feat: modularize hetzner-cloud and odroid-n2plus hardware

hosts/common/bios-boot.nix

@@ -0,0 +1,10 @@
+{lib, ...}: {
+  boot.loader = {
+    grub = {
+      enable = true;
+      efiSupport = false;
+    };
+    timeout = lib.mkDefault 2;
+  };
+  console.earlySetup = true;
+}

hosts/common/core/system.nix

@@ -1,10 +1,10 @@
 {
+  config,
   extraLib,
   inputs,
   lib,
-  nodeName,
   nodePath,
-  options,
+  pkgs,
   ...
 }: {
   # IP address math library
@@ -290,7 +290,14 @@
   };
 
   boot = {
-    initrd.systemd.enable = true;
+    initrd.systemd = {
+      enable = true;
+      emergencyAccess = config.repo.secrets.global.root.hashedPassword;
+      # TODO good idea? targets.emergency.wants = ["network.target" "sshd.service"];
+      extraBin = with pkgs; {
+        ip = "${iproute2}/bin/ip";
+      };
+    };
 
     # Add "rd.systemd.unit=rescue.target" to debug initrd
     kernelParams = ["log_buf_len=10M"];

hosts/common/hardware/hetzner-cloud.nix

@@ -0,0 +1,3 @@
+{
+  boot.initrd.availableKernelModules = ["virtio_pci" "virtio_net" "virtio_scsi" "virtio_blk"];
+}

hosts/common/hardware/odroid-n2plus.nix

@@ -0,0 +1,33 @@
+{
+  lib,
+  config,
+  nixos-hardware,
+  pkgs,
+  ...
+}: {
+  imports = [
+    nixos-hardware.common-pc-ssd
+    ./physical.nix
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "usbhid"
+    "usb_storage"
+    # Ethernet
+    "dwmac_generic"
+    "dwmac_meson8b"
+    "cfg80211"
+    # HDMI
+    "snd_soc_meson_g12a_tohdmitx"
+    "snd_soc_meson_g12a_toacodec"
+    "mdio_mux_meson_g12a"
+    "dw_hdmi"
+    "meson_vdec"
+    "meson_dw_hdmi"
+    "meson_drm"
+    "meson_rng"
+    "drm"
+    "display_connector"
+  ];
+  boot.kernelParams = ["console=ttyAML0,115200n8" "console=tty0"];
+}

hosts/sentinel/default.nix

@@ -5,6 +5,8 @@
 }: {
   imports = [
     ../common/core
+    ../common/hardware/hetzner-cloud.nix
+    ../common/bios-boot.nix
     ../common/initrd-ssh.nix
     ../common/zfs.nix
 
@@ -13,11 +15,5 @@
     ./nginx.nix
   ];
 
-  boot.loader.timeout = lib.mkDefault 2;
+  boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"];
-  boot.loader.grub = {
-    enable = true;
-    efiSupport = false;
-    devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"];
-  };
-  console.earlySetup = true;
 }

hosts/sentinel/fs.nix

@@ -1,6 +1,5 @@
 {
   config,
-  lib,
   extraLib,
   pkgs,
   ...
@@ -40,6 +39,7 @@
     };
   };
 
+  boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
   fileSystems."/persist".neededForBoot = true;
 
   # After importing the rpool, rollback the root system to be empty.

hosts/sentinel/net.nix

@@ -20,6 +20,15 @@
         icfg.hostCidrv6
       ];
       gateway = ["fe80::1"];
+      routes = [
+        {routeConfig = {Destination = "172.31.1.1";};}
+        {
+          routeConfig = {
+            Gateway = "172.31.1.1";
+            GatewayOnLink = true;
+          };
+        }
+      ];
       matchConfig.MACAddress = icfg.mac;
       networkConfig.IPv6PrivacyExtensions = "yes";
       linkConfig.RequiredForOnline = "routable";

hosts/sentinel/secrets/host.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHgdSxSAnqaIqpr7OhyaKXGfQLUWf2bkpyF2mSG01LVv

hosts/zackbiene/default.nix

@@ -6,10 +6,8 @@
   ...
 }: {
   imports = [
-    nixos-hardware.common-pc-ssd
-
     ../common/core
-    ../common/hardware/physical.nix
+    ../common/hardware/odroid-n2plus.nix
     #../common/initrd-ssh.nix
     ../common/zfs.nix
 
@@ -25,28 +23,10 @@
     ./zigbee2mqtt.nix
   ];
 
+  # TODO replace by bios-boot.nix
+  # and grub.devices = ... once disko is in use.
   boot.loader.grub.enable = false;
   boot.loader.generic-extlinux-compatible.enable = true;
-  boot.initrd.availableKernelModules = [
-    "usbhid"
-    "usb_storage"
-    # Ethernet
-    "dwmac_generic"
-    "dwmac_meson8b"
-    "cfg80211"
-    # HDMI
-    "snd_soc_meson_g12a_tohdmitx"
-    "snd_soc_meson_g12a_toacodec"
-    "mdio_mux_meson_g12a"
-    "dw_hdmi"
-    "meson_vdec"
-    "meson_dw_hdmi"
-    "meson_drm"
-    "meson_rng"
-    "drm"
-    "display_connector"
-  ];
-  boot.kernelParams = ["console=ttyAML0,115200n8" "console=tty0"];
   console.earlySetup = true;
 
   # Fails if there are no SMART devices

modules/wireguard.nix

@@ -26,6 +26,7 @@
     mkOption
     optionalAttrs
     optionals
+    stringLength
     types
     ;
 
@@ -132,6 +133,10 @@
         assertion = isClient -> ((wgCfgOf wgCfg.client.via).server.host != null);
         message = "${assertionPrefix}: The specified via node '${wgCfg.client.via}' must be a wireguard server.";
       }
+      {
+        assertion = stringLength wgCfg.linkName < 16;
+        message = "${assertionPrefix}: The specified linkName '${wgCfg.linkName}' is too long (must be max 15 characters).";
+      }
       # TODO at least 3 network participants and (externalPeers != {} or someone has via set to us) -> ip forwarding
     ];
 
@@ -331,7 +336,7 @@ in {
         };
 
         linkName = mkOption {
-          default = "wg-${name}";
+          default = name;
           type = types.str;
           description = mdDoc "The name for the created network interface.";
         };