From acfde18601be041728f4f291733c15ca99a99427 Mon Sep 17 00:00:00 2001 From: Fabian Date: Wed, 26 Feb 2020 22:02:02 +0000 Subject: [PATCH] Clean up montalin configuration --- hardware/nuc.nix | 2 +- host/montalin.nix | 47 ++++++++++------------------------------------- role/base.nix | 3 +++ role/dropbear.nix | 26 ++++++++++++++++++++++++++ 4 files changed, 40 insertions(+), 38 deletions(-) create mode 100644 role/dropbear.nix diff --git a/hardware/nuc.nix b/hardware/nuc.nix index cb5341a..8c3cc2f 100644 --- a/hardware/nuc.nix +++ b/hardware/nuc.nix @@ -8,7 +8,7 @@ [ ]; - boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "e1000e" "virtio-pci"]; boot.initrd.kernelModules = [ ]; # boot.kernelModules = [ "kvm-intel" "virtio" "tun" ]; boot.kernelModules = [ "kvm-intel" ]; diff --git a/host/montalin.nix b/host/montalin.nix index cc4d9f2..784010c 100644 --- a/host/montalin.nix +++ b/host/montalin.nix @@ -10,47 +10,20 @@ [ ../hardware/nuc.nix ../role/base.nix + ../role/dropbear.nix ]; - boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; - boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; - - fileSystems."/" = - { device = "/dev/mapper/root"; - fsType = "btrfs"; - }; - fileSystems."/boot" = - { device = "/dev/disk/by-uuid/0065-E4EA"; - fsType = "vfat"; - }; - swapDevices = - [ { device = "/dev/mapper/swap"; } - ]; - - - boot.loader.timeout = 2; - boot.initrd.availableKernelModules = [ "virtio-pci" "e1000e" ]; - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = 2222; - # hostECDSAKey = /var/src/secrets/dropbear/ecdsa-hostkey; - # this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually - # authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); - # Key generation with dropbearkey -t -f - hostRSAKey = /boot/dropbear_rsa_host_key; - hostECDSAKey = /boot/dropbear_ecdsa_host_key; - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; + boot.initrd.luks.devices = { + "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; + "swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; }; - boot.kernelParams = ["ip=::::montalin:eth0:dhcp"]; -boot.initrd.postMountCommands = '' - ip link set eth0 down - ''; + fileSystems = { + "/" = { device = "/dev/mapper/root"; fsType = "btrfs"; }; + "/boot" = { device = "/dev/disk/by-uuid/0065-E4EA"; fsType = "vfat"; }; + }; + + swapDevices = [{ device = "/dev/mapper/swap"; }]; # Use the systemd-boot EFI boot loader. diff --git a/role/base.nix b/role/base.nix index 2d616d5..faeb031 100644 --- a/role/base.nix +++ b/role/base.nix @@ -3,6 +3,9 @@ { system.autoUpgrade.enable = true; + system.autoUpgrade.allowReboot = true; + + boot.loader.timeout = 2; i18n = { consoleFont = "Lat2-Terminus16"; diff --git a/role/dropbear.nix b/role/dropbear.nix new file mode 100644 index 0000000..19ab61a --- /dev/null +++ b/role/dropbear.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + +{ + # Note: This implementation currently only allows eth0 (first interface) with dhcp. + boot.initrd.network = { + enable = true; + ssh = { + enable = true; + port = 2222; + # this includes the ssh keys of all users in the wheel group, + # but you can just specify some keys manually + #authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); + hostRSAKey = /boot/dropbear_rsa_host_key; + hostECDSAKey = /boot/dropbear_ecdsa_host_key; + # Key generation with dropbearkey -t -f + }; + postCommands = '' + echo 'cryptsetup-askpass' >> /root/.profile + ''; + }; + boot.kernelParams = ["ip=::::montalin:eth0:dhcp"]; + + boot.initrd.postMountCommands = '' + ip link set eth0 down + ''; +}