diff options
author | tv <tv@krebsco.de> | 2020-12-02 00:45:50 +0100 |
---|---|---|
committer | tv <tv@krebsco.de> | 2020-12-02 00:45:50 +0100 |
commit | d60b1b793f3a1635c1fe30aa11b64831fd665b4f (patch) | |
tree | d484b1315dab9b6c3d230118f6e33b0888f0aca5 | |
parent | 29827720520b6a4885dbdcb3237070e6e45dd910 (diff) | |
parent | 813eefa3c55fd1cd234b0adb1da7286bd761b579 (diff) |
Merge remote-tracking branch 'prism/master' into master
120 files changed, 2021 insertions, 1787 deletions
diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem b/krebs/0tests/data/secrets/initrd/host_ecdsa.pub index e69de29b..e69de29b 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/ca.pem +++ b/krebs/0tests/data/secrets/initrd/host_ecdsa.pub diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key b/krebs/0tests/data/secrets/initrd/host_ecdsa_key index e69de29b..e69de29b 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.key +++ b/krebs/0tests/data/secrets/initrd/host_ecdsa_key diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem b/krebs/0tests/data/secrets/initrd/hostname index e69de29b..e69de29b 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/cert.pem +++ b/krebs/0tests/data/secrets/initrd/hostname diff --git a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt b/krebs/0tests/data/secrets/initrd/hs_ed25519_public_key index e69de29b..e69de29b 100644 --- a/lass/2configs/tests/dummy-secrets/dcsovpn/login.txt +++ b/krebs/0tests/data/secrets/initrd/hs_ed25519_public_key diff --git a/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key b/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/krebs/0tests/data/secrets/initrd/hs_ed25519_secret_key diff --git a/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key b/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key new file mode 100644 index 00000000..e69de29b --- /dev/null +++ b/krebs/0tests/data/secrets/initrd/openssh_host_ecdsa_key diff --git a/krebs/1systems/filebitch/hardware-configuration.nix b/krebs/1systems/filebitch/hardware-configuration.nix index 574618e3..1e7fa787 100644 --- a/krebs/1systems/filebitch/hardware-configuration.nix +++ b/krebs/1systems/filebitch/hardware-configuration.nix @@ -1,7 +1,7 @@ { config, lib, pkgs, ... }: let byid = dev: "/dev/disk/by-id/" + dev; - keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; + keyFile = byid "usb-SMI_USB_DISK_AA08061700009650-0:0"; in { imports = @@ -19,7 +19,7 @@ in boot.tmpOnTmpfs = true; - boot.initrd.availableKernelModules = [ + boot.initrd.availableKernelModules = [ "xhci_pci" "ahci" "ohci_pci" "ehci_pci" "usb_storage" "usbhid" "sd_mod" "raid456" "usbhid" @@ -77,20 +77,18 @@ in networking.hostId = "54d97450"; # required for zfs use boot.initrd.luks.devices = let - usbkey = name: device: { - inherit name device keyFile; + usbkey = device: { + inherit device keyFile; keyFileSize = 2048; preLVM = true; }; - in [ - ((usbkey "swap" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) - // { allowDiscards = true; } ) - ((usbkey "root" (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part3")) - // { allowDiscards = true; } ) - (usbkey "125" "/dev/md125") - (usbkey "126" "/dev/md126") - (usbkey "127" "/dev/md127") - ]; - - + in { + swap = ((usbkey (byid "ata-INTEL_SSDSA2M080G2GC_CVPO013300WD080BGN-part2")) + // { allowDiscards = true; } ); |