palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Now it works like it should be with orbi

Browse source
This commit is contained in:
Ingolf Wagner 2024-02-29 00:32:48 +01:00
parent 41c802081a
commit aa288642e0
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
4 changed files with 71 additions and 51 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
nixos/components/gui/default.nix
View file

@ -1,4 +1,4 @@
{ pkgs, lib, ... }:
{ pkgs, lib, config, ... }:
with lib;
{
options.components.gui = {
@ -23,5 +23,6 @@ with lib;
config = mkIf config.components.gui.enable {
# todo extract xorg stuff to prepare wayland
environment.enableAllTerminfo = true;
};
}

2
nixos/homes/common/packages.nix
View file

@ -17,6 +17,8 @@ with lib;
wget
curl
gimoji
# todo : configure this properly
tldr

67
nixos/machines/orbi/hardware-configuration/default.nix
View file

@ -2,13 +2,13 @@
let
# in rescue shell
# ---------------
# apt install -y lshw
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
networkInterfaceModule = "r8169";
networkInterface = "enp3s0";
networkInterfaceModule = "e1000e";
# ip addr
networkInterface = "enp0s31f6";
# From the Hetzner control panel
ipv4 = {
@ -27,21 +27,14 @@ in
{
imports = [
imports = [
./disko-config.nix
./hardware-configuration.nix
];
];
# luks unlock zeug
#boot.initrd.kernelModules = [ ];
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
#boot.initrd.systemd.services.openssh = {
# enable = true;
#};
# Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
#boot.loader.systemd-boot.enable = true;
boot.loader.grub = {
enable = true;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
@ -61,7 +54,6 @@ imports = [
#networking.defaultGateway = ipv4.gateway;
#networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
#networking.nameservers = [ "8.8.8.8" "1.1.1.1" ];
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
# Initial empty root password for easy login:
users.users.root.initialHashedPassword = "";
@ -89,18 +81,43 @@ imports = [
# "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
#];
#boot.kernelParams = [ "ip=dhcp" ];
#boot.initrd.availableKernelModules = [ networkInterfaceModule ];
#boot.initrd.network.enable = true;
#boot.initrd.network.ssh = {
# luks unlock zeug
#boot.initrd.systemd.services.openssh = {
# enable = true;
# authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
# port = 2222;
# hostKeys = [
# /etc/ssh/ssh_host_rsa_key
# /etc/ssh/ssh_host_ed25519_key
# ];
#};
#unlock_root(){
# pw=$(rbw get 'zfs encryption')
# ssh root@eve.i -p 2222 "echo ${pw} | systemd-tty-ask-password-agent"
#}
#boot.initrd.systemd.users.root.shell = "/bin/cryptsetup-askpass";
#boot.kernelParams = [ "ip=dhcp" ];
boot.initrd.kernelModules = [ networkInterfaceModule ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [
# make sure you use --copy-host-keys during nixos-anywhere
# (you can create ne ssh keys later, again)
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key
];
};
};
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
boot.initrd.systemd.enable = true;
# root shell if not booting (usefull for debugging), but hijacks luks unlock
#boot.initrd.systemd.emergencyAccess = true;
}

50
nixos/machines/orbi/hardware-configuration/disko-config.nix
View file

@ -41,39 +41,39 @@ in
root = {
priority = 10;
size = "500G";
# content = {
# type = "luks";
# name = "root_${disk}";
# settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key`
# # or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
# keyFile = "/run/secret.key";
# allowDiscards = true;
# };
content = {
type = "zfs";
pool = "zroot";
type = "luks";
name = "root_${disk}";
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
# or use nixos-anywhere --disk-encryption-keys /run/secret.key <local-path>
keyFile = "/run/secret.key";
allowDiscards = true;
};
content = {
type = "zfs";
pool = "zroot";
};
};
# };
};
media = {
priority = 50;
size = "100%";
# content = {
# type = "luks";
# settings = {
# # if you want to use the key for interactive login be sure there is no trailing newline
# # for example use `echo -n "password" > /run/secret.key`
# keyFile = "/run/secret.key";
# allowDiscards = true;
# };
# name = "media_${disk}";
content = {
type = "zfs";
pool = "zmedia";
type = "luks";
settings = {
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /run/secret.key`
keyFile = "/run/secret.key";
allowDiscards = true;
};
name = "media_${disk}";
content = {
type = "zfs";
pool = "zmedia";
};
};
# };
};
};
};