diff --git a/nixos/components/gui/default.nix b/nixos/components/gui/default.nix index 3b648c7..1a0907e 100644 --- a/nixos/components/gui/default.nix +++ b/nixos/components/gui/default.nix @@ -1,4 +1,4 @@ -{ pkgs, lib, ... }: +{ pkgs, lib, config, ... }: with lib; { options.components.gui = { @@ -23,5 +23,6 @@ with lib; config = mkIf config.components.gui.enable { # todo extract xorg stuff to prepare wayland + environment.enableAllTerminfo = true; }; } diff --git a/nixos/homes/common/packages.nix b/nixos/homes/common/packages.nix index 8b1431e..61be173 100644 --- a/nixos/homes/common/packages.nix +++ b/nixos/homes/common/packages.nix @@ -17,6 +17,8 @@ with lib; wget curl + gimoji + # todo : configure this properly tldr diff --git a/nixos/machines/orbi/hardware-configuration/default.nix b/nixos/machines/orbi/hardware-configuration/default.nix index 4612ed5..acb46ab 100644 --- a/nixos/machines/orbi/hardware-configuration/default.nix +++ b/nixos/machines/orbi/hardware-configuration/default.nix @@ -2,13 +2,13 @@ let - + # in rescue shell + # --------------- # apt install -y lshw # lshw -C network | grep -Poh 'driver=[[:alnum:]]+' - - networkInterfaceModule = "r8169"; - - networkInterface = "enp3s0"; + networkInterfaceModule = "e1000e"; + # ip addr + networkInterface = "enp0s31f6"; # From the Hetzner control panel ipv4 = { @@ -27,21 +27,14 @@ in { -imports = [ + imports = [ ./disko-config.nix ./hardware-configuration.nix -]; + ]; - # luks unlock zeug - #boot.initrd.kernelModules = [ ]; - #boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; - #boot.initrd.systemd.services.openssh = { - # enable = true; - #}; # Use GRUB2 as the boot loader. # We don't use systemd-boot because Hetzner uses BIOS legacy boot. - #boot.loader.systemd-boot.enable = true; boot.loader.grub = { enable = true; efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. @@ -61,7 +54,6 @@ imports = [ #networking.defaultGateway = ipv4.gateway; #networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; }; #networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; - systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address; # Initial empty root password for easy login: users.users.root.initialHashedPassword = ""; @@ -89,18 +81,43 @@ imports = [ # "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" #]; - #boot.kernelParams = [ "ip=dhcp" ]; - #boot.initrd.availableKernelModules = [ networkInterfaceModule ]; - #boot.initrd.network.enable = true; - #boot.initrd.network.ssh = { + # luks unlock zeug + #boot.initrd.systemd.services.openssh = { # enable = true; - # authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; - # port = 2222; - # hostKeys = [ - # /etc/ssh/ssh_host_rsa_key - # /etc/ssh/ssh_host_ed25519_key - # ]; #}; + #unlock_root(){ + # pw=$(rbw get 'zfs encryption') + # ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent" + #} + #boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass"; + #boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd.kernelModules = [ networkInterfaceModule ]; + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; + port = 2222; + hostKeys = [ + # make sure you use --copy-host-keys during nixos-anywhere + # (you can create ne ssh keys later, again) + /etc/ssh/ssh_host_rsa_key + /etc/ssh/ssh_host_ed25519_key + ]; + }; + }; + systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address; + boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink"; + boot.initrd.systemd.enable = true; + + # root shell if not booting (usefull for debugging), but hijacks luks unlock + #boot.initrd.systemd.emergencyAccess = true; } + + + + + + diff --git a/nixos/machines/orbi/hardware-configuration/disko-config.nix b/nixos/machines/orbi/hardware-configuration/disko-config.nix index 891b501..cffd70b 100644 --- a/nixos/machines/orbi/hardware-configuration/disko-config.nix +++ b/nixos/machines/orbi/hardware-configuration/disko-config.nix @@ -41,39 +41,39 @@ in root = { priority = 10; size = "500G"; - # content = { - # type = "luks"; - # name = "root_${disk}"; - # settings = { - # # if you want to use the key for interactive login be sure there is no trailing newline - # # for example use `echo -n "password" > /run/secret.key` - # # or use nixos-anywhere --disk-encryption-keys /run/secret.key - # keyFile = "/run/secret.key"; - # allowDiscards = true; - # }; content = { - type = "zfs"; - pool = "zroot"; + type = "luks"; + name = "root_${disk}"; + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /run/secret.key` + # or use nixos-anywhere --disk-encryption-keys /run/secret.key + keyFile = "/run/secret.key"; + allowDiscards = true; + }; + content = { + type = "zfs"; + pool = "zroot"; + }; }; - # }; }; media = { priority = 50; size = "100%"; - # content = { - # type = "luks"; - # settings = { - # # if you want to use the key for interactive login be sure there is no trailing newline - # # for example use `echo -n "password" > /run/secret.key` - # keyFile = "/run/secret.key"; - # allowDiscards = true; - # }; - # name = "media_${disk}"; content = { - type = "zfs"; - pool = "zmedia"; + type = "luks"; + settings = { + # if you want to use the key for interactive login be sure there is no trailing newline + # for example use `echo -n "password" > /run/secret.key` + keyFile = "/run/secret.key"; + allowDiscards = true; + }; + name = "media_${disk}"; + content = { + type = "zfs"; + pool = "zmedia"; + }; }; - # }; }; }; };