mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-11-24 22:29:33 +01:00
add yodaHedgehog
This commit is contained in:
parent
73c73c6fa6
commit
15fea3bec8
@ -347,7 +347,7 @@ Filtering:
|
|||||||
|
|
||||||
## BTRFS swap file
|
## BTRFS swap file
|
||||||
|
|
||||||
* https://nixos.wiki/wiki/Btrfs#Swap_file
|
* Detailed instructions: https://nixos.wiki/wiki/Btrfs#Swap_file
|
||||||
* https://wiki.archlinux.org/title/btrfs#Swap_file
|
* https://wiki.archlinux.org/title/btrfs#Swap_file
|
||||||
|
|
||||||
Summary:
|
Summary:
|
||||||
|
@ -5,6 +5,12 @@
|
|||||||
[192.168.178.27]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
[192.168.178.27]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
||||||
[p1st.de]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
[p1st.de]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
||||||
|
|
||||||
|
# 2023-11 yodaHedgehog with NixOS
|
||||||
|
[192.168.178.106]:2226 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZmR+z+5/7xdu8mbZ54/DoqiXzoKh8rtHBU52KhwWx4
|
||||||
|
[p1st.de]:2226 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZmR+z+5/7xdu8mbZ54/DoqiXzoKh8rtHBU52KhwWx4
|
||||||
|
[192.168.178.106]:2227 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOr6z4AcZelv08eY9TMHihlF+C1g8OBLldMvNz3TvXOr
|
||||||
|
[p1st.de]:2227 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOr6z4AcZelv08eY9TMHihlF+C1g8OBLldMvNz3TvXOr
|
||||||
|
|
||||||
# 2023-10 yodaHP with NixOS
|
# 2023-10 yodaHP with NixOS
|
||||||
192.168.178.108 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDy1mNvsCIyYW5rNkNcEUCGYlDdPUJ+SyzrASd+z8q2Z
|
192.168.178.108 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDy1mNvsCIyYW5rNkNcEUCGYlDdPUJ+SyzrASd+z8q2Z
|
||||||
|
|
||||||
|
66
hosts/yodaHedgehog/configuration.nix
Normal file
66
hosts/yodaHedgehog/configuration.nix
Normal file
@ -0,0 +1,66 @@
|
|||||||
|
{ config, pkgs, ... }:
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./hardware-configuration.nix
|
||||||
|
./host-specific.nix
|
||||||
|
../../modules/home-manager.nix
|
||||||
|
../../modules/nur-and-unstable.nix
|
||||||
|
../../modules/base.nix
|
||||||
|
../../modules/headless.nix
|
||||||
|
|
||||||
|
#../../modules/gnome-base.nix
|
||||||
|
#../../modules/gnome-config.nix
|
||||||
|
#../../modules/gnome-extensions.nix
|
||||||
|
#../../modules/gnome-fractional-scaling.nix
|
||||||
|
|
||||||
|
#../../modules/programs.nix
|
||||||
|
#../../modules/boxes.nix
|
||||||
|
#../../modules/freetube.nix
|
||||||
|
#../../modules/vscodium.nix
|
||||||
|
#../../modules/signal-desktop.nix
|
||||||
|
#../../modules/element-desktop.nix
|
||||||
|
#../../modules/joplin-desktop.nix
|
||||||
|
#../../modules/tor-browser.nix
|
||||||
|
#../../modules/autostart.nix
|
||||||
|
#../../modules/wallpaper.nix
|
||||||
|
#../../modules/fwupd-gnome.nix
|
||||||
|
#../../modules/print-and-scan.nix
|
||||||
|
../../modules/ssh-fde-unlock.nix
|
||||||
|
#../../modules/nextcloud-integration.nix
|
||||||
|
#../../modules/git.nix
|
||||||
|
../../modules/zsh.nix
|
||||||
|
#../../modules/nitrokey-gpg-smartcard.nix
|
||||||
|
#../../modules/ssh-client.nix
|
||||||
|
../../modules/ssh-server.nix
|
||||||
|
#../../modules/firefox.nix
|
||||||
|
#../../modules/thunderbird.nix
|
||||||
|
#../../modules/digikam-rawtherapee.nix
|
||||||
|
#../../modules/ghostwriter.nix
|
||||||
|
#../../modules/android.nix
|
||||||
|
#../../modules/pmbootstrap.nix
|
||||||
|
#../../modules/podman.nix
|
||||||
|
#../../modules/docker.nix
|
||||||
|
#../../modules/docker-pushrm.nix
|
||||||
|
#../../modules/lid-switch-handling.nix
|
||||||
|
#../../modules/sendmail-mta.nix # TODO
|
||||||
|
#../../modules/journalwatch.nix # TODO
|
||||||
|
#../../modules/waydroid.nix
|
||||||
|
#../../modules/ntfs.nix
|
||||||
|
#../../modules/veracrypt.nix
|
||||||
|
#../../modules/btrbk
|
||||||
|
#../../modules/spin-down.nix # TODO
|
||||||
|
|
||||||
|
../../modules/btrfs-scrub.nix
|
||||||
|
../../modules/btrfs-mount-options.nix
|
||||||
|
];
|
||||||
|
|
||||||
|
networking.hostName = "yodaHedgehog";
|
||||||
|
boot.initrd.luks.devices."crypted".allowDiscards = true;
|
||||||
|
yoda.btrfsFileSystems = ["/"];
|
||||||
|
#yoda.btrfsMounts = yoda.btrfsFileSystems;
|
||||||
|
|
||||||
|
boot.kernelParams = [];
|
||||||
|
|
||||||
|
boot.kernelPackages = pkgs.linuxPackages;
|
||||||
|
}
|
46
hosts/yodaHedgehog/hardware-configuration.nix
Normal file
46
hosts/yodaHedgehog/hardware-configuration.nix
Normal file
@ -0,0 +1,46 @@
|
|||||||
|
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||||
|
# and may be overwritten by future invocations. Please make changes
|
||||||
|
# to /etc/nixos/configuration.nix instead.
|
||||||
|
{ config, lib, pkgs, modulesPath, ... }:
|
||||||
|
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||||
|
];
|
||||||
|
|
||||||
|
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "sd_mod" ];
|
||||||
|
boot.initrd.kernelModules = [ ];
|
||||||
|
boot.kernelModules = [ "kvm-intel" ];
|
||||||
|
boot.extraModulePackages = [ ];
|
||||||
|
|
||||||
|
fileSystems."/" =
|
||||||
|
{ device = "/dev/disk/by-uuid/4d413255-2c52-4b69-9be1-179e28f1b67e";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/5ecf0d68-24fc-49ee-8a78-23b47f3c566c";
|
||||||
|
|
||||||
|
fileSystems."/boot" =
|
||||||
|
{ device = "/dev/disk/by-uuid/81A5-B98A";
|
||||||
|
fsType = "vfat";
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/swap" =
|
||||||
|
{ device = "/dev/disk/by-uuid/4d413255-2c52-4b69-9be1-179e28f1b67e";
|
||||||
|
fsType = "btrfs";
|
||||||
|
options = [ "subvol=@swap" ];
|
||||||
|
};
|
||||||
|
|
||||||
|
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||||
|
|
||||||
|
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||||
|
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||||
|
# still possible to use this option, but it's recommended to use it in conjunction
|
||||||
|
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||||
|
networking.useDHCP = lib.mkDefault true;
|
||||||
|
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||||
|
|
||||||
|
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||||
|
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||||
|
}
|
1
hosts/yodaHedgehog/host-specific.nix
Normal file
1
hosts/yodaHedgehog/host-specific.nix
Normal file
@ -0,0 +1 @@
|
|||||||
|
{}
|
@ -74,6 +74,20 @@
|
|||||||
compression = true;
|
compression = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# local IP: 192.168.178.106
|
||||||
|
"yodaHedgehog" = {
|
||||||
|
hostname = "p1st.de";
|
||||||
|
user = "yoda";
|
||||||
|
port = 2226;
|
||||||
|
compression = true;
|
||||||
|
};
|
||||||
|
"unlockYodaHedgehog" = {
|
||||||
|
hostname = "p1st.de";
|
||||||
|
user = "root";
|
||||||
|
port = 2227;
|
||||||
|
compression = true;
|
||||||
|
};
|
||||||
|
|
||||||
# local IP: 192.168.178.27
|
# local IP: 192.168.178.27
|
||||||
"yodaNas" = {
|
"yodaNas" = {
|
||||||
hostname = "p1st.de";
|
hostname = "p1st.de";
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
{
|
{
|
||||||
# Unlock encrypted root partition remotely with SSH.
|
# Unlock encrypted root partition remotely with SSH.
|
||||||
# TODO: Some manual steps are required, see https://nixos.wiki/wiki/Remote_LUKS_Unlocking#Prepare_SSH_host_keys
|
# TODO: Some manual steps are required, see https://nixos.wiki/wiki/Remote_LUKS_Unlocking#Prepare_SSH_host_keys
|
||||||
|
# -> ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
|
||||||
#
|
#
|
||||||
# Additional references:
|
# Additional references:
|
||||||
# https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
|
# https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
|
||||||
@ -17,6 +18,8 @@
|
|||||||
then 2225
|
then 2225
|
||||||
else if (config.networking.hostName == "yodaNas")
|
else if (config.networking.hostName == "yodaNas")
|
||||||
then 2223
|
then 2223
|
||||||
|
else if (config.networking.hostName == "yodaHedgehog")
|
||||||
|
then 2227
|
||||||
else throw "Please add initrd ssh port here"
|
else throw "Please add initrd ssh port here"
|
||||||
);
|
);
|
||||||
shell = "/bin/cryptsetup-askpass";
|
shell = "/bin/cryptsetup-askpass";
|
||||||
@ -34,7 +37,7 @@
|
|||||||
# inxi -F
|
# inxi -F
|
||||||
#
|
#
|
||||||
boot.initrd.availableKernelModules = (
|
boot.initrd.availableKernelModules = (
|
||||||
if (config.networking.hostName == "yodaTux")
|
if (config.networking.hostName == "yodaTux") || (config.networking.hostName == "yodaHedgehog")
|
||||||
then [ "r8169" ]
|
then [ "r8169" ]
|
||||||
else if (config.networking.hostName == "yodaYoga") || (config.networking.hostName == "yodaNas")
|
else if (config.networking.hostName == "yodaYoga") || (config.networking.hostName == "yodaNas")
|
||||||
then [ "e1000e" ]
|
then [ "e1000e" ]
|
@ -10,6 +10,8 @@
|
|||||||
then [2224]
|
then [2224]
|
||||||
else if (config.networking.hostName == "yodaNas")
|
else if (config.networking.hostName == "yodaNas")
|
||||||
then [2222]
|
then [2222]
|
||||||
|
else if (config.networking.hostName == "yodaHedgehog")
|
||||||
|
then [2226]
|
||||||
else throw "Please add ssh port here"
|
else throw "Please add ssh port here"
|
||||||
);
|
);
|
||||||
# Use authorized keys only.
|
# Use authorized keys only.
|
||||||
@ -19,10 +21,10 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
# SSH public key(s) allowed to connect via SSH.
|
# SSH public key(s) allowed to connect via SSH.
|
||||||
users.users.yoda.openssh.authorizedKeys.keys = [
|
users.users."yoda".openssh.authorizedKeys.keys = [
|
||||||
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
||||||
];
|
];
|
||||||
users.users.root.openssh.authorizedKeys.keys = [
|
users.users."root".openssh.authorizedKeys.keys = [
|
||||||
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
||||||
] ++ (
|
] ++ (
|
||||||
if (config.networking.hostName == "yodaNas")
|
if (config.networking.hostName == "yodaNas")
|
||||||
|
Loading…
Reference in New Issue
Block a user