diff --git a/flake.lock b/flake.lock index 058605b..c634820 100644 --- a/flake.lock +++ b/flake.lock @@ -21,6 +21,38 @@ "type": "github" } }, + "nixpkgs-nixos-2111": { + "locked": { + "lastModified": 1647490331, + "narHash": "sha256-Jcc+vHNDN3KDWuzGNTl3A24ICGovPneJDejiN2t57QI=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "2c66a7a6e036971c4847cca424125f55b9eb0b0b", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-21.11", + "repo": "nixpkgs", + "type": "github" + } + }, + "nixpkgs-nixos-unstable": { + "locked": { + "lastModified": 1647297614, + "narHash": "sha256-ulGq3W5XsrBMU/u5k9d4oPy65pQTkunR4HKKtTq0RwY=", + "owner": "NixOS", + "repo": "nixpkgs", + "rev": "73ad5f9e147c0d2a2061f1d4bd91e05078dc0b58", + "type": "github" + }, + "original": { + "owner": "NixOS", + "ref": "nixos-unstable", + "repo": "nixpkgs", + "type": "github" + } + }, "nixpkgs-stable": { "locked": { "lastModified": 1649490789, @@ -53,11 +85,27 @@ "type": "github" } }, + "qois-infrastructure": { + "inputs": { + "nixpkgs-nixos-2111": "nixpkgs-nixos-2111", + "nixpkgs-nixos-unstable": "nixpkgs-nixos-unstable" + }, + "locked": { + "narHash": "sha256-td+qvLGjYw0oRFYsMR4LKciDWyOoPGJJJ2phMFwN1ME=", + "path": "/etc/nixos/qois-infrastructure", + "type": "path" + }, + "original": { + "path": "/etc/nixos/qois-infrastructure", + "type": "path" + } + }, "root": { "inputs": { "home-manager": "home-manager", "nixpkgs-stable": "nixpkgs-stable", - "nixpkgs-unstable": "nixpkgs-unstable" + "nixpkgs-unstable": "nixpkgs-unstable", + "qois-infrastructure": "qois-infrastructure" } } }, diff --git a/flake.nix b/flake.nix index e9b537f..5540417 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,11 @@ nixpkgs-stable.url = "github:NixOS/nixpkgs/nixos-21.11"; home-manager.url = "github:nix-community/home-manager/release-21.11"; home-manager.inputs.nixpkgs.follows = "nixpkgs-stable"; + qois-infrastructure.url = "path:/etc/nixos/qois-infrastructure"; #fabianhauser-etaxes.url = "github:fabianhauser/etaxes-sg-nix"; }; - outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, ... }@inputs: + outputs = { self, nixpkgs-unstable, nixpkgs-stable, home-manager, qois-infrastructure, ... }@inputs: let system = "x86_64-linux"; pkgsUnstable = import nixpkgs-unstable { inherit system; @@ -25,18 +26,18 @@ # `nix build .#nixosConfigurations..config.system.build.toplevel nixosConfigurations = let hosts = [ "speer" "hummelberg" ]; - home-manager-modules = [ home-manager.nixosModules.home-manager { + home-manager-config = { home-manager = { useGlobalPkgs = true; useUserPackages = true; extraSpecialArgs = { inherit pkgsUnstable; }; users.fhauser = import ./home/fhauser/default.nix; }; - }]; + }; mapHostnameToAttr = host: nixpkgs-stable.lib.nixosSystem { inherit system; - modules = [ ./host/${host}/default.nix ] ++ home-manager-modules; + modules = [ qois-infrastructure.nixosModule home-manager.nixosModules.home-manager home-manager-config ./host/${host}/default.nix ]; }; in pkgsUnstable.lib.genAttrs hosts mapHostnameToAttr; diff --git a/modules/default.nix b/modules/default.nix index 9c6cb25..ff9a9a2 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -1,5 +1,5 @@ { config, pkgs, ... }: { - imports = [ ./luks-ssh ]; + imports = [ ]; } diff --git a/modules/luks-ssh/default.nix b/modules/luks-ssh/default.nix deleted file mode 100644 index 9e736fc..0000000 --- a/modules/luks-ssh/default.nix +++ /dev/null @@ -1,99 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; - -let cfg = config.services.qois.luks-ssh; -in { - options.services.qois.luks-ssh = { - enable = mkEnableOption "luks-ssh service"; - - interface = mkOption { - type = types.str; - example = "enp0"; - description = '' - Interface name. - ''; - }; - - ip = mkOption { - type = types.str; - example = "192.168.0.1"; - default = "dhcp"; - description = '' - Host IP Address or "dhcp" (default). - ''; - }; - - gateway = mkOption { - type = types.str; - default = null; - example = "192.168.0.1"; - description = '' - IP of gateway. May be null if ip is aquired by dhcp. - ''; - }; - - netmask = mkOption { - type = types.str; - default = null; - example = "192.168.0.1"; - description = '' - Netmask of internal network. May be null if ip is aquired by dhcp. - ''; - }; - - sshHostKey = mkOption { - type = types.str; - default = "/secrets/initrd_ssh_key_ed25519"; - description = '' - Hostkey for ssh connection. - The key is stored in an unencrypted form, - so it is strongly advised against using the normal host key. - - You can generate a host key with: - - ssh-keygen -t ed25519 -N "" -f /secrets/initrd_ssh_key_ed25519 - ''; - }; - - sshPort = mkOption { - type = types.addCheck types.int (n: n > 0 && n < 65536); - default = 2222; - description = '' - SSH Port of the initrd ssh server. - Should be different from default SSH port to prevent known hosts collissions. - ''; - }; - }; - - config = mkIf cfg.enable { - boot.initrd.network = { - enable = true; - ssh = { - enable = true; - port = cfg.sshPort; - authorizedKeys = with lib; - concatLists (mapAttrsToList (name: user: - if elem "wheel" user.extraGroups then - user.openssh.authorizedKeys.keys - else - [ ]) config.users.users); - hostKeys = [ cfg.sshHostKey ]; - }; - postCommands = '' - echo 'cryptsetup-askpass' >> /root/.profile - ''; - }; - - boot.kernelParams = [ - (if cfg.ip == "dhcp" then - "ip=::::${config.networking.hostName}:${cfg.interface}:dhcp" - else - "ip=${cfg.ip}::${cfg.gateway}:${cfg.netmask}:${config.networking.hostName}:${cfg.interface}:none") - ]; # see https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt - - boot.initrd.postMountCommands = '' - ip link set ${cfg.interface} down - ''; - }; -} diff --git a/qois-infrastructure b/qois-infrastructure index d3be1ef..52b4f49 160000 --- a/qois-infrastructure +++ b/qois-infrastructure @@ -1 +1 @@ -Subproject commit d3be1efa8ec32c6ba18eebaa35e4993ec0970bef +Subproject commit 52b4f4942f53f67780e6b119ce8b93c1453cf676