fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions

Clean up montalin configuration

Browse source
This commit is contained in:
Fabian Hauser 2020-02-26 22:02:02 +00:00
parent 38017ebcec
commit acfde18601
4 changed files with 40 additions and 38 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
hardware/nuc.nix
View file

@ -8,7 +8,7 @@
[ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix>
]; ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" "e1000e" "virtio-pci"];
boot.initrd.kernelModules = [ ]; boot.initrd.kernelModules = [ ];
# boot.kernelModules = [ "kvm-intel" "virtio" "tun" ]; # boot.kernelModules = [ "kvm-intel" "virtio" "tun" ];
boot.kernelModules = [ "kvm-intel" ]; boot.kernelModules = [ "kvm-intel" ];

47
host/montalin.nix
View file

@ -10,47 +10,20 @@
[ [
../hardware/nuc.nix ../hardware/nuc.nix
../role/base.nix ../role/base.nix
../role/dropbear.nix
]; ];
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1"; boot.initrd.luks.devices = {
boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49"; "root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1";
"swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49";
fileSystems."/" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0065-E4EA";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/mapper/swap"; }
];
boot.loader.timeout = 2;
boot.initrd.availableKernelModules = [ "virtio-pci" "e1000e" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
# hostECDSAKey = /var/src/secrets/dropbear/ecdsa-hostkey;
# this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
# Key generation with dropbearkey -t <type> -f <output-keyfile>
hostRSAKey = /boot/dropbear_rsa_host_key;
hostECDSAKey = /boot/dropbear_ecdsa_host_key;
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
}; };
boot.kernelParams = ["ip=::::montalin:eth0:dhcp"];
boot.initrd.postMountCommands = '' fileSystems = {
ip link set eth0 down "/" = { device = "/dev/mapper/root"; fsType = "btrfs"; };
''; "/boot" = { device = "/dev/disk/by-uuid/0065-E4EA"; fsType = "vfat"; };
};
swapDevices = [{ device = "/dev/mapper/swap"; }];
# Use the systemd-boot EFI boot loader. # Use the systemd-boot EFI boot loader.

3
role/base.nix
View file

@ -3,6 +3,9 @@
{ {
system.autoUpgrade.enable = true; system.autoUpgrade.enable = true;
system.autoUpgrade.allowReboot = true;
boot.loader.timeout = 2;
i18n = { i18n = {
consoleFont = "Lat2-Terminus16"; consoleFont = "Lat2-Terminus16";

26
role/dropbear.nix Normal file
View file

@ -0,0 +1,26 @@
{ config, pkgs, ... }:
{
# Note: This implementation currently only allows eth0 (first interface) with dhcp.
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
# this includes the ssh keys of all users in the wheel group,
# but you can just specify some keys manually
#authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
hostRSAKey = /boot/dropbear_rsa_host_key;
hostECDSAKey = /boot/dropbear_ecdsa_host_key;
# Key generation with dropbearkey -t <type> -f <output-keyfile>
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
boot.kernelParams = ["ip=::::montalin:eth0:dhcp"];
boot.initrd.postMountCommands = ''
ip link set eth0 down
'';
}