From c26b5d3c893bfaed0c8aef147894560f1d7051ed Mon Sep 17 00:00:00 2001 From: oddlama Date: Mon, 24 Apr 2023 18:38:03 +0200 Subject: [PATCH] feat: use stage1 systemd (and enable initrd sshd on ward) --- flake.lock | 48 +++++++++++++++++------------------ hosts/common/core/default.nix | 1 + hosts/common/core/net.nix | 10 ++++---- hosts/ward/default.nix | 4 +-- hosts/ward/net.nix | 19 +++++--------- nix/generate-node.nix | 3 +-- 6 files changed, 40 insertions(+), 45 deletions(-) diff --git a/flake.lock b/flake.lock index 3d66b48..4a853cf 100644 --- a/flake.lock +++ b/flake.lock @@ -8,11 +8,11 @@ ] }, "locked": { - "lastModified": 1680281360, - "narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", + "lastModified": 1682101079, + "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=", "owner": "ryantm", "repo": "agenix", - "rev": "e64961977f60388dd0b49572bb0fc453b871f896", + "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447", "type": "github" }, "original": { @@ -28,11 +28,11 @@ ] }, "locked": { - "lastModified": 1679928542, - "narHash": "sha256-6ql2P9ULb4wKI5hBn94ck/zqXswJ/O5XtLS5rmnXe3k=", + "lastModified": 1682072804, + "narHash": "sha256-Y7Q7dUXzEwIxZ0a2iTDF7e/hv4GFmn7ejfSr5JWSPCI=", "owner": "oddlama", "repo": "agenix-rekey", - "rev": "46a38999c4dc009ef2ec759344cbe19ccf4b7b95", + "rev": "d00eaa5c9bb71a0858fe7fd4a148445a428b311c", "type": "github" }, "original": { @@ -53,11 +53,11 @@ "stable": "stable" }, "locked": { - "lastModified": 1675730932, - "narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=", + "lastModified": 1682202576, + "narHash": "sha256-vcTEEEHKx4PTfY80bUmZMwXRy0cTDJCkULHhqe1HJS8=", "owner": "zhaofengli", "repo": "colmena", - "rev": "e034c15825c439131e4489de5a82cf8e5398fa61", + "rev": "089431737e283ed3e402a7dff578cb442444c431", "type": "github" }, "original": { @@ -187,11 +187,11 @@ ] }, "locked": { - "lastModified": 1681918601, - "narHash": "sha256-bhBGPPXSbzkYiMI6avFJq79GtMngHYEje85/vXjJnts=", + "lastModified": 1682273416, + "narHash": "sha256-YvRc5TOyf92Fcvt6cYfsqxfjqalAUME3Klv4IbdhkBE=", "owner": "nix-community", "repo": "home-manager", - "rev": "dfe7024f7ed9a1ccf7417c9683b6839f0e6f83a4", + "rev": "a5a294a622a7d3a837aaa145334e4d813c1bc5b1", "type": "github" }, "original": { @@ -202,11 +202,11 @@ }, "impermanence": { "locked": { - "lastModified": 1675359654, - "narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", + "lastModified": 1682268411, + "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=", "owner": "nix-community", "repo": "impermanence", - "rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", + "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d", "type": "github" }, "original": { @@ -237,11 +237,11 @@ ] }, "locked": { - "lastModified": 1681747916, - "narHash": "sha256-tpWJMHWbTrFD2Nmj3Y3qYXoaTP4LFT0P0wt5zW8/aI8=", + "lastModified": 1682097095, + "narHash": "sha256-ecIKDVpayjIDEdxWCSHmG4yJQ21/nKZkhFNlLzwttWU=", "owner": "astro", "repo": "microvm.nix", - "rev": "68f1b9ece0f116d5ea1d1ecaf17f7b526303df81", + "rev": "b2627f159e8b54e4f6af7edc88b64fa3736819c9", "type": "github" }, "original": { @@ -288,11 +288,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1681737997, - "narHash": "sha256-pHhjgsIkRMu80LmVe8QoKIZB6VZGRRxFmIvsC5S89k4=", + "lastModified": 1682181988, + "narHash": "sha256-CYWhlNi16cjGzMby9h57gpYE59quBcsHPXiFgX4Sw5k=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "f00994e78cd39e6fc966f0c4103f908e63284780", + "rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe", "type": "github" }, "original": { @@ -331,11 +331,11 @@ "nixpkgs-stable": "nixpkgs-stable" }, "locked": { - "lastModified": 1681831107, - "narHash": "sha256-pXl3DPhhul9NztSetUJw2fcN+RI3sGOYgKu29xpgnqw=", + "lastModified": 1682326782, + "narHash": "sha256-wj7p7iEwQXAfTZ6QokAe0dMbpQk5u7ympDnaiPvbv1w=", "owner": "cachix", "repo": "pre-commit-hooks.nix", - "rev": "b7ca8f6fff42f6af75c17f9438fed1686b7d855d", + "rev": "56cd2d47a9c937be98ab225cf014b450f1533cdb", "type": "github" }, "original": { diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 8138e3a..6d5df74 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -52,6 +52,7 @@ }; boot = { + initrd.systemd.enable = true; kernelParams = ["log_buf_len=10M"]; tmp.useTmpfs = true; }; diff --git a/hosts/common/core/net.nix b/hosts/common/core/net.nix index b42f47c..2d58e39 100644 --- a/hosts/common/core/net.nix +++ b/hosts/common/core/net.nix @@ -74,6 +74,11 @@ in { }; }; + systemd.network = { + enable = true; + wait-online.anyInterface = true; + }; + # Rename known network interfaces services.udev.packages = let interfaceNamesUdevRules = pkgs.writeTextFile { @@ -85,9 +90,4 @@ in { destination = "/etc/udev/rules.d/01-interface-names.rules"; }; in [interfaceNamesUdevRules]; - - systemd.network = { - enable = true; - wait-online.anyInterface = true; - }; } diff --git a/hosts/ward/default.nix b/hosts/ward/default.nix index 85fca2b..543a423 100644 --- a/hosts/ward/default.nix +++ b/hosts/ward/default.nix @@ -10,7 +10,7 @@ ../common/core ../common/hardware/intel.nix - #../common/initrd-ssh.nix + ../common/initrd-ssh.nix ../common/efi.nix ../common/zfs.nix @@ -20,7 +20,7 @@ ./net.nix ]; - boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; + boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"]; #services.authelia.instances.main = { # enable = true; diff --git a/hosts/ward/net.nix b/hosts/ward/net.nix index e28a965..3249c36 100644 --- a/hosts/ward/net.nix +++ b/hosts/ward/net.nix @@ -11,6 +11,11 @@ in { networking.hostId = nodeSecrets.networking.hostId; + boot.initrd.systemd.network = { + enable = true; + networks = {inherit (config.systemd.network.networks) "10-wan";}; + }; + systemd.network.networks = { "10-lan" = { address = [net.lan.ipv4cidr net.lan.ipv6cidr]; @@ -39,18 +44,8 @@ in { networking.nftables.firewall = { zones = lib.mkForce { - lan = { - interfaces = ["lan"]; - #ipv4Addresses = [(cidr.canonicalize net.lan.ipv4cidr)]; - #ipv6Addresses = [(cidr.canonicalize net.lan.ipv6cidr)]; - }; - wan = { - interfaces = ["wan"]; - # TODO ipv4Addresses = [ net.wan.netv4 ]; - # TODO ipv6Addresses = [ net.wan.netv6 ]; - #ipv4Addresses = ["192.168.1.0/22"]; - #ipv6Addresses = ["fd00::/64"]; - }; + lan.interfaces = ["lan"]; + wan.interfaces = ["wan"]; }; rules = lib.mkForce { diff --git a/nix/generate-node.nix b/nix/generate-node.nix index 078b6f6..f8620f6 100644 --- a/nix/generate-node.nix +++ b/nix/generate-node.nix @@ -18,11 +18,10 @@ in pkgs = self.pkgs.${nodeMeta.system}; specialArgs = { inherit (nixpkgs) lib; - inherit (self) extraLib; + inherit (self) extraLib nodes; inherit inputs; inherit nodeName; inherit nodeMeta; - inherit (self) nodes; secrets = self.secrets.content; nodeSecrets = self.secrets.content.nodes.${nodeName}; nixos-hardware = nixos-hardware.nixosModules;