initrd/networking: manually set networking
This commit is contained in:
parent
5fe27940b4
commit
3e0f8438c1
|
@ -22,7 +22,10 @@
|
|||
fsType = "ext4";
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
|
||||
boot.initrd.luks.devices."cryptroot" = {
|
||||
device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/3B67-0CAB";
|
||||
|
|
|
@ -14,24 +14,35 @@ in {
|
|||
|
||||
services.openssh.openFirewall = true;
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
|
||||
pub-solar.user.publicKeys = [
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall"
|
||||
];
|
||||
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail=1"
|
||||
"ip=dhcp"
|
||||
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
|
||||
"ip=127.0.0.1:::::lo:none"
|
||||
];
|
||||
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.network.ssh = {
|
||||
boot.initrd.availableKernelModules = [ "tg3" ];
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
port = 2222;
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 2222;
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
};
|
||||
postCommands = ''
|
||||
ip link set dev enp2s0f0 up
|
||||
|
||||
ip addr add 192.168.178.3/32 dev enp2s0f0
|
||||
ip route add 192.168.178.1 dev enp2s0f0
|
||||
ip route add default via 192.168.178.1 dev enp2s0f0
|
||||
|
||||
ip -6 addr add 2a02:908:5b1:e3c0:3::/128 dev enp2s0f0
|
||||
ip -6 addr add fe80:b12f:acab:1312:acab:3::/128 dev enp2s0f0
|
||||
'';
|
||||
};
|
||||
|
||||
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
|
||||
|
|
|
@ -8,12 +8,15 @@
|
|||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" "tg3" ];
|
||||
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.luks.devices."cryptroot".device = "/dev/sdb2";
|
||||
boot.initrd.luks.devices."cryptroot" = {
|
||||
device = "/dev/sdb2";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "none";
|
||||
|
@ -50,14 +53,6 @@
|
|||
[ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; }
|
||||
];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
# networking.useDHCP = lib.mkDefault true;
|
||||
networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
|
||||
networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
||||
|
|
|
@ -6,16 +6,9 @@
|
|||
...
|
||||
}: {
|
||||
networking.hostName = "droppie";
|
||||
networking.interfaces.enp2s0f0.useDHCP = true;
|
||||
networking.interfaces.enp2s0f1.useDHCP = true;
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
#networking.useDHCP = true;
|
||||
#networking.interfaces.enp2s0f0.useDHCP = true;
|
||||
#networking.interfaces.enp2s0f1.useDHCP = true;
|
||||
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
networking.interfaces.enp2s0f0 = {
|
||||
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ];
|
||||
};
|
||||
|
|
|
@ -15,18 +15,31 @@ in {
|
|||
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail=1"
|
||||
"ip=128.140.109.213::172.31.1.1:255.255.255.255:frikandel-initrd.b12f.io::off"
|
||||
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
|
||||
"ip=127.0.0.1:::::lo:none"
|
||||
];
|
||||
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 2222;
|
||||
hostKeys = [ /boot/initrd-ssh-key ];
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
enable = true;
|
||||
port = 2222;
|
||||
hostKeys = [ /boot/initrd-ssh-key ];
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
};
|
||||
postCommands = ''
|
||||
ip link set dev enp1s0 up
|
||||
|
||||
ip addr add 128.140.109.213/32 dev enp1s0
|
||||
ip route add 172.31.1.1 dev enp1s0
|
||||
ip route add default via 172.31.1.1 dev enp1s0
|
||||
|
||||
ip -6 addr add 128.140.109.213/128 dev enp1s0
|
||||
ip -6 addr add 2a01:4f8:c2c:b60::/64 dev enp1s0
|
||||
ip -6 route add fe80::1 dev enp1s0
|
||||
ip -6 route add default via fe80::1 dev enp1s0
|
||||
'';
|
||||
};
|
||||
|
||||
boot.supportedFilesystems = [ "zfs" ];
|
||||
|
|
|
@ -3,7 +3,6 @@
|
|||
lib,
|
||||
...
|
||||
}: {
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
|
||||
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
|
||||
networking.networkmanager.enable = false;
|
||||
|
|
|
@ -23,21 +23,31 @@ in {
|
|||
|
||||
boot.kernelParams = [
|
||||
"boot.shell_on_fail=1"
|
||||
"ip=192.168.178.2::192.168.178.1:255.255.255.255:pie-initrd.b12f.io::off"
|
||||
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
|
||||
"ip=127.0.0.1:::::lo:none"
|
||||
];
|
||||
|
||||
boot.initrd.network.enable = true;
|
||||
boot.initrd.network.ssh = {
|
||||
enable = true;
|
||||
port = 2222;
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
};
|
||||
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
|
||||
boot.initrd.availableKernelModules = [ "genet" ];
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 2222;
|
||||
authorizedKeys = psCfg.user.publicKeys;
|
||||
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
};
|
||||
postCommands = ''
|
||||
ip link set dev enabcm6e4ei0 up
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
ip addr add 192.168.178.2/32 dev enabcm6e4ei0
|
||||
ip route add 192.168.178.1 dev enabcm6e4ei0
|
||||
ip route add default via 192.168.178.1 dev enabcm6e4ei0
|
||||
|
||||
ip -6 addr add 2a02:908:5b1:e3c0:2::/128 dev enabcm6e4ei0
|
||||
ip -6 addr add fe80:b12f:acab:1312:acab:2::/128 dev enabcm6e4ei0
|
||||
'';
|
||||
};
|
||||
|
||||
# This value determines the NixOS release from which the default
|
||||
# settings for stateful data, like file locations and database versions
|
||||
|
|
|
@ -21,7 +21,6 @@ DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
|
|||
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
|
||||
'';
|
||||
|
||||
pub-solar.core.disk-encryption-active = false;
|
||||
pub-solar.core.hibernation.enable = true;
|
||||
pub-solar.core.hibernation.resumeDevice = "/dev/mapper/vg0-swap";
|
||||
|
||||
|
|
|
@ -13,7 +13,10 @@
|
|||
boot.kernelModules = [ "kvm-amd" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-id/md-name-nixos:root";
|
||||
boot.initrd.luks.devices."cryptroot" = {
|
||||
device = "/dev/disk/by-id/md-name-nixos:root";
|
||||
allowDiscards = true;
|
||||
};
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "none";
|
||||
|
|
|
@ -7,23 +7,8 @@
|
|||
with lib; let
|
||||
cfg = config.pub-solar.core;
|
||||
in {
|
||||
options.pub-solar.core.disk-encryption-active = mkOption {
|
||||
type = types.bool;
|
||||
default = true;
|
||||
description = "Whether it should be assumed that there is a cryptroot device";
|
||||
};
|
||||
|
||||
config = {
|
||||
boot = {
|
||||
# Mount / luks device in initrd
|
||||
# Allow fstrim to work on it.
|
||||
# The ! makes this enabled by default
|
||||
initrd = mkIf cfg.disk-encryption-active {
|
||||
luks.devices."cryptroot" = {
|
||||
allowDiscards = true;
|
||||
};
|
||||
};
|
||||
|
||||
loader.systemd-boot.enable = lib.mkDefault true;
|
||||
|
||||
# Use latest LTS linux kernel by default
|
||||
|
|
Loading…
Reference in a new issue