw
|
||||
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
|
||||
|
||||
networkInterfaceModule = "r8169";
|
||||
|
||||
networkInterface = "enp3s0";
|
||||
networkInterfaceModule = "e1000e";
|
||||
# ip addr
|
||||
networkInterface = "enp0s31f6";
|
||||
|
||||
# From the Hetzner control panel
|
||||
ipv4 = {
|
||||
|
|
@ -27,21 +27,14 @@ in
|
|||
|
||||
{
|
||||
|
||||
imports = [
|
||||
imports = [
|
||||
./disko-config.nix
|
||||
./hardware-configuration.nix
|
||||
];
|
||||
];
|
||||
|
||||
# luks unlock zeug
|
||||
#boot.initrd.kernelModules = [ ];
|
||||
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
|
||||
#boot.initrd.systemd.services.openssh = {
|
||||
# enable = true;
|
||||
#};
|
||||
|
||||
# Use GRUB2 as the boot loader.
|
||||
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
||||
#boot.loader.systemd-boot.enable = true;
|
||||
boot.loader.grub = {
|
||||
enable = true;
|
||||
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
|
||||
|
|
@ -61,7 +54,6 @@ imports = [
|
|||
#networking.defaultGateway = ipv4.gateway;
|
||||
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
|
||||
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
||||
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
|
||||
|
||||
# Initial empty root password for easy login:
|
||||
users.users.root.initialHashedPassword = "";
|
||||
|
|
@ -89,18 +81,43 @@ imports = [
|
|||
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
|
||||
#];
|
||||
|
||||
#boot.kernelParams = [ "ip=dhcp" ];
|
||||
#boot.initrd.availableKernelModules = [ networkInterfaceModule ];
|
||||
#boot.initrd.network.enable = true;
|
||||
#boot.initrd.network.ssh = {
|
||||
# luks unlock zeug
|
||||
#boot.initrd.systemd.services.openssh = {
|
||||
# enable = true;
|
||||
# authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
# port = 2222;
|
||||
# hostKeys = [
|
||||
# /etc/ssh/ssh_host_rsa_key
|
||||
# /etc/ssh/ssh_host_ed25519_key
|
||||
# ];
|
||||
#};
|
||||
#unlock_root(){
|
||||
# pw=$(rbw get 'zfs encryption')
|
||||
# ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent"
|
||||
#}
|
||||
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
|
||||
|
||||
#boot.kernelParams = [ "ip=dhcp" ];
|
||||
boot.initrd.kernelModules = [ networkInterfaceModule ];
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
port = 2222;
|
||||
hostKeys = [
|
||||
# make sure you use --copy-host-keys during nixos-anywhere
|
||||
# (you can create ne ssh keys later, again)
|
||||
/etc/ssh/ssh_host_rsa_key
|
||||
/etc/ssh/ssh_host_ed25519_key
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
|
||||
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
|
||||
boot.initrd.systemd.enable = true;
|
||||
|
||||
# root shell if not booting (usefull for debugging), but hijacks luks unlock
|
||||
#boot.initrd.systemd.emergencyAccess = true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
|
|
|||
|
|
@ -41,39 +41,39 @@ in
|
|||
root = {
|
||||
priority = 10;
|
||||
size = "500G";
|
||||
# content = {
|
||||
# type = "luks";
|
||||
# name = "root_${disk}";
|
||||
# settings = {
|
||||
# # if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# # for example use `echo -n "password" > /run/secret.key`
|
||||
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
||||
# keyFile = "/run/secret.key";
|
||||
# allowDiscards = true;
|
||||
# };
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
type = "luks";
|
||||
name = "root_${disk}";
|
||||
settings = {
|
||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# for example use `echo -n "password" > /run/secret.key`
|
||||
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
||||
keyFile = "/run/secret.key";
|
||||
allowDiscards = true;
|
||||
};
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zroot";
|
||||
};
|
||||
};
|
||||
# };
|
||||
};
|
||||
media = {
|
||||
priority = 50;
|
||||
size = "100%";
|
||||
# content = {
|
||||
# type = "luks";
|
||||
# settings = {
|
||||
# # if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# # for example use `echo -n "password" > /run/secret.key`
|
||||
# keyFile = "/run/secret.key";
|
||||
# allowDiscards = true;
|
||||
# };
|
||||
# name = "media_${disk}";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zmedia";
|
||||
type = "luks";
|
||||
settings = {
|
||||
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||
# for example use `echo -n "password" > /run/secret.key`
|
||||
keyFile = "/run/secret.key";
|
||||
allowDiscards = true;
|
||||
};
|
||||
name = "media_${disk}";
|
||||
content = {
|
||||
type = "zfs";
|
||||
pool = "zmedia";
|
||||
};
|
||||
};
|
||||
# };
|
||||
};
|
||||
};
|
||||
};
|
||||
|
|
|
|||
Loading…
Reference in New Issue