mirror of
https://codeberg.org/privacy1st/nix-git
synced 2024-11-21 22:03:19 +01:00
add yodaHedgehog
This commit is contained in:
parent
73c73c6fa6
commit
15fea3bec8
@ -347,7 +347,7 @@ Filtering:
|
||||
|
||||
## BTRFS swap file
|
||||
|
||||
* https://nixos.wiki/wiki/Btrfs#Swap_file
|
||||
* Detailed instructions: https://nixos.wiki/wiki/Btrfs#Swap_file
|
||||
* https://wiki.archlinux.org/title/btrfs#Swap_file
|
||||
|
||||
Summary:
|
||||
|
@ -5,6 +5,12 @@
|
||||
[192.168.178.27]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
||||
[p1st.de]:2223 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0bfqbAh6E3sq82sg+ftcYLn7sPqCpPmPniL5Ey42Js
|
||||
|
||||
# 2023-11 yodaHedgehog with NixOS
|
||||
[192.168.178.106]:2226 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZmR+z+5/7xdu8mbZ54/DoqiXzoKh8rtHBU52KhwWx4
|
||||
[p1st.de]:2226 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBZmR+z+5/7xdu8mbZ54/DoqiXzoKh8rtHBU52KhwWx4
|
||||
[192.168.178.106]:2227 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOr6z4AcZelv08eY9TMHihlF+C1g8OBLldMvNz3TvXOr
|
||||
[p1st.de]:2227 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOr6z4AcZelv08eY9TMHihlF+C1g8OBLldMvNz3TvXOr
|
||||
|
||||
# 2023-10 yodaHP with NixOS
|
||||
192.168.178.108 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDy1mNvsCIyYW5rNkNcEUCGYlDdPUJ+SyzrASd+z8q2Z
|
||||
|
||||
|
66
hosts/yodaHedgehog/configuration.nix
Normal file
66
hosts/yodaHedgehog/configuration.nix
Normal file
@ -0,0 +1,66 @@
|
||||
{ config, pkgs, ... }:
|
||||
{
|
||||
imports =
|
||||
[
|
||||
./hardware-configuration.nix
|
||||
./host-specific.nix
|
||||
../../modules/home-manager.nix
|
||||
../../modules/nur-and-unstable.nix
|
||||
../../modules/base.nix
|
||||
../../modules/headless.nix
|
||||
|
||||
#../../modules/gnome-base.nix
|
||||
#../../modules/gnome-config.nix
|
||||
#../../modules/gnome-extensions.nix
|
||||
#../../modules/gnome-fractional-scaling.nix
|
||||
|
||||
#../../modules/programs.nix
|
||||
#../../modules/boxes.nix
|
||||
#../../modules/freetube.nix
|
||||
#../../modules/vscodium.nix
|
||||
#../../modules/signal-desktop.nix
|
||||
#../../modules/element-desktop.nix
|
||||
#../../modules/joplin-desktop.nix
|
||||
#../../modules/tor-browser.nix
|
||||
#../../modules/autostart.nix
|
||||
#../../modules/wallpaper.nix
|
||||
#../../modules/fwupd-gnome.nix
|
||||
#../../modules/print-and-scan.nix
|
||||
../../modules/ssh-fde-unlock.nix
|
||||
#../../modules/nextcloud-integration.nix
|
||||
#../../modules/git.nix
|
||||
../../modules/zsh.nix
|
||||
#../../modules/nitrokey-gpg-smartcard.nix
|
||||
#../../modules/ssh-client.nix
|
||||
../../modules/ssh-server.nix
|
||||
#../../modules/firefox.nix
|
||||
#../../modules/thunderbird.nix
|
||||
#../../modules/digikam-rawtherapee.nix
|
||||
#../../modules/ghostwriter.nix
|
||||
#../../modules/android.nix
|
||||
#../../modules/pmbootstrap.nix
|
||||
#../../modules/podman.nix
|
||||
#../../modules/docker.nix
|
||||
#../../modules/docker-pushrm.nix
|
||||
#../../modules/lid-switch-handling.nix
|
||||
#../../modules/sendmail-mta.nix # TODO
|
||||
#../../modules/journalwatch.nix # TODO
|
||||
#../../modules/waydroid.nix
|
||||
#../../modules/ntfs.nix
|
||||
#../../modules/veracrypt.nix
|
||||
#../../modules/btrbk
|
||||
#../../modules/spin-down.nix # TODO
|
||||
|
||||
../../modules/btrfs-scrub.nix
|
||||
../../modules/btrfs-mount-options.nix
|
||||
];
|
||||
|
||||
networking.hostName = "yodaHedgehog";
|
||||
boot.initrd.luks.devices."crypted".allowDiscards = true;
|
||||
yoda.btrfsFileSystems = ["/"];
|
||||
#yoda.btrfsMounts = yoda.btrfsFileSystems;
|
||||
|
||||
boot.kernelParams = [];
|
||||
|
||||
boot.kernelPackages = pkgs.linuxPackages;
|
||||
}
|
46
hosts/yodaHedgehog/hardware-configuration.nix
Normal file
46
hosts/yodaHedgehog/hardware-configuration.nix
Normal file
@ -0,0 +1,46 @@
|
||||
# Do not modify this file! It was generated by ‘nixos-generate-config’
|
||||
# and may be overwritten by future invocations. Please make changes
|
||||
# to /etc/nixos/configuration.nix instead.
|
||||
{ config, lib, pkgs, modulesPath, ... }:
|
||||
|
||||
{
|
||||
imports =
|
||||
[ (modulesPath + "/installer/scan/not-detected.nix")
|
||||
];
|
||||
|
||||
boot.initrd.availableKernelModules = [ "ahci" "xhci_pci" "usbhid" "sd_mod" ];
|
||||
boot.initrd.kernelModules = [ ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
|
||||
fileSystems."/" =
|
||||
{ device = "/dev/disk/by-uuid/4d413255-2c52-4b69-9be1-179e28f1b67e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@" ];
|
||||
};
|
||||
|
||||
boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/5ecf0d68-24fc-49ee-8a78-23b47f3c566c";
|
||||
|
||||
fileSystems."/boot" =
|
||||
{ device = "/dev/disk/by-uuid/81A5-B98A";
|
||||
fsType = "vfat";
|
||||
};
|
||||
|
||||
fileSystems."/swap" =
|
||||
{ device = "/dev/disk/by-uuid/4d413255-2c52-4b69-9be1-179e28f1b67e";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=@swap" ];
|
||||
};
|
||||
|
||||
swapDevices = [ { device = "/swap/swapfile"; } ];
|
||||
|
||||
# Enables DHCP on each ethernet and wireless interface. In case of scripted networking
|
||||
# (the default) this is the recommended approach. When using systemd-networkd it's
|
||||
# still possible to use this option, but it's recommended to use it in conjunction
|
||||
# with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
|
||||
networking.useDHCP = lib.mkDefault true;
|
||||
# networking.interfaces.enp3s0.useDHCP = lib.mkDefault true;
|
||||
|
||||
nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
|
||||
hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
|
||||
}
|
1
hosts/yodaHedgehog/host-specific.nix
Normal file
1
hosts/yodaHedgehog/host-specific.nix
Normal file
@ -0,0 +1 @@
|
||||
{}
|
@ -74,6 +74,20 @@
|
||||
compression = true;
|
||||
};
|
||||
|
||||
# local IP: 192.168.178.106
|
||||
"yodaHedgehog" = {
|
||||
hostname = "p1st.de";
|
||||
user = "yoda";
|
||||
port = 2226;
|
||||
compression = true;
|
||||
};
|
||||
"unlockYodaHedgehog" = {
|
||||
hostname = "p1st.de";
|
||||
user = "root";
|
||||
port = 2227;
|
||||
compression = true;
|
||||
};
|
||||
|
||||
# local IP: 192.168.178.27
|
||||
"yodaNas" = {
|
||||
hostname = "p1st.de";
|
||||
|
@ -2,6 +2,7 @@
|
||||
{
|
||||
# Unlock encrypted root partition remotely with SSH.
|
||||
# TODO: Some manual steps are required, see https://nixos.wiki/wiki/Remote_LUKS_Unlocking#Prepare_SSH_host_keys
|
||||
# -> ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key
|
||||
#
|
||||
# Additional references:
|
||||
# https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
|
||||
@ -17,6 +18,8 @@
|
||||
then 2225
|
||||
else if (config.networking.hostName == "yodaNas")
|
||||
then 2223
|
||||
else if (config.networking.hostName == "yodaHedgehog")
|
||||
then 2227
|
||||
else throw "Please add initrd ssh port here"
|
||||
);
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
@ -34,7 +37,7 @@
|
||||
# inxi -F
|
||||
#
|
||||
boot.initrd.availableKernelModules = (
|
||||
if (config.networking.hostName == "yodaTux")
|
||||
if (config.networking.hostName == "yodaTux") || (config.networking.hostName == "yodaHedgehog")
|
||||
then [ "r8169" ]
|
||||
else if (config.networking.hostName == "yodaYoga") || (config.networking.hostName == "yodaNas")
|
||||
then [ "e1000e" ]
|
@ -10,6 +10,8 @@
|
||||
then [2224]
|
||||
else if (config.networking.hostName == "yodaNas")
|
||||
then [2222]
|
||||
else if (config.networking.hostName == "yodaHedgehog")
|
||||
then [2226]
|
||||
else throw "Please add ssh port here"
|
||||
);
|
||||
# Use authorized keys only.
|
||||
@ -19,10 +21,10 @@
|
||||
};
|
||||
|
||||
# SSH public key(s) allowed to connect via SSH.
|
||||
users.users.yoda.openssh.authorizedKeys.keys = [
|
||||
users.users."yoda".openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
||||
];
|
||||
users.users.root.openssh.authorizedKeys.keys = [
|
||||
users.users."root".openssh.authorizedKeys.keys = [
|
||||
(builtins.readFile ../assets/ssh/nitrokey.pub)
|
||||
] ++ (
|
||||
if (config.networking.hostName == "yodaNas")
|
||||
|
Loading…
Reference in New Issue
Block a user