fabianhauser/dotfiles
1
0
Fork 0
Code Issues 4 Pull requests 1 Projects Releases Packages Wiki Activity Actions
dotfiles/host/montalin.nix
Fabian d8402078bd Add dropbear
2020-02-26 20:54:29 +00:00

104 lines
3.4 KiB
Nix
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running nixos-help).
{ config, pkgs, ... }:
{
imports =
[
../hardware/nuc.nix
../role/base.nix
];
boot.initrd.luks.devices."root".device = "/dev/disk/by-uuid/3a0a5071-67ab-4e13-a0b7-d31b86f5e8b1";
boot.initrd.luks.devices."swap".device = "/dev/disk/by-uuid/6dee6e3c-e2f3-46c5-8751-5fce8c80ed49";
fileSystems."/" =
{ device = "/dev/mapper/root";
fsType = "btrfs";
};
fileSystems."/boot" =
{ device = "/dev/disk/by-uuid/0065-E4EA";
fsType = "vfat";
};
swapDevices =
[ { device = "/dev/mapper/swap"; }
];
boot.loader.timeout = 2;
boot.initrd.availableKernelModules = [ "virtio-pci" "e1000e" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
# hostECDSAKey = /var/src/secrets/dropbear/ecdsa-hostkey;
# this includes the ssh keys of all users in the wheel group, but you can just specify some keys manually
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
# Key generation with dropbearkey -t <type> -f <output-keyfile>
hostRSAKey = /boot/dropbear_rsa_host_key;
hostECDSAKey = /boot/dropbear_ecdsa_host_key;
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
boot.kernelParams = ["ip=::::montalin:eth0:dhcp"];
boot.initrd.postMountCommands = ''
ip link set eth0 down
'';
# Use the systemd-boot EFI boot loader.
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
networking.hostName = "montalin"; # Define your hostname.
# networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
# The global useDHCP flag is deprecated, therefore explicitly set to false here.
# Per-interface useDHCP will be mandatory in the future, so this generated config
# replicates the default behaviour.
networking.useDHCP = false;
networking.interfaces.eno1.useDHCP = true;
networking.interfaces.wlp1s0.useDHCP = true;
#networking.wireless.enable = true; # Enables wireless support via wpa_supplicant.
#networking.wireless.networks = {
# yummi = {
# psk = "cookies!";
# };
#};
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Set your time zone.
# time.timeZone = "Europe/Amsterdam";
# List services that you want to enable:
# Open ports in the firewall.
# networking.firewall.allowedTCPPorts = [ ... ];
# networking.firewall.allowedUDPPorts = [ ... ];
# Or disable the firewall altogether.
# networking.firewall.enable = false;
# Define a user account. Don't forget to set a password with passwd.
# users.users.jane = {
# isNormalUser = true;
# extraGroups = [ "wheel" ]; # Enable sudo for the user.
# };
# This value determines the NixOS release with which your system is to be
# compatible, in order to avoid breaking some software such as database
# servers. You should change this only after NixOS release notes say you
# should.
system.stateVersion = "19.09"; # Did you read the comment?
}
Reference in a new issue View git blame Copy permalink