b12f/os
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

initrd/networking: manually set networking

Browse source
This commit is contained in:
Benjamin Yule Bädorf 2024-02-04 01:05:28 +01:00
parent 5fe27940b4
commit 3e0f8438c1
Signed by: b12f
GPG key ID: 729956E1124F8F26
10 changed files with 76 additions and 65 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
hosts/biolimo/hardware-configuration.nix
View file

@ -22,7 +22,10 @@
fsType = "ext4";
};
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-uuid/aed21f8d-8e15-4f43-8710-460cb36d488b";
allowDiscards = true;
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/3B67-0CAB";

23
hosts/droppie/configuration.nix
View file

@ -14,25 +14,36 @@ in {
services.openssh.openFirewall = true;
pub-solar.core.disk-encryption-active = false;
pub-solar.user.publicKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBB5XaH02a6+TchnyQED2VwaltPgeFCbildbE2h6nF5e root@nachtigall"
];
boot.kernelParams = [
"boot.shell_on_fail=1"
"ip=dhcp"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
boot.initrd.availableKernelModules = [ "tg3" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
authorizedKeys = psCfg.user.publicKeys;
hostKeys = ["/persist/etc/secrets/initrd/ssh_host_ed25519_key"];
shell = "/bin/cryptsetup-askpass";
};
postCommands = ''
ip link set dev enp2s0f0 up
ip addr add 192.168.178.3/32 dev enp2s0f0
ip route add 192.168.178.1 dev enp2s0f0
ip route add default via 192.168.178.1 dev enp2s0f0
ip -6 addr add 2a02:908:5b1:e3c0:3::/128 dev enp2s0f0
ip -6 addr add fe80:b12f:acab:1312:acab:3::/128 dev enp2s0f0
'';
};
# ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZQSephFJU0NMbVbhwvVJ2/m6jcPYo1IsWCsoarqKin root@droppie
age.secrets."droppie-ssh-root.key" = {

15
hosts/droppie/hardware-configuration.nix
View file

@ -8,12 +8,15 @@
[ (modulesPath + "/installer/scan/not-detected.nix")
];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" "tg3" ];
boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ehci_pci" "usbhid" "usb_storage" "uas" "sd_mod" ];
boot.initrd.kernelModules = [ "dm-snapshot" ];
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot".device = "/dev/sdb2";
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/sdb2";
allowDiscards = true;
};
fileSystems."/" =
{ device = "none";
@ -50,14 +53,6 @@
[ { device = "/dev/disk/by-uuid/0ef8dbbd-2832-4fb2-8a52-86682822f769"; }
];
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
# networking.useDHCP = lib.mkDefault true;
networking.interfaces.enp2s0f0.useDHCP = lib.mkDefault true;
networking.interfaces.enp2s0f1.useDHCP = lib.mkDefault true;
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
hardware.cpu.amd.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
}

11
hosts/droppie/networking.nix
View file

@ -6,16 +6,9 @@
...
}: {
networking.hostName = "droppie";
networking.interfaces.enp2s0f0.useDHCP = true;
networking.interfaces.enp2s0f1.useDHCP = true;
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
# (the default) this is the recommended approach. When using systemd-networkd it's
# still possible to use this option, but it's recommended to use it in conjunction
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
#networking.useDHCP = true;
#networking.interfaces.enp2s0f0.useDHCP = true;
#networking.interfaces.enp2s0f1.useDHCP = true;
networking.useDHCP = lib.mkDefault true;
networking.interfaces.enp2s0f0 = {
ipv6.addresses = [ { address = "2a02:908:5b1:e3c0:3::"; prefixLength = 64; } ];
};

15
hosts/frikandel/configuration.nix
View file

@ -15,7 +15,8 @@ in {
boot.kernelParams = [
"boot.shell_on_fail=1"
"ip=128.140.109.213::172.31.1.1:255.255.255.255:frikandel-initrd.b12f.io::off"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];
boot.initrd.availableKernelModules = [ "virtio_pci" "virtio_net" ];
boot.initrd.network = {
@ -27,6 +28,18 @@ in {
authorizedKeys = psCfg.user.publicKeys;
shell = "/bin/cryptsetup-askpass";
};
postCommands = ''
ip link set dev enp1s0 up
ip addr add 128.140.109.213/32 dev enp1s0
ip route add 172.31.1.1 dev enp1s0
ip route add default via 172.31.1.1 dev enp1s0
ip -6 addr add 128.140.109.213/128 dev enp1s0
ip -6 addr add 2a01:4f8:c2c:b60::/64 dev enp1s0
ip -6 route add fe80::1 dev enp1s0
ip -6 route add default via fe80::1 dev enp1s0
'';
};
boot.supportedFilesystems = [ "zfs" ];

1
hosts/iso/default.nix
View file

@ -3,7 +3,6 @@
lib,
...
}: {
pub-solar.core.disk-encryption-active = false;
isoImage.squashfsCompression = "gzip -Xcompression-level 1";
systemd.services.sshd.wantedBy = lib.mkForce [ "multi-user.target" ];
networking.networkmanager.enable = false;

24
hosts/pie/configuration.nix
View file

@ -23,21 +23,31 @@ in {
boot.kernelParams = [
"boot.shell_on_fail=1"
"ip=192.168.178.2::192.168.178.1:255.255.255.255:pie-initrd.b12f.io::off"
# Hack so that network is considered up by boot.initrd.network and postCommands gets executed.
"ip=127.0.0.1:::::lo:none"
];
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = [ "genet" ];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
authorizedKeys = psCfg.user.publicKeys;
hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"];
shell = "/bin/cryptsetup-askpass";
};
# See https://discourse.nixos.org/t/ssh-and-network-in-initrd-on-raspberry-pi-4/6289/3
boot.initrd.availableKernelModules = [ "genet" ];
postCommands = ''
ip link set dev enabcm6e4ei0 up
pub-solar.core.disk-encryption-active = false;
ip addr add 192.168.178.2/32 dev enabcm6e4ei0
ip route add 192.168.178.1 dev enabcm6e4ei0
ip route add default via 192.168.178.1 dev enabcm6e4ei0
ip -6 addr add 2a02:908:5b1:e3c0:2::/128 dev enabcm6e4ei0
ip -6 addr add fe80:b12f:acab:1312:acab:2::/128 dev enabcm6e4ei0
'';
};
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions

1
hosts/stroopwafel/configuration.nix
View file

@ -21,7 +21,6 @@ DEVICE /dev/nvme0n1p2 /dev/nvme1n1p2
ARRAY /dev/md/nixos:root metadata=1.2 name=nixos:root UUID=67d1aa81:1b348887:c17a75e8:f2edf2bd
'';
pub-solar.core.disk-encryption-active = false;
pub-solar.core.hibernation.enable = true;
pub-solar.core.hibernation.resumeDevice = "/dev/mapper/vg0-swap";

5
hosts/stroopwafel/hardware-configuration.nix
View file

@ -13,7 +13,10 @@
boot.kernelModules = [ "kvm-amd" ];
boot.extraModulePackages = [ ];
boot.initrd.luks.devices."cryptroot".device = "/dev/disk/by-id/md-name-nixos:root";
boot.initrd.luks.devices."cryptroot" = {
device = "/dev/disk/by-id/md-name-nixos:root";
allowDiscards = true;
};
fileSystems."/" =
{ device = "none";

15
modules/core/boot.nix
View file

@ -7,23 +7,8 @@
with lib; let
cfg = config.pub-solar.core;
in {
options.pub-solar.core.disk-encryption-active = mkOption {
type = types.bool;
default = true;
description = "Whether it should be assumed that there is a cryptroot device";
};
config = {
boot = {
# Mount / luks device in initrd
# Allow fstrim to work on it.
# The ! makes this enabled by default
initrd = mkIf cfg.disk-encryption-active {
luks.devices."cryptroot" = {
allowDiscards = true;
};
};
loader.systemd-boot.enable = lib.mkDefault true;
# Use latest LTS linux kernel by default