blob: b3d05b9618a281a438fcfdd91b16e672efa48823 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page
# and in the NixOS manual (accessible by running ‘nixos-help’).
{ config, pkgs, lib, ... }:
let
ipv4 = {
address = "95.216.74.104";
gateway = "95.216.74.65";
netmask = "255.255.255.192";
prefixLength = 26; # https://www.pawprint.net/designresources/netmask-converter.php
};
ipv6 = {
address = "2a01:4f9:2b:a98::";
gateway = "fe80::1";
prefixLength = 64;
};
networkInterface = "eth0";
hostName = "cobalt";
hostId = "712ae82a";
in
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
boot.supportedFilesystems = [ "zfs" ];
networking.hostId = hostId;
boot.loader.grub.enable = true;
# boot.loader.grub.version = 2;
boot.loader.grub.efiSupport = false;
# boot.loader.grub.device = "nodev";
# This should be done automatically, but explicitly declare it just in case.
boot.loader.grub.copyKernels = true;
# Make sure that you've listed all of the boot partitions here.
boot.loader.grub.mirroredBoots = [
{ path = "/boot"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GW7G"]; }
{ path = "/boot-fallback"; devices = ["/dev/disk/by-id/ata-ST4000NM0245-1Z2107_ZC17GWB2"]; }
];
# Boot normally when one of the boot partitions are missing
fileSystems."/boot".options = [ "nofail" ];
fileSystems."/boot-fallback".options = [ "nofail" ];
# Erase your darlings
boot.initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r rpool/local/root@blank
'';
# NOTE: replace these to boot.initrd.availableKernelModules?
boot.kernelModules = [ "e1000e" ];
boot.initrd.kernelModules = [ "e1000e" ];
boot.kernelParams = [
# See <https:#www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for documentation.
# ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
# The server ip refers to the NFS server -- not needed in this case.
"ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:8.8.8.8"
];
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
# Using the same port as the actual SSH will cause clients to throw errors
# related to host key mismatch.
port = 2222;
# This takes 'path's, not 'string's.
hostKeys = [
/boot/initrd-ssh-key
/boot-fallback/initrd-ssh-key
];
# Public ssh key to log into the initrd ssh
authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ];
};
boot.initrd.network.postCommands = ''
cat <<EOF > /root/.profile
if pgrep -x "zfs" > /dev/null
then
zfs load-key -a
killall zfs
else
echo "ZFS is not running -- this could be a sign of failure."
fi
EOF
'';
networking.hostName = hostName; # Define your hostname.
networking.useDHCP = false;
networking.interfaces.${networkInterface} = {
ipv4 = { addresses = [{ address = ipv4.address; prefixLength = ipv4.prefixLength; }]; };
ipv6 = { addresses = [{ address = ipv6.address; prefixLength = ipv6.prefixLength; }]; };
};
networking.defaultGateway = ipv4.gateway;
networking.defaultGateway6 = { address = ipv6.gateway; interface = networkInterface; };
networking.nameservers = [ "8.8.8.8" ];
# Set your time zone.
time.timeZone = "UTC";
users.users.root.initialHashedPassword = "";
users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDi7GGOGVj1Y5Sc1EW6zEdrp78dS6hvmS348pqu9dUsB openpgp:0x6BE7BD6F" ];
services.openssh.enable = true;
services.openssh.permitRootLogin = "prohibit-password";
nix.nixPath = [
"nixos-config=/persist/etc/nixos"
];
# This value determines the NixOS release from which the default
# settings for stateful data, like file locations and database versions
# on your system were taken. It‘s perfectly fine and recommended to leave
# this value at the release version of the first install of this system.
# Before changing this value read the documentation for this option
# (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
system.stateVersion = "23.05"; # Did you read the comment?
}
|
