diff --git a/hosts/hyp-01/default.nix b/hosts/hyp-01/default.nix index 2993340..fb4ed38 100644 --- a/hosts/hyp-01/default.nix +++ b/hosts/hyp-01/default.nix @@ -5,6 +5,7 @@ { networking.hostName = "hyp-01"; networking.hostId = "ae2c05d3"; + nixpkgs.hostPlatform = "x86_64-linux"; imports = [ inputs.disko.nixosModules.disko diff --git a/hosts/hyp-01/modules/boot.nix b/hosts/hyp-01/modules/boot.nix index fa3aaf9..a4caca0 100644 --- a/hosts/hyp-01/modules/boot.nix +++ b/hosts/hyp-01/modules/boot.nix @@ -3,6 +3,5 @@ boot.loader.systemd-boot.enable = false; boot.loader.grub = { enable = true; - efiSupport = false; }; } diff --git a/hosts/hyp-01/modules/disko.nix b/hosts/hyp-01/modules/disko.nix index 3962c3a..b0c9455 100644 --- a/hosts/hyp-01/modules/disko.nix +++ b/hosts/hyp-01/modules/disko.nix @@ -9,60 +9,82 @@ in type = "disk"; device = disk1; content = { - type = "table"; - format = "mbr"; - partitions = [ - { - name = "boot-primary"; - size = "1G"; - bootable = true; + type = "gpt"; + efiGptPartitionFirst = false; + partitions = { + boot = { + priority = 1; type = "EF02"; + size = "32M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = null; + }; + hybrid = { + mbrPartitionType = "0x0c"; + mbrBootableFlag = false; + }; + }; + esp = { + size = "1G"; + type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "nofail" ]; }; - } - { - name = "zfs-a"; + }; + zfs = { size = "100%"; content = { type = "zfs"; pool = "zroot"; }; - } - ]; + }; + }; }; }; disk2 = { type = "disk"; device = disk2; content = { - type = "table"; - format = "mbr"; - partitions = [ - { - name = "boot-secondary"; - size = "1G"; - bootable = true; + type = "gpt"; + efiGptPartitionFirst = false; + partitions = { + boot = { + priority = 1; type = "EF02"; + size = "32M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = null; + }; + hybrid = { + mbrPartitionType = "0x0c"; + mbrBootableFlag = false; + }; + }; + esp = { + size = "1G"; + type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot-fallback"; mountOptions = [ "nofail" ]; }; - } - { - name = "zfs-b"; + }; + zfs = { size = "100%"; content = { type = "zfs"; pool = "zroot"; }; - } - ]; + }; + }; }; }; }; @@ -104,8 +126,14 @@ in boot.loader.grub = { device = disk1; - + version = 2; + zfsSupport = true; + efiSupport = true; mirroredBoots = [ + { + devices = [ disk1 ]; + path = "/boot"; + } { devices = [ disk2 ]; path = "/boot-fallback"; diff --git a/hosts/hyp-01/modules/impermanence.nix b/hosts/hyp-01/modules/impermanence.nix index 2d50d54..fa4ec52 100644 --- a/hosts/hyp-01/modules/impermanence.nix +++ b/hosts/hyp-01/modules/impermanence.nix @@ -1,7 +1,5 @@ -{ lib, ... }: { boot.initrd.systemd.enable = true; - boot.initrd.postDeviceCommands = lib.mkAfter "zfs mount -a"; fileSystems."/" = { device = "none"; @@ -13,10 +11,14 @@ ]; }; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { directories = [ "/etc/nixos" + "/etc/secrets" "/var/log" + "/var/lib/nixos" ]; files = [ "/etc/machine-id" diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index ecfd10e..b90b3a6 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: { options = { networking.hyp-01.ipv4.address = lib.mkOption { @@ -40,12 +45,36 @@ systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; - boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink"; + boot.kernelParams = [ "ip=dhcp" ]; + boot.initrd = { + availableKernelModules = [ "e1000e" ]; - boot.initrd.network = { - enable = true; + systemd = + let + askPass = pkgs.writeShellScriptBin "zfs-askpass" '' + systemd-tty-ask-password-agent --watch + ''; + in + { + enable = true; + storePaths = [ "${askPass}/bin/zfs-askpass" ]; + users.root.shell = "${askPass}/bin/zfs-askpass"; + }; + + network = { + enable = true; + + ssh = { + enable = true; + port = 2222; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" + ]; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; + }; + }; }; - - boot.initrd.kernelModules = [ "igb" ]; }; } diff --git a/hosts/hyp-01/modules/users.nix b/hosts/hyp-01/modules/users.nix index ac65bda..5a142c6 100644 --- a/hosts/hyp-01/modules/users.nix +++ b/hosts/hyp-01/modules/users.nix @@ -17,4 +17,6 @@ in ]; openssh.authorizedKeys.keys = [ sshKey ]; }; + + programs.zsh.enable = true; }