feat: use stage1 systemd (and enable initrd sshd on ward)

2025-10-10 23:00:39 +02:00 · 2023-04-24 18:38:03 +02:00 · 2023-04-24 18:38:03 +02:00 · c26b5d3c89
commit c26b5d3c89
parent 20adc139f8
6 changed files with 40 additions and 45 deletions
--- a/flake.lock
+++ b/flake.lock
@ -8,11 +8,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1680281360,
-        "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=",
+        "lastModified": 1682101079,
+        "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
        "owner": "ryantm",
        "repo": "agenix",
-        "rev": "e64961977f60388dd0b49572bb0fc453b871f896",
+        "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
        "type": "github"
      },
      "original": {
@ -28,11 +28,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1679928542,
-        "narHash": "sha256-6ql2P9ULb4wKI5hBn94ck/zqXswJ/O5XtLS5rmnXe3k=",
+        "lastModified": 1682072804,
+        "narHash": "sha256-Y7Q7dUXzEwIxZ0a2iTDF7e/hv4GFmn7ejfSr5JWSPCI=",
        "owner": "oddlama",
        "repo": "agenix-rekey",
-        "rev": "46a38999c4dc009ef2ec759344cbe19ccf4b7b95",
+        "rev": "d00eaa5c9bb71a0858fe7fd4a148445a428b311c",
        "type": "github"
      },
      "original": {
@ -53,11 +53,11 @@
        "stable": "stable"
      },
      "locked": {
-        "lastModified": 1675730932,
-        "narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=",
+        "lastModified": 1682202576,
+        "narHash": "sha256-vcTEEEHKx4PTfY80bUmZMwXRy0cTDJCkULHhqe1HJS8=",
        "owner": "zhaofengli",
        "repo": "colmena",
-        "rev": "e034c15825c439131e4489de5a82cf8e5398fa61",
+        "rev": "089431737e283ed3e402a7dff578cb442444c431",
        "type": "github"
      },
      "original": {
@ -187,11 +187,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681918601,
-        "narHash": "sha256-bhBGPPXSbzkYiMI6avFJq79GtMngHYEje85/vXjJnts=",
+        "lastModified": 1682273416,
+        "narHash": "sha256-YvRc5TOyf92Fcvt6cYfsqxfjqalAUME3Klv4IbdhkBE=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "dfe7024f7ed9a1ccf7417c9683b6839f0e6f83a4",
+        "rev": "a5a294a622a7d3a837aaa145334e4d813c1bc5b1",
        "type": "github"
      },
      "original": {
@ -202,11 +202,11 @@
    },
    "impermanence": {
      "locked": {
-        "lastModified": 1675359654,
-        "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=",
+        "lastModified": 1682268411,
+        "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=",
        "owner": "nix-community",
        "repo": "impermanence",
-        "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd",
+        "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d",
        "type": "github"
      },
      "original": {
@ -237,11 +237,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1681747916,
-        "narHash": "sha256-tpWJMHWbTrFD2Nmj3Y3qYXoaTP4LFT0P0wt5zW8/aI8=",
+        "lastModified": 1682097095,
+        "narHash": "sha256-ecIKDVpayjIDEdxWCSHmG4yJQ21/nKZkhFNlLzwttWU=",
        "owner": "astro",
        "repo": "microvm.nix",
-        "rev": "68f1b9ece0f116d5ea1d1ecaf17f7b526303df81",
+        "rev": "b2627f159e8b54e4f6af7edc88b64fa3736819c9",
        "type": "github"
      },
      "original": {
@ -288,11 +288,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1681737997,
-        "narHash": "sha256-pHhjgsIkRMu80LmVe8QoKIZB6VZGRRxFmIvsC5S89k4=",
+        "lastModified": 1682181988,
+        "narHash": "sha256-CYWhlNi16cjGzMby9h57gpYE59quBcsHPXiFgX4Sw5k=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "f00994e78cd39e6fc966f0c4103f908e63284780",
+        "rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe",
        "type": "github"
      },
      "original": {
@ -331,11 +331,11 @@
        "nixpkgs-stable": "nixpkgs-stable"
      },
      "locked": {
-        "lastModified": 1681831107,
-        "narHash": "sha256-pXl3DPhhul9NztSetUJw2fcN+RI3sGOYgKu29xpgnqw=",
+        "lastModified": 1682326782,
+        "narHash": "sha256-wj7p7iEwQXAfTZ6QokAe0dMbpQk5u7ympDnaiPvbv1w=",
        "owner": "cachix",
        "repo": "pre-commit-hooks.nix",
-        "rev": "b7ca8f6fff42f6af75c17f9438fed1686b7d855d",
+        "rev": "56cd2d47a9c937be98ab225cf014b450f1533cdb",
        "type": "github"
      },
      "original": {
--- a/hosts/common/core/default.nix
+++ b/hosts/common/core/default.nix
@ -52,6 +52,7 @@
  };

  boot = {
+    initrd.systemd.enable = true;
    kernelParams = ["log_buf_len=10M"];
    tmp.useTmpfs = true;
  };
--- a/hosts/common/core/net.nix
+++ b/hosts/common/core/net.nix
@ -74,6 +74,11 @@ in {
    };
  };

+  systemd.network = {
+    enable = true;
+    wait-online.anyInterface = true;
+  };
+
  # Rename known network interfaces
  services.udev.packages = let
    interfaceNamesUdevRules = pkgs.writeTextFile {
@ -85,9 +90,4 @@ in {
      destination = "/etc/udev/rules.d/01-interface-names.rules";
    };
  in [interfaceNamesUdevRules];
-
-  systemd.network = {
-    enable = true;
-    wait-online.anyInterface = true;
-  };
 }
--- a/hosts/ward/default.nix
+++ b/hosts/ward/default.nix
@ -10,7 +10,7 @@

    ../common/core
    ../common/hardware/intel.nix
-    #../common/initrd-ssh.nix
+    ../common/initrd-ssh.nix
    ../common/efi.nix
    ../common/zfs.nix

@ -20,7 +20,7 @@
    ./net.nix
  ];

-  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"];
+  boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];

  #services.authelia.instances.main = {
  #  enable = true;
--- a/hosts/ward/net.nix
+++ b/hosts/ward/net.nix
@ -11,6 +11,11 @@
 in {
  networking.hostId = nodeSecrets.networking.hostId;

+  boot.initrd.systemd.network = {
+    enable = true;
+    networks = {inherit (config.systemd.network.networks) "10-wan";};
+  };
+
  systemd.network.networks = {
    "10-lan" = {
      address = [net.lan.ipv4cidr net.lan.ipv6cidr];
@ -39,18 +44,8 @@ in {

  networking.nftables.firewall = {
    zones = lib.mkForce {
-      lan = {
-        interfaces = ["lan"];
-        #ipv4Addresses = [(cidr.canonicalize net.lan.ipv4cidr)];
-        #ipv6Addresses = [(cidr.canonicalize net.lan.ipv6cidr)];
-      };
-      wan = {
-        interfaces = ["wan"];
-        # TODO ipv4Addresses = [ net.wan.netv4 ];
-        # TODO ipv6Addresses = [ net.wan.netv6 ];
-        #ipv4Addresses = ["192.168.1.0/22"];
-        #ipv6Addresses = ["fd00::/64"];
-      };
+      lan.interfaces = ["lan"];
+      wan.interfaces = ["wan"];
    };

    rules = lib.mkForce {
--- a/nix/generate-node.nix
+++ b/nix/generate-node.nix
@ -18,11 +18,10 @@ in
    pkgs = self.pkgs.${nodeMeta.system};
    specialArgs = {
      inherit (nixpkgs) lib;
-      inherit (self) extraLib;
+      inherit (self) extraLib nodes;
      inherit inputs;
      inherit nodeName;
      inherit nodeMeta;
-      inherit (self) nodes;
      secrets = self.secrets.content;
      nodeSecrets = self.secrets.content.nodes.${nodeName};
      nixos-hardware = nixos-hardware.nixosModules;