From 227b4c5fd4e0cf4bc66878c01076e1a1f8f9a5cf Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 10:11:39 +0100 Subject: [PATCH 1/9] feat: add initrd network config Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/networking.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index ecfd10e..1c74e4a 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -44,6 +44,18 @@ boot.initrd.network = { enable = true; + + arguments = with config.networking.hyp-01; [ + "ip=${ipv4.address}::${ipv4.gateway}:255.255.255.192::eth0:off" + ]; + + ssh = { + enable = true; + port = 2222; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" + ]; + }; }; boot.initrd.kernelModules = [ "igb" ]; From 5b6e05ebf61817b0b8eeeef19add27f25ebd2b13 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 10:18:49 +0100 Subject: [PATCH 2/9] fix: disko config Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/disko.nix | 70 ++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 24 deletions(-) diff --git a/hosts/hyp-01/modules/disko.nix b/hosts/hyp-01/modules/disko.nix index 3962c3a..525e047 100644 --- a/hosts/hyp-01/modules/disko.nix +++ b/hosts/hyp-01/modules/disko.nix @@ -9,60 +9,82 @@ in type = "disk"; device = disk1; content = { - type = "table"; - format = "mbr"; - partitions = [ - { - name = "boot-primary"; - size = "1G"; - bootable = true; + type = "gpt"; + efiGptPartitionFirst = false; + partitions = { + boot = { + priority = 1; type = "EF02"; + size = "32M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = null; + }; + hybrid = { + mbrPartitionType = "0x0c"; + mbrBootableFlag = false; + }; + }; + esp = { + size = "1G"; + type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; mountOptions = [ "nofail" ]; }; - } - { - name = "zfs-a"; + }; + zfs = { size = "100%"; content = { type = "zfs"; pool = "zroot"; }; - } - ]; + }; + }; }; }; disk2 = { type = "disk"; device = disk2; content = { - type = "table"; - format = "mbr"; - partitions = [ - { - name = "boot-secondary"; - size = "1G"; - bootable = true; + type = "gpt"; + efiGptPartitionFirst = false; + partitions = { + boot = { + priority = 1; type = "EF02"; + size = "32M"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = null; + }; + hybrid = { + mbrPartitionType = "0x0c"; + mbrBootableFlag = false; + }; + }; + esp = { + size = "1G"; + type = "EF00"; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot-fallback"; mountOptions = [ "nofail" ]; }; - } - { - name = "zfs-b"; + }; + zfs = { size = "100%"; content = { type = "zfs"; pool = "zroot"; }; - } - ]; + }; + }; }; }; }; From 3dcd18613240ec04613c0d787798d4fed787f6b4 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 10:35:09 +0100 Subject: [PATCH 3/9] fix: add missing hostPlatform Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/hyp-01/default.nix b/hosts/hyp-01/default.nix index 2993340..fb4ed38 100644 --- a/hosts/hyp-01/default.nix +++ b/hosts/hyp-01/default.nix @@ -5,6 +5,7 @@ { networking.hostName = "hyp-01"; networking.hostId = "ae2c05d3"; + nixpkgs.hostPlatform = "x86_64-linux"; imports = [ inputs.disko.nixosModules.disko From f5659c14d8518712b057b87f9af399160b3ce529 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 10:39:21 +0100 Subject: [PATCH 4/9] fix: initrd network config Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/networking.nix | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index 1c74e4a..f238490 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -40,15 +40,12 @@ systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; + boot.initrd.systemd.network.enable = true; boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink"; boot.initrd.network = { enable = true; - arguments = with config.networking.hyp-01; [ - "ip=${ipv4.address}::${ipv4.gateway}:255.255.255.192::eth0:off" - ]; - ssh = { enable = true; port = 2222; From c3e19aae29f8689bbfc7d3218e3ff62f1d9829c3 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 10:52:59 +0100 Subject: [PATCH 5/9] fix: assertions Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/boot.nix | 1 - hosts/hyp-01/modules/disko.nix | 8 +++++++- hosts/hyp-01/modules/impermanence.nix | 3 ++- hosts/hyp-01/modules/networking.nix | 5 ++++- hosts/hyp-01/modules/users.nix | 2 ++ 5 files changed, 15 insertions(+), 4 deletions(-) diff --git a/hosts/hyp-01/modules/boot.nix b/hosts/hyp-01/modules/boot.nix index fa3aaf9..a4caca0 100644 --- a/hosts/hyp-01/modules/boot.nix +++ b/hosts/hyp-01/modules/boot.nix @@ -3,6 +3,5 @@ boot.loader.systemd-boot.enable = false; boot.loader.grub = { enable = true; - efiSupport = false; }; } diff --git a/hosts/hyp-01/modules/disko.nix b/hosts/hyp-01/modules/disko.nix index 525e047..b0c9455 100644 --- a/hosts/hyp-01/modules/disko.nix +++ b/hosts/hyp-01/modules/disko.nix @@ -126,8 +126,14 @@ in boot.loader.grub = { device = disk1; - + version = 2; + zfsSupport = true; + efiSupport = true; mirroredBoots = [ + { + devices = [ disk1 ]; + path = "/boot"; + } { devices = [ disk2 ]; path = "/boot-fallback"; diff --git a/hosts/hyp-01/modules/impermanence.nix b/hosts/hyp-01/modules/impermanence.nix index 2d50d54..360f306 100644 --- a/hosts/hyp-01/modules/impermanence.nix +++ b/hosts/hyp-01/modules/impermanence.nix @@ -1,7 +1,6 @@ { lib, ... }: { boot.initrd.systemd.enable = true; - boot.initrd.postDeviceCommands = lib.mkAfter "zfs mount -a"; fileSystems."/" = { device = "none"; @@ -13,6 +12,8 @@ ]; }; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { directories = [ "/etc/nixos" diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index f238490..2f203b2 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -41,7 +41,7 @@ systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; boot.initrd.systemd.network.enable = true; - boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink"; + boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink"; boot.initrd.network = { enable = true; @@ -52,6 +52,9 @@ authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" ]; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; }; }; diff --git a/hosts/hyp-01/modules/users.nix b/hosts/hyp-01/modules/users.nix index ac65bda..5a142c6 100644 --- a/hosts/hyp-01/modules/users.nix +++ b/hosts/hyp-01/modules/users.nix @@ -17,4 +17,6 @@ in ]; openssh.authorizedKeys.keys = [ sshKey ]; }; + + programs.zsh.enable = true; } From 2e3fc206f49625a3d743727a8425f3e5b2b6a2e1 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 11:04:16 +0100 Subject: [PATCH 6/9] fix: impermanence Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/impermanence.nix | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/hosts/hyp-01/modules/impermanence.nix b/hosts/hyp-01/modules/impermanence.nix index 360f306..fa4ec52 100644 --- a/hosts/hyp-01/modules/impermanence.nix +++ b/hosts/hyp-01/modules/impermanence.nix @@ -1,4 +1,3 @@ -{ lib, ... }: { boot.initrd.systemd.enable = true; @@ -17,7 +16,9 @@ environment.persistence."/persist" = { directories = [ "/etc/nixos" + "/etc/secrets" "/var/log" + "/var/lib/nixos" ]; files = [ "/etc/machine-id" From e72b9a144af565d9f0995919ae111de18293a36f Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 11:53:25 +0100 Subject: [PATCH 7/9] fix: initrd kernel param Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/networking.nix | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index 2f203b2..37fc9d2 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -40,9 +40,7 @@ systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; - boot.initrd.systemd.network.enable = true; - boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink"; - + boot.kernelParams = [ "ip=dhcp" ]; boot.initrd.network = { enable = true; From 5cd943d3e5c01236cacc3596c1bf9f649d86cfe8 Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 12:59:03 +0100 Subject: [PATCH 8/9] fix: add e1000e kernel module to initrd Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/networking.nix | 26 ++++++++++++++------------ 1 file changed, 14 insertions(+), 12 deletions(-) diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index 37fc9d2..021df0c 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -41,21 +41,23 @@ systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address; boot.kernelParams = [ "ip=dhcp" ]; - boot.initrd.network = { - enable = true; + boot.initrd = { + availableKernelModules = [ "e1000e" ]; - ssh = { + network = { enable = true; - port = 2222; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" - ]; - hostKeys = [ - "/etc/secrets/initrd/ssh_host_ed25519_key" - ]; + + ssh = { + enable = true; + port = 2222; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026" + ]; + hostKeys = [ + "/etc/secrets/initrd/ssh_host_ed25519_key" + ]; + }; }; }; - - boot.initrd.kernelModules = [ "igb" ]; }; } From 5d68fbf0a198291330fe626d93cb1d80cb31a49e Mon Sep 17 00:00:00 2001 From: Lander Van den Bulcke Date: Tue, 4 Nov 2025 13:38:51 +0100 Subject: [PATCH 9/9] feat: ask-password as shell Signed-off-by: Lander Van den Bulcke --- hosts/hyp-01/modules/networking.nix | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) diff --git a/hosts/hyp-01/modules/networking.nix b/hosts/hyp-01/modules/networking.nix index 021df0c..b90b3a6 100644 --- a/hosts/hyp-01/modules/networking.nix +++ b/hosts/hyp-01/modules/networking.nix @@ -1,4 +1,9 @@ -{ config, lib, ... }: +{ + config, + lib, + pkgs, + ... +}: { options = { networking.hyp-01.ipv4.address = lib.mkOption { @@ -44,6 +49,18 @@ boot.initrd = { availableKernelModules = [ "e1000e" ]; + systemd = + let + askPass = pkgs.writeShellScriptBin "zfs-askpass" '' + systemd-tty-ask-password-agent --watch + ''; + in + { + enable = true; + storePaths = [ "${askPass}/bin/zfs-askpass" ]; + users.root.shell = "${askPass}/bin/zfs-askpass"; + }; + network = { enable = true;