Now it works like it should be with orbi
This commit is contained in:
Ingolf Wagner
parent
41c802081a
commit
aa288642e0
4 changed files with 71 additions and 51 deletions
|
|
@ -1,4 +1,4 @@
|
||||||
{ pkgs, lib, ... }:
|
{ pkgs, lib, config, ... }:
|
||||||
with lib;
|
with lib;
|
||||||
{
|
{
|
||||||
options.components.gui = {
|
options.components.gui = {
|
||||||
|
|
@ -23,5 +23,6 @@ with lib;
|
||||||
|
|
||||||
config = mkIf config.components.gui.enable {
|
config = mkIf config.components.gui.enable {
|
||||||
# todo extract xorg stuff to prepare wayland
|
# todo extract xorg stuff to prepare wayland
|
||||||
|
environment.enableAllTerminfo = true;
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,8 @@ with lib;
|
||||||
wget
|
wget
|
||||||
curl
|
curl
|
||||||
|
|
||||||
|
gimoji
|
||||||
|
|
||||||
# todo : configure this properly
|
# todo : configure this properly
|
||||||
tldr
|
tldr
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -2,13 +2,13 @@
|
||||||
|
|
||||||
let
|
let
|
||||||
|
|
||||||
|
# in rescue shell
|
||||||
|
# ---------------
|
||||||
# apt install -y lshw
|
# apt install -y lshw
|
||||||
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
|
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
|
||||||
|
networkInterfaceModule = "e1000e";
|
||||||
networkInterfaceModule = "r8169";
|
# ip addr
|
||||||
|
networkInterface = "enp0s31f6";
|
||||||
networkInterface = "enp3s0";
|
|
||||||
|
|
||||||
# From the Hetzner control panel
|
# From the Hetzner control panel
|
||||||
ipv4 = {
|
ipv4 = {
|
||||||
|
|
@ -27,21 +27,14 @@ in
|
||||||
|
|
||||||
{
|
{
|
||||||
|
|
||||||
imports = [
|
imports = [
|
||||||
./disko-config.nix
|
./disko-config.nix
|
||||||
./hardware-configuration.nix
|
./hardware-configuration.nix
|
||||||
];
|
];
|
||||||
|
|
||||||
# luks unlock zeug
|
|
||||||
#boot.initrd.kernelModules = [ ];
|
|
||||||
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
|
|
||||||
#boot.initrd.systemd.services.openssh = {
|
|
||||||
# enable = true;
|
|
||||||
#};
|
|
||||||
|
|
||||||
# Use GRUB2 as the boot loader.
|
# Use GRUB2 as the boot loader.
|
||||||
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
|
||||||
#boot.loader.systemd-boot.enable = true;
|
|
||||||
boot.loader.grub = {
|
boot.loader.grub = {
|
||||||
enable = true;
|
enable = true;
|
||||||
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
|
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
|
||||||
|
|
@ -61,7 +54,6 @@ imports = [
|
||||||
#networking.defaultGateway = ipv4.gateway;
|
#networking.defaultGateway = ipv4.gateway;
|
||||||
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
|
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
|
||||||
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
|
||||||
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
|
|
||||||
|
|
||||||
# Initial empty root password for easy login:
|
# Initial empty root password for easy login:
|
||||||
users.users.root.initialHashedPassword = "";
|
users.users.root.initialHashedPassword = "";
|
||||||
|
|
@ -89,18 +81,43 @@ imports = [
|
||||||
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
|
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
|
||||||
#];
|
#];
|
||||||
|
|
||||||
#boot.kernelParams = [ "ip=dhcp" ];
|
# luks unlock zeug
|
||||||
#boot.initrd.availableKernelModules = [ networkInterfaceModule ];
|
#boot.initrd.systemd.services.openssh = {
|
||||||
#boot.initrd.network.enable = true;
|
|
||||||
#boot.initrd.network.ssh = {
|
|
||||||
# enable = true;
|
# enable = true;
|
||||||
# authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
|
||||||
# port = 2222;
|
|
||||||
# hostKeys = [
|
|
||||||
# /etc/ssh/ssh_host_rsa_key
|
|
||||||
# /etc/ssh/ssh_host_ed25519_key
|
|
||||||
# ];
|
|
||||||
#};
|
#};
|
||||||
|
#unlock_root(){
|
||||||
|
# pw=$(rbw get 'zfs encryption')
|
||||||
|
# ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent"
|
||||||
|
#}
|
||||||
|
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
|
||||||
|
|
||||||
|
#boot.kernelParams = [ "ip=dhcp" ];
|
||||||
|
boot.initrd.kernelModules = [ networkInterfaceModule ];
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
|
port = 2222;
|
||||||
|
hostKeys = [
|
||||||
|
# make sure you use --copy-host-keys during nixos-anywhere
|
||||||
|
# (you can create ne ssh keys later, again)
|
||||||
|
/etc/ssh/ssh_host_rsa_key
|
||||||
|
/etc/ssh/ssh_host_ed25519_key
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
|
||||||
|
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
|
||||||
|
boot.initrd.systemd.enable = true;
|
||||||
|
|
||||||
|
# root shell if not booting (usefull for debugging), but hijacks luks unlock
|
||||||
|
#boot.initrd.systemd.emergencyAccess = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -41,39 +41,39 @@ in
|
||||||
root = {
|
root = {
|
||||||
priority = 10;
|
priority = 10;
|
||||||
size = "500G";
|
size = "500G";
|
||||||
# content = {
|
|
||||||
# type = "luks";
|
|
||||||
# name = "root_${disk}";
|
|
||||||
# settings = {
|
|
||||||
# # if you want to use the key for interactive login be sure there is no trailing newline
|
|
||||||
# # for example use `echo -n "password" > /run/secret.key`
|
|
||||||
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
|
||||||
# keyFile = "/run/secret.key";
|
|
||||||
# allowDiscards = true;
|
|
||||||
# };
|
|
||||||
content = {
|
content = {
|
||||||
type = "zfs";
|
type = "luks";
|
||||||
pool = "zroot";
|
name = "root_${disk}";
|
||||||
|
settings = {
|
||||||
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
|
# for example use `echo -n "password" > /run/secret.key`
|
||||||
|
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
|
||||||
|
keyFile = "/run/secret.key";
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "zroot";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
media = {
|
media = {
|
||||||
priority = 50;
|
priority = 50;
|
||||||
size = "100%";
|
size = "100%";
|
||||||
# content = {
|
|
||||||
# type = "luks";
|
|
||||||
# settings = {
|
|
||||||
# # if you want to use the key for interactive login be sure there is no trailing newline
|
|
||||||
# # for example use `echo -n "password" > /run/secret.key`
|
|
||||||
# keyFile = "/run/secret.key";
|
|
||||||
# allowDiscards = true;
|
|
||||||
# };
|
|
||||||
# name = "media_${disk}";
|
|
||||||
content = {
|
content = {
|
||||||
type = "zfs";
|
type = "luks";
|
||||||
pool = "zmedia";
|
settings = {
|
||||||
|
# if you want to use the key for interactive login be sure there is no trailing newline
|
||||||
|
# for example use `echo -n "password" > /run/secret.key`
|
||||||
|
keyFile = "/run/secret.key";
|
||||||
|
allowDiscards = true;
|
||||||
|
};
|
||||||
|
name = "media_${disk}";
|
||||||
|
content = {
|
||||||
|
type = "zfs";
|
||||||
|
pool = "zmedia";
|
||||||
|
};
|
||||||
};
|
};
|
||||||
# };
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue