{ config, pkgs, modulesPath, lib, factsGenerator, ... }: let # in rescue shell # --------------- # apt install -y lshw # lshw -C network | grep -Poh 'driver=[[:alnum:]]+' networkInterfaceModule = "e1000e"; # ip addr networkInterface = "enp0s31f6"; # From the Hetzner control panel ipv4 = { address = "95.216.66.212"; # the ip address gateway = "95.216.66.193"; # the gateway ip address netmask = "255.255.255.192"; # the netmask -- might not be the same for you! prefixLength = 26; # must match the netmask, see }; ipv6 = { address = "2a01:4f9:2b:326::2"; # the ipv6 addres gateway = "fe80::1"; # the ipv6 gateway prefixLength = 64; # shown in the control panel }; in { system.stateVersion = "23.11"; imports = [ ./disko-config.nix ./hardware-configuration.nix ./hetzner.nix ]; services.smartd.enable = true; # Use GRUB2 as the boot loader. # We don't use systemd-boot because Hetzner uses BIOS legacy boot. boot.loader.grub = { enable = true; efiSupport = false; # we created a ef02 partition because uefi is not supported on hetzner online machines. }; # root password clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; }; users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; services.openssh.settings.PermitRootLogin = "prohibit-password"; services.openssh.settings.PasswordAuthentication = false; boot.tmp.useTmpfs = true; # make /tmp a tmpfs (performance!) boot.supportedFilesystems = [ "zfs" ]; clan.core.facts.services.zfs = factsGenerator.zfs { }; networking.hostId = config.clan.core.facts.services.zfs.public."zfs.hostId".value; systemd.network.networks."10-hetzner".networkConfig.Address = ipv6.address; boot.initrd.systemd.network.networks."10-hetzner" = config.systemd.network.networks."10-hetzner"; # todo: use ssh component boot.initrd.kernelModules = [ networkInterfaceModule ]; boot.initrd.network = { enable = true; ssh = { enable = true; authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys; port = 2222; hostKeys = [ # make sure you use --copy-host-keys during nixos-anywhere # (you can create ne ssh keys later, again) # rm /etc/ssh/ssh_host_* && systemctl restart sshd.service /etc/ssh/ssh_host_rsa_key /etc/ssh/ssh_host_ed25519_key ]; }; }; }