Now it works like it should be with orbi

This commit is contained in:
Ingolf Wagner 2024-02-29 00:32:48 +01:00
parent 41c802081a
commit aa288642e0
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 71 additions and 51 deletions

View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }: { pkgs, lib, config, ... }:
with lib; with lib;
{ {
options.components.gui = { options.components.gui = {
@ -23,5 +23,6 @@ with lib;
config = mkIf config.components.gui.enable { config = mkIf config.components.gui.enable {
# todo extract xorg stuff to prepare wayland # todo extract xorg stuff to prepare wayland
environment.enableAllTerminfo = true;
}; };
} }

View file

@ -17,6 +17,8 @@ with lib;
wget wget
curl curl
gimoji
# todo : configure this properly # todo : configure this properly
tldr tldr

View file

@ -2,13 +2,13 @@
let let
# in rescue shell
# ---------------
# apt install -y lshw # apt install -y lshw
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+' # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
networkInterfaceModule = "e1000e";
networkInterfaceModule = "r8169"; # ip addr
networkInterface = "enp0s31f6";
networkInterface = "enp3s0";
# From the Hetzner control panel # From the Hetzner control panel
ipv4 = { ipv4 = {
@ -32,16 +32,9 @@ imports = [
./hardware-configuration.nix ./hardware-configuration.nix
]; ];
# luks unlock zeug
#boot.initrd.kernelModules = [ ];
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
#boot.initrd.systemd.services.openssh = {
# enable = true;
#};
# Use GRUB2 as the boot loader. # Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot. # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
#boot.loader.systemd-boot.enable = true;
boot.loader.grub = { boot.loader.grub = {
enable = true; enable = true;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
@ -61,7 +54,6 @@ imports = [
#networking.defaultGateway = ipv4.gateway; #networking.defaultGateway = ipv4.gateway;
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; }; #networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ]; #networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
# Initial empty root password for easy login: # Initial empty root password for easy login:
users.users.root.initialHashedPassword = ""; users.users.root.initialHashedPassword = "";
@ -89,18 +81,43 @@ imports = [
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8" # "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
#]; #];
#boot.kernelParams = [ "ip=dhcp" ]; # luks unlock zeug
#boot.initrd.availableKernelModules = [ networkInterfaceModule ]; #boot.initrd.systemd.services.openssh = {
#boot.initrd.network.enable = true;
#boot.initrd.network.ssh = {
# enable = true; # enable = true;
# authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
# port = 2222;
# hostKeys = [
# /etc/ssh/ssh_host_rsa_key
# /etc/ssh/ssh_host_ed25519_key
# ];
#}; #};
#unlock_root(){
# pw=$(rbw get 'zfs encryption')
# ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent"
#}
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
#boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.kernelModules = [ networkInterfaceModule ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [
# make sure you use --copy-host-keys during nixos-anywhere
# (you can create ne ssh keys later, again)
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key
];
};
};
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
boot.initrd.systemd.enable = true;
# root shell if not booting (usefull for debugging), but hijacks luks unlock
#boot.initrd.systemd.emergencyAccess = true;
} }

View file

@ -41,39 +41,39 @@ in
root = { root = {
priority = 10; priority = 10;
size = "500G"; size = "500G";
# content = { content = {
# type = "luks"; type = "luks";
# name = "root_${disk}"; name = "root_${disk}";
# settings = { settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key` # for example use `echo -n "password" > /run/secret.key`
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path> # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
# keyFile = "/run/secret.key"; keyFile = "/run/secret.key";
# allowDiscards = true; allowDiscards = true;
# }; };
content = { content = {
type = "zfs"; type = "zfs";
pool = "zroot"; pool = "zroot";
}; };
# }; };
}; };
media = { media = {
priority = 50; priority = 50;
size = "100%"; size = "100%";
# content = { content = {
# type = "luks"; type = "luks";
# settings = { settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key` # for example use `echo -n "password" > /run/secret.key`
# keyFile = "/run/secret.key"; keyFile = "/run/secret.key";
# allowDiscards = true; allowDiscards = true;
# }; };
# name = "media_${disk}"; name = "media_${disk}";
content = { content = {
type = "zfs"; type = "zfs";
pool = "zmedia"; pool = "zmedia";
}; };
# }; };
}; };
}; };
}; };