From f411567ad6a684767df3fbf0ec72027dcd6746d4 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Thu, 8 Aug 2024 00:14:52 +0200
Subject: [PATCH] refactor hardware/hetzner.nix

---
 .../orbi/hardware-configuration/default.nix   | 54 +------------------
 .../orbi/hardware-configuration/hetzner.nix   | 38 ++++++++++++-
 treefmt.toml                                  |  2 +-
 3 files changed, 39 insertions(+), 55 deletions(-)

diff --git a/machines/orbi/hardware-configuration/default.nix b/machines/orbi/hardware-configuration/default.nix
index 7a4641e..a68445b 100644
--- a/machines/orbi/hardware-configuration/default.nix
+++ b/machines/orbi/hardware-configuration/default.nix
@@ -1,30 +1,5 @@
 { config, pkgs, modulesPath, lib, factsGenerator, ... }:
 
-let
-
-  # in rescue shell
-  # ---------------
-  # apt install -y lshw
-  # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
-  networkInterfaceModule = "e1000e";
-
-  # ip addr
-  networkInterface = "enp0s31f6";
-
-  # From the Hetzner control panel
-  ipv4 = {
-    address = "95.216.66.212"; # the ip address
-    gateway = "95.216.66.193"; # the gateway ip address
-    netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
-    prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
-  };
-  ipv6 = {
-    address = "2a01:4f9:2b:326::2"; # the ipv6 addres
-    gateway = "fe80::1"; # the ipv6 gateway
-    prefixLength = 64; # shown in the control panel
-  };
-
-in
 
 {
   system.stateVersion = "23.11";
@@ -37,17 +12,11 @@ in
 
   services.smartd.enable = true;
 
-  # Use GRUB2 as the boot loader.
-  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
-  };
-
   # root password
   clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
   users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;
 
+  # todo : use component for that
   services.openssh.settings.PermitRootLogin = "prohibit-password";
   services.openssh.settings.PasswordAuthentication = false;
 
@@ -57,25 +26,4 @@ in
   clan.core.facts.services.zfs = factsGenerator.zfs { };
   networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
 
-  systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
-  boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
-
-  # todo: use ssh component
-  boot.initrd.kernelModules = [ networkInterfaceModule ];
-  boot.initrd.network = {
-    enable = true;
-    ssh = {
-      enable = true;
-      authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
-      port = 2222;
-      hostKeys = [
-        # make sure you use --copy-host-keys during nixos-anywhere
-        # (you can create ne ssh keys later, again)
-        # rm /etc/ssh/ssh_host_* && systemctl restart sshd.service
-        /etc/ssh/ssh_host_rsa_key
-        /etc/ssh/ssh_host_ed25519_key
-      ];
-    };
-  };
-
 }
diff --git a/machines/orbi/hardware-configuration/hetzner.nix b/machines/orbi/hardware-configuration/hetzner.nix
index 478b43d..839bf33 100644
--- a/machines/orbi/hardware-configuration/hetzner.nix
+++ b/machines/orbi/hardware-configuration/hetzner.nix
@@ -1,2 +1,38 @@
 { config, ... }:
-{ }
+let
+
+  # ip addr
+  networkInterface = "enp0s31f6";
+
+  # From the Hetzner control panel
+  ipv4 = {
+    address = "95.216.66.212"; # the ip address
+    gateway = "95.216.66.193"; # the gateway ip address
+    netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
+    prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
+  };
+  ipv6 = {
+    address = "2a01:4f9:2b:326::2"; # the ipv6 addres
+    gateway = "fe80::1"; # the ipv6 gateway
+    prefixLength = 64; # shown in the control panel
+  };
+
+in
+{
+  systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
+  boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
+
+  # in rescue shell
+  # ---------------
+  # apt install -y lshw
+  # lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
+  boot.initrd.kernelModules = [ "e1000e" ];
+
+  # Use GRUB2 as the boot loader.
+  # We don't use systemd-boot because Hetzner uses BIOS legacy boot.
+  boot.loader.grub = {
+    enable = true;
+    efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
+  };
+
+}
diff --git a/treefmt.toml b/treefmt.toml
index 01599aa..250f237 100644
--- a/treefmt.toml
+++ b/treefmt.toml
@@ -13,7 +13,7 @@ options = [
     "-w",  # write back to the file
 ]
 includes = ["*.sh"]
-excludes = ["./scripts/hetzner-dedicated-wipe-and-install-nixos.sh"]
+excludes = ["scripts/hetzner-dedicated-wipe-and-install-nixos.sh"]
 
 #[formatter.shellcheck]
 #command = "shellcheck"