2023-08-16 15:19:40 +02:00
|
|
|
{
|
2023-11-03 13:44:34 +01:00
|
|
|
#inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-unstable";
|
2023-12-13 23:11:19 +01:00
|
|
|
inputs.nixpkgs.url = "github:NixOS/nixpkgs/nixos-23.11";
|
2023-08-16 15:19:40 +02:00
|
|
|
|
|
|
|
inputs.disko.url = "github:nix-community/disko";
|
|
|
|
inputs.disko.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
|
|
|
inputs.nixos-anywhere.url = "github:numtide/nixos-anywhere";
|
|
|
|
inputs.nixos-anywhere.inputs.nixpkgs.follows = "nixpkgs";
|
|
|
|
|
|
|
|
outputs = { self, nixpkgs, disko, nixos-anywhere, ... }@attrs: {
|
|
|
|
packages."x86_64-linux".makeDiskImageTest = disko.lib.lib.makeDiskImage {
|
|
|
|
nixosConfig = self.nixosConfigurations.mysystem;
|
|
|
|
};
|
|
|
|
packages."x86_64-linux".makeDiskScriptTest = disko.lib.lib.makeDiskImageScript {
|
|
|
|
nixosConfig = self.nixosConfigurations.mysystem;
|
|
|
|
};
|
|
|
|
nixosConfigurations.mysystem = nixpkgs.lib.nixosSystem {
|
|
|
|
system = "x86_64-linux";
|
|
|
|
specialArgs = attrs;
|
|
|
|
modules = [
|
|
|
|
disko.nixosModules.disko
|
2023-10-12 12:02:39 +02:00
|
|
|
|
2023-10-12 12:03:23 +02:00
|
|
|
# Generate hardware configuration on target system and add it here.
|
|
|
|
# See README.md for details.
|
|
|
|
./hardware-configs/yodaHP.nix
|
|
|
|
|
2023-10-12 12:02:39 +02:00
|
|
|
# Select disko disk layout configuration.
|
2023-11-03 12:59:04 +01:00
|
|
|
#
|
|
|
|
# The way we import the luks-btrfs disk layout and pass an argument is not ideal,
|
|
|
|
# but keeps this config file shorter. A batter way is to expose options:
|
|
|
|
# https://discourse.nixos.org/t/passing-parameters-into-import/34082/4
|
|
|
|
#
|
2023-10-16 18:32:46 +02:00
|
|
|
#./disk-configs/simple-efi.nix
|
2023-10-12 12:02:39 +02:00
|
|
|
#./disk-configs/luks-lvm.nix
|
2023-11-03 12:59:04 +01:00
|
|
|
(import ./disk-configs/luks-btrfs.nix {
|
|
|
|
# Memory in bytes required to unlock the LUKS partition while booting.
|
|
|
|
# The default value is 1 GB (1000000).
|
|
|
|
# Set this as high as possible, but leave some buffer (e.g. 500 MB).
|
2024-02-06 18:35:30 +01:00
|
|
|
# As of 2024-02 the possible maximum is 4194304
|
2023-11-03 12:59:04 +01:00
|
|
|
# Example: If you have 4 GB memory, set this to 3500000.
|
2024-02-06 18:36:18 +01:00
|
|
|
pbkdf-memory = "4000000";
|
2023-11-03 12:59:04 +01:00
|
|
|
})
|
2023-10-12 12:01:32 +02:00
|
|
|
|
|
|
|
# Change device name match your block device.
|
|
|
|
# Running `lsblk` on the target machine can help you here.
|
|
|
|
# Examples: "/dev/nvme0n1", "/dev/sda", "/dev/vda"
|
2023-10-12 12:58:02 +02:00
|
|
|
{ disko.devices.disk.disk1.device = "/dev/disk/by-id/nvme-SAMSUNG_MZVLW128HEGR-000H1_S33ZNX0J129742"; }
|
2023-10-12 12:01:32 +02:00
|
|
|
|
2023-11-03 13:42:11 +01:00
|
|
|
# If a disk layout with full disk encryption (FDE) has been selected,
|
|
|
|
# optionally enable SSH during boot to remotely unlock the disk.
|
|
|
|
./ssh-fde-unlock.nix
|
|
|
|
|
2023-08-16 15:19:40 +02:00
|
|
|
{
|
2023-10-12 13:03:42 +02:00
|
|
|
# The host yodaHP did not boot after installation when using grub.
|
|
|
|
#boot.loader.grub = {
|
|
|
|
# # No need to set devices, disko will add all devices that have a EF02 partition to the list already.
|
|
|
|
# # devices = [];
|
|
|
|
# efiSupport = true;
|
|
|
|
# efiInstallAsRemovable = true;
|
|
|
|
#};
|
|
|
|
|
2024-02-06 18:35:30 +01:00
|
|
|
# Bootloader: BIOS (old systems)
|
|
|
|
#boot.loader.grub = {
|
|
|
|
# # No need to set devices, disko will add all devices that have a EF02 partition to the list.
|
|
|
|
# # devices = [];
|
|
|
|
# efiSupport = true;
|
|
|
|
# efiInstallAsRemovable = true;
|
|
|
|
#};
|
|
|
|
|
|
|
|
# Bootloader: EFI (newer systems)
|
|
|
|
#
|
2023-10-12 13:03:42 +02:00
|
|
|
boot.loader.systemd-boot.enable = true;
|
|
|
|
boot.loader.efi.canTouchEfiVariables = true;
|
2023-10-12 12:04:12 +02:00
|
|
|
|
2023-11-03 14:56:19 +01:00
|
|
|
services.openssh = {
|
|
|
|
enable = true;
|
|
|
|
settings.PasswordAuthentication = false;
|
|
|
|
};
|
2023-10-12 12:04:12 +02:00
|
|
|
users.users.root.openssh.authorizedKeys.keys = [
|
|
|
|
(builtins.readFile ./nitrokey.pub)
|
|
|
|
];
|
|
|
|
|
2023-11-03 12:59:04 +01:00
|
|
|
console.keyMap = "de-latin1-nodeadkeys";
|
|
|
|
|
2023-11-03 13:44:34 +01:00
|
|
|
# This version matches the selected nixpkgs.url on top.
|
2023-12-13 23:11:19 +01:00
|
|
|
system.stateVersion = "23.11";
|
2023-08-16 15:19:40 +02:00
|
|
|
}
|
|
|
|
];
|
|
|
|
};
|
|
|
|
};
|
2023-08-16 16:26:05 +02:00
|
|
|
}
|