96 lines
3.6 KiB
Nix
Raw Normal View History

2023-08-16 15:19:40 +02:00
{
2023-11-03 13:44:34 +01:00
#inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
2023-12-13 23:11:19 +01:00
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
2023-08-16 15:19:40 +02:00
inputs.disko.url = "github:nix-community/disko";
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
inputs.nixos-anywhere.url = "github:numtide/nixos-anywhere";
inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, nixpkgs, disko, nixos-anywhere, ... }@attrs: {
packages."x86_64-linux".makeDiskImageTest = disko.lib.lib.makeDiskImage {
nixosConfig = self.nixosConfigurations.mysystem;
};
packages."x86_64-linux".makeDiskScriptTest = disko.lib.lib.makeDiskImageScript {
nixosConfig = self.nixosConfigurations.mysystem;
};
nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
specialArgs = attrs;
modules = [
disko.nixosModules.disko
2023-10-12 12:02:39 +02:00
2023-10-12 12:03:23 +02:00
# Generate hardware configuration on target system and add it here.
# See README.md for details.
./hardware-configs/yodaHP.nix
2023-10-12 12:02:39 +02:00
# Select disko disk layout configuration.
#
# The way we import the luks-btrfs disk layout and pass an argument is not ideal,
# but keeps this config file shorter. A batter way is to expose options:
# https://discourse.nixos.org/t/passing-parameters-into-import/34082/4
#
2023-10-16 18:32:46 +02:00
#./disk-configs/simple-efi.nix
2023-10-12 12:02:39 +02:00
#./disk-configs/luks-lvm.nix
(import ./disk-configs/luks-btrfs.nix {
# Memory in bytes required to unlock the LUKS partition while booting.
# The default value is 1 GB (1000000).
# Set this as high as possible, but leave some buffer (e.g. 500 MB).
2024-02-06 18:35:30 +01:00
# As of 2024-02 the possible maximum is 4194304
# Example: If you have 4 GB memory, set this to 3500000.
2024-02-06 18:36:18 +01:00
pbkdf-memory = "4000000";
})
2023-10-12 12:01:32 +02:00
# Change device name match your block device.
# Running `lsblk` on the target machine can help you here.
# Examples: "/dev/nvme0n1", "/dev/sda", "/dev/vda"
2023-10-12 12:58:02 +02:00
{ disko.devices.disk.disk1.device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW128HEGR-000H1_S33ZNX0J129742"; }
2023-10-12 12:01:32 +02:00
2023-11-03 13:42:11 +01:00
# If a disk layout with full disk encryption (FDE) has been selected,
# optionally enable SSH during boot to remotely unlock the disk.
./ssh-fde-unlock.nix
2023-08-16 15:19:40 +02:00
{
2023-10-12 13:03:42 +02:00
# The host yodaHP did not boot after installation when using grub.
#boot.loader.grub = {
# # No need to set devices, disko will add all devices that have a EF02 partition to the list already.
# # devices = [];
# efiSupport = true;
# efiInstallAsRemovable = true;
#};
2024-02-06 18:37:13 +01:00
# Check if EFI or BIOS:
# efibootmgr
# => EFI variables are not supported on this system -> BIOS
2023-10-12 13:03:42 +02:00
2024-02-06 18:35:30 +01:00
# Bootloader: BIOS (old systems)
#boot.loader.grub = {
# # No need to set devices, disko will add all devices that have a EF02 partition to the list.
# # devices = [];
# efiSupport = true;
# efiInstallAsRemovable = true;
#};
# Bootloader: EFI (newer systems)
#
2023-10-12 13:03:42 +02:00
boot.loader.systemd-boot.enable = true;
boot.loader.efi.canTouchEfiVariables = true;
2023-10-12 12:04:12 +02:00
2023-11-03 14:56:19 +01:00
services.openssh = {
enable = true;
settings.PasswordAuthentication = false;
};
2023-10-12 12:04:12 +02:00
users.users.root.openssh.authorizedKeys.keys = [
(builtins.readFile ./nitrokey.pub)
];
console.keyMap = "de-latin1-nodeadkeys";
2023-11-03 13:44:34 +01:00
# This version matches the selected nixpkgs.url on top.
2023-12-13 23:11:19 +01:00
system.stateVersion = "23.11";
2023-08-16 15:19:40 +02:00
}
];
};
};
2023-08-16 16:26:05 +02:00
}