c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity
nixos-config/system/baremetal-server.nix
Christoph Heiss 402d3a5a3a
home-manager: clean up global configuration & import a bit 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
2024-05-10 01:20:50 +02:00

65 lines
1.7 KiB
Nix
Raw Permalink Blame History

{ config, ... }:
{
imports = [
../common
../system/home-manager
../services/openssh.nix
../system/headless.nix
];
boot.loader.grub = {
efiInstallAsRemovable = true;
efiSupport = true;
enableCryptodisk = true;
device = "nodev";
};
boot.kernelParams = [ "panic=10" "mitigations=off" ];
boot.initrd = {
availableKernelModules = [ "sd_mod" "cryptd" ];
kernelModules = [ "md_mod" "raid0" "raid1" ];
# Manually start degraded arrays if needed, to still allow booting from them.
# See https://github.com/NixOS/nixpkgs/issues/72608
preLVMCommands = ''
for dev in /dev/md*; do
if [ -b "$dev" ]; then
mdadm --run "$dev"
fi
done
'';
network = {
enable = true;
ssh = {
enable = true;
authorizedKeys =
config.users.users.christoph.openssh.authorizedKeys.keys;
hostKeys = [ "/var/secrets/initrd/hostkey" ];
extraConfig = ''
PubkeyAcceptedAlgorithms ssh-ed25519-cert-v01@openssh.com,sk-ssh-ed25519-cert-v01@openssh.com,ssh-ed25519,sk-ssh-ed25519@openssh.com
'';
};
udhcpc.enable = true;
postCommands = ''
echo 'importing all zpools ..'
/bin/zpool import -a
echo 'mdadm --detail /dev/md*; /bin/zpool status;' >>/root/.profile
echo '/bin/zfs load-key -r -a && /bin/cryptsetup-askpass && echo >/tmp/unlocked' >>/root/.profile
echo 'starting sshd ..'
'';
};
postDeviceCommands = ''
echo 'waiting for encrypted devices unlock ..'
mkfifo /tmp/unlocked
echo /tmp/unlocked
killall sshd
'';
};
hardware.rasdaemon.enable = true;
}
Reference in a new issue View git blame Copy permalink