palo/nixos-config
palo/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

refactor hardware/hetzner.nix

Browse source
This commit is contained in:
Ingolf Wagner 2024-08-08 00:14:52 +02:00
parent ca0e7382a3
commit f411567ad6
No known key found for this signature in database
GPG key ID: 76BF5F1928B9618B
3 changed files with 39 additions and 55 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
machines/orbi/hardware-configuration/default.nix
View file

@ -1,30 +1,5 @@
{ config, pkgs, modulesPath, lib, factsGenerator, ... }: { config, pkgs, modulesPath, lib, factsGenerator, ... }:
let
# in rescue shell
# ---------------
# apt install -y lshw
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
networkInterfaceModule = "e1000e";
# ip addr
networkInterface = "enp0s31f6";
# From the Hetzner control panel
ipv4 = {
address = "95.216.66.212"; # the ip address
gateway = "95.216.66.193"; # the gateway ip address
netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
};
ipv6 = {
address = "2a01:4f9:2b:326::2"; # the ipv6 addres
gateway = "fe80::1"; # the ipv6 gateway
prefixLength = 64; # shown in the control panel
};
in
{ {
system.stateVersion = "23.11"; system.stateVersion = "23.11";
@ -37,17 +12,11 @@ in
services.smartd.enable = true; services.smartd.enable = true;
# Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
boot.loader.grub = {
enable = true;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
};
# root password # root password
clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; }; clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path;
# todo : use component for that
services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PermitRootLogin = "prohibit-password";
services.openssh.settings.PasswordAuthentication = false; services.openssh.settings.PasswordAuthentication = false;
@ -57,25 +26,4 @@ in
clan.core.facts.services.zfs = factsGenerator.zfs { }; clan.core.facts.services.zfs = factsGenerator.zfs { };
networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value; networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value;
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
# todo: use ssh component
boot.initrd.kernelModules = [ networkInterfaceModule ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
port = 2222;
hostKeys = [
# make sure you use --copy-host-keys during nixos-anywhere
# (you can create ne ssh keys later, again)
# rm /etc/ssh/ssh_host_* && systemctl restart sshd.service
/etc/ssh/ssh_host_rsa_key
/etc/ssh/ssh_host_ed25519_key
];
};
};
} }

38
machines/orbi/hardware-configuration/hetzner.nix
View file

@ -1,2 +1,38 @@
{ config, ... }: { config, ... }:
{ } let
# ip addr
networkInterface = "enp0s31f6";
# From the Hetzner control panel
ipv4 = {
address = "95.216.66.212"; # the ip address
gateway = "95.216.66.193"; # the gateway ip address
netmask = "255.255.255.192"; # the netmask -- might not be the same for you!
prefixLength = 26; # must match the netmask, see <https://www.pawprint.net/designresources/netmask-converter.php>
};
ipv6 = {
address = "2a01:4f9:2b:326::2"; # the ipv6 addres
gateway = "fe80::1"; # the ipv6 gateway
prefixLength = 64; # shown in the control panel
};
in
{
systemd.network.networks."10-uplink".networkConfig.Address = ipv6.address;
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
# in rescue shell
# ---------------
# apt install -y lshw
# lshw -C network | grep -Poh 'driver=[[:alnum:]]+'
boot.initrd.kernelModules = [ "e1000e" ];
# Use GRUB2 as the boot loader.
# We don't use systemd-boot because Hetzner uses BIOS legacy boot.
boot.loader.grub = {
enable = true;
efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines.
};
}

2
treefmt.toml
View file

@ -13,7 +13,7 @@ options = [
"-w", # write back to the file "-w", # write back to the file
] ]
includes = ["*.sh"] includes = ["*.sh"]
excludes = ["./scripts/hetzner-dedicated-wipe-and-install-nixos.sh"] excludes = ["scripts/hetzner-dedicated-wipe-and-install-nixos.sh"]
#[formatter.shellcheck] #[formatter.shellcheck]
#command = "shellcheck" #command = "shellcheck"