summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormakefu <github@syntax-fehler.de>2022-05-30 12:57:12 +0200
committermakefu <github@syntax-fehler.de>2022-05-30 12:57:12 +0200
commitcdc73d611ea140a7ba75a0e6ebc51860a8fad9a8 (patch)
treee637a85145701e7a9ef7bf2560d3cf248ec06c19
parent12436ad8beefeb818954076432e469f34e831ad2 (diff)
ma iso.r: cleanup
-rw-r--r--makefu/1systems/iso/config.nix18
-rw-r--r--makefu/1systems/iso/justdoit.nix18
-rw-r--r--makefu/1systems/iso/target-config.nix14
3 files changed, 26 insertions, 24 deletions
diff --git a/makefu/1systems/iso/config.nix b/makefu/1systems/iso/config.nix
index 6c4f62310..207121236 100644
--- a/makefu/1systems/iso/config.nix
+++ b/makefu/1systems/iso/config.nix
@@ -9,17 +9,22 @@ with import <stockholm/lib>;
# <stockholm/makefu/2configs/tools/core.nix>
./justdoit.nix
{
+ environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
+ #!/bin/sh
+ ip addr add 178.254.30.202/255.255.252.0 dev ens3
+ ip route add default via 178.254.28.1
+ echo nameserver 1.1.1.1 > /etc/resolv.conf
+ '')];
kexec.justdoit = {
- # bootSize = 512;
- rootDevice = "/dev/sdb";
- swapSize = 1024;
+ bootSize = 512;
+ rootDevice = "/dev/vda";
bootType = "vfat";
- luksEncrypt = true;
- uefi = true;
+ luksEncrypt = false;
+ uefi = false;
};
}
];
- boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
+ # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest;
# TODO: NIX_PATH and nix.nixPath are being set by default.nix right now
# cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos
#krebs.build.host = { cores = 0; };
@@ -33,7 +38,6 @@ with import <stockholm/lib>;
EDITOR=vim
'';
# iso-specific
- boot.kernelParams = [ "copytoram" ];
services.openssh = {
enable = true;
hostKeys = [
diff --git a/makefu/1systems/iso/justdoit.nix b/makefu/1systems/iso/justdoit.nix
index 7947953f9..0ce90494b 100644
--- a/makefu/1systems/iso/justdoit.nix
+++ b/makefu/1systems/iso/justdoit.nix
@@ -67,29 +67,22 @@ in {
unit: sectors
${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"}
${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"}
- 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F
- 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
+ 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4
EOF
${if cfg.luksEncrypt then ''
cryptsetup luksFormat ${cfg.rootDevice}${x}2
- cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap
- cryptsetup luksFormat ${cfg.rootDevice}${x}3
- cryptsetup open --type luks ${cfg.rootDevice}${x}3 root
+ cryptsetup open --type luks ${cfg.rootDevice}${x}2 root
export ROOT_DEVICE=/dev/mapper/root
- export SWAP_DEVICE=/dev/mapper/swap
'' else ''
- export ROOT_DEVICE=${cfg.rootDevice}${x}3
- export SWAP_DEVICE=${cfg.rootDevice}${x}2
+ export ROOT_DEVICE=${cfg.rootDevice}${x}2
''}
${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"}
mkdir -p /mnt
${mkBootTable.${cfg.bootType}}
- mkswap $SWAP_DEVICE -L NIXOS_SWAP
zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE
zfs create -o mountpoint=legacy ${cfg.poolName}/root
zfs create -o mountpoint=legacy ${cfg.poolName}/home
zfs create -o mountpoint=legacy ${cfg.poolName}/nix
- swapon $SWAP_DEVICE
mount -t zfs ${cfg.poolName}/root /mnt/
mkdir /mnt/{home,nix,boot}
mount -t zfs ${cfg.poolName}/home /mnt/home/
@@ -111,8 +104,7 @@ in {
networking.hostId = "$hostId"; # required for zfs use
${lib.optionalString cfg.luksEncrypt ''
boot.initrd.luks.devices = [
- { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
- { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; }
+ { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; }
];
''}
}
@@ -120,9 +112,9 @@ in {
nixos-install
umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt
zpool export ${cfg.poolName}
- swapoff $SWAP_DEVICE
'';
environment.systemPackages = [ config.system.build.justdoit ];
boot.supportedFilesystems = [ "zfs" ];
+ users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ];
};
}
diff --git a/makefu/1systems/iso/target-config.nix b/makefu/1systems/iso/target-config.nix
index 6915e4137..59d2960bc 100644
--- a/makefu/1systems/iso/target-config.nix
+++ b/makefu/1systems/iso/target-config.nix
@@ -1,12 +1,12 @@
-{ lib, ... }:
+{ pkgs, lib, ... }:
{
imports = [ ./hardware-configuration.nix ./generated.nix ];
boot.loader.grub.enable = true;
boot.loader.grub.version = 2;
boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues
- boot.zfs.forceImportRoot = false;
- boot.zfs.forceImportAll = false;
+ #boot.zfs.forceImportRoot = false;
+ #boot.zfs.forceImportAll = false;
boot.kernelParams = [
"boot.shell_on_fail"
"panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues
@@ -18,8 +18,15 @@
SystemMaxUse=1G
RuntimeMaxUse=128M
'';
+ environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" ''
+ #!/bin/sh
+ ip addr add 178.254.30.202/255.255.252.0 dev ens3
+ ip route add default via 178.254.28.1
+ echo nameserver 1.1.1.1 > /etc/resolv.conf
+ '')];
# minimal
+ boot.supportedFilesystems = [ "zfs" ];
programs.command-not-found.enable = false;
time.timeZone = "Europe/Berlin";
programs.ssh.startAgent = false;
@@ -36,5 +43,4 @@
"net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2";
"net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2";
};
- services.nscd.enable = false;
}