feat: ask-password as shell

Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>
fix: add e1000e kernel module to initrd
2025-11-04 13:48:06 +01:00 · 2025-11-04 13:09:33 +01:00 · 2025-11-04 11:53:25 +01:00 · 2025-11-04 11:17:07 +01:00 · 2025-11-04 10:54:43 +01:00 · 2025-11-04 10:39:21 +01:00
6 changed files with 95 additions and 34 deletions
--- a/hosts/hyp-01/default.nix
+++ b/hosts/hyp-01/default.nix
@ -5,6 +5,7 @@
 {
  networking.hostName = "hyp-01";
  networking.hostId = "ae2c05d3";
+  nixpkgs.hostPlatform = "x86_64-linux";

  imports = [
    inputs.disko.nixosModules.disko
--- a/hosts/hyp-01/modules/boot.nix
+++ b/hosts/hyp-01/modules/boot.nix
@ -3,6 +3,5 @@
  boot.loader.systemd-boot.enable = false;
  boot.loader.grub = {
    enable = true;
-    efiSupport = false;
  };
 }
--- a/hosts/hyp-01/modules/disko.nix
+++ b/hosts/hyp-01/modules/disko.nix
@ -9,60 +9,82 @@ in
        type = "disk";
        device = disk1;
        content = {
-          type = "table";
-          format = "mbr";
-          partitions = [
-            {
-              name = "boot-primary";
-              size = "1G";
-              bootable = true;
+          type = "gpt";
+          efiGptPartitionFirst = false;
+          partitions = {
+            boot = {
+              priority = 1;
              type = "EF02";
+              size = "32M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = null;
+              };
+              hybrid = {
+                mbrPartitionType = "0x0c";
+                mbrBootableFlag = false;
+              };
+            };
+            esp = {
+              size = "1G";
+              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot";
                mountOptions = [ "nofail" ];
              };
-            }
-            {
-              name = "zfs-a";
+            };
+            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
-            }
-          ];
+            };
+          };
        };
      };
      disk2 = {
        type = "disk";
        device = disk2;
        content = {
-          type = "table";
-          format = "mbr";
-          partitions = [
-            {
-              name = "boot-secondary";
-              size = "1G";
-              bootable = true;
+          type = "gpt";
+          efiGptPartitionFirst = false;
+          partitions = {
+            boot = {
+              priority = 1;
              type = "EF02";
+              size = "32M";
+              content = {
+                type = "filesystem";
+                format = "vfat";
+                mountpoint = null;
+              };
+              hybrid = {
+                mbrPartitionType = "0x0c";
+                mbrBootableFlag = false;
+              };
+            };
+            esp = {
+              size = "1G";
+              type = "EF00";
              content = {
                type = "filesystem";
                format = "vfat";
                mountpoint = "/boot-fallback";
                mountOptions = [ "nofail" ];
              };
-            }
-            {
-              name = "zfs-b";
+            };
+            zfs = {
              size = "100%";
              content = {
                type = "zfs";
                pool = "zroot";
              };
-            }
-          ];
+            };
+          };
        };
      };
    };
@ -104,8 +126,14 @@ in

  boot.loader.grub = {
    device = disk1;
-
+    version = 2;
+    zfsSupport = true;
+    efiSupport = true;
    mirroredBoots = [
+      {
+        devices = [ disk1 ];
+        path = "/boot";
+      }
      {
        devices = [ disk2 ];
        path = "/boot-fallback";
--- a/hosts/hyp-01/modules/impermanence.nix
+++ b/hosts/hyp-01/modules/impermanence.nix
@ -1,7 +1,5 @@
-{ lib, ... }:
 {
  boot.initrd.systemd.enable = true;
-  boot.initrd.postDeviceCommands = lib.mkAfter "zfs mount -a";

  fileSystems."/" = {
    device = "none";
@ -13,10 +11,14 @@
    ];
  };

+  fileSystems."/persist".neededForBoot = true;
+
  environment.persistence."/persist" = {
    directories = [
      "/etc/nixos"
+      "/etc/secrets"
      "/var/log"
+      "/var/lib/nixos"
    ];
    files = [
      "/etc/machine-id"
--- a/hosts/hyp-01/modules/networking.nix
+++ b/hosts/hyp-01/modules/networking.nix
@ -1,4 +1,9 @@
-{ config, lib, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
  options = {
    networking.hyp-01.ipv4.address = lib.mkOption {
@ -40,12 +45,36 @@

    systemd.network.networks."10-uplink".networkConfig.Address = config.networking.hyp-01.ipv6.address;

-    boot.initrd.systemd.network.networks."10-uplink" = config.systemd.networks."10-uplink";
+    boot.kernelParams = [ "ip=dhcp" ];
+    boot.initrd = {
+      availableKernelModules = [ "e1000e" ];

-    boot.initrd.network = {
-      enable = true;
+      systemd =
+        let
+          askPass = pkgs.writeShellScriptBin "zfs-askpass" ''
+            systemd-tty-ask-password-agent --watch
+          '';
+        in
+        {
+          enable = true;
+          storePaths = [ "${askPass}/bin/zfs-askpass" ];
+          users.root.shell = "${askPass}/bin/zfs-askpass";
+        };
+
+      network = {
+        enable = true;
+
+        ssh = {
+          enable = true;
+          port = 2222;
+          authorizedKeys = [
+            "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPnthKtz0fE4yQ/X10cJgKVCjYCNkRNoqV28xAhD7h2M cardno:22_498_026"
+          ];
+          hostKeys = [
+            "/etc/secrets/initrd/ssh_host_ed25519_key"
+          ];
+        };
+      };
    };
-
-    boot.initrd.kernelModules = [ "igb" ];
  };
 }
--- a/hosts/hyp-01/modules/users.nix
+++ b/hosts/hyp-01/modules/users.nix
@ -17,4 +17,6 @@ in
    ];
    openssh.authorizedKeys.keys = [ sshKey ];
  };
+
+  programs.zsh.enable = true;
 }
Author	SHA1	Message	Date
Lander Van den Bulcke	5d68fbf0a1	feat: ask-password as shell Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 13:48:06 +01:00
Lander Van den Bulcke	5cd943d3e5	fix: add e1000e kernel module to initrd Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 13:09:33 +01:00
Lander Van den Bulcke	e72b9a144a	fix: initrd kernel param Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 11:53:25 +01:00
Lander Van den Bulcke	2e3fc206f4	fix: impermanence Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 11:17:07 +01:00
Lander Van den Bulcke	c3e19aae29	fix: assertions Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 10:54:43 +01:00
Lander Van den Bulcke	f5659c14d8	fix: initrd network config Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 10:39:21 +01:00
Lander Van den Bulcke	3dcd186132	fix: add missing hostPlatform Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 10:35:09 +01:00
Lander Van den Bulcke	5b6e05ebf6	fix: disko config Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 10:32:52 +01:00
Lander Van den Bulcke	227b4c5fd4	feat: add initrd network config Signed-off-by: Lander Van den Bulcke <landervandenbulcke@gmail.com>	2025-11-04 10:11:39 +01:00