sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: use stage1 systemd (and enable initrd sshd on ward)

Browse source
This commit is contained in:
oddlama 2023-04-24 18:38:03 +02:00
parent 20adc139f8
commit c26b5d3c89
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
6 changed files with 40 additions and 45 deletions
Download patch file Download diff file Expand all files Collapse all files

48
flake.lock generated
View file

@ -8,11 +8,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1680281360, "lastModified": 1682101079,
"narHash": "sha256-XdLTgAzjJNDhAG2V+++0bHpSzfvArvr2pW6omiFfEJk=", "narHash": "sha256-MdAhtjrLKnk2uiqun1FWABbKpLH090oeqCSiWemtuck=",
"owner": "ryantm", "owner": "ryantm",
"repo": "agenix", "repo": "agenix",
"rev": "e64961977f60388dd0b49572bb0fc453b871f896", "rev": "2994d002dcff5353ca1ac48ec584c7f6589fe447",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,11 +28,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1679928542, "lastModified": 1682072804,
"narHash": "sha256-6ql2P9ULb4wKI5hBn94ck/zqXswJ/O5XtLS5rmnXe3k=", "narHash": "sha256-Y7Q7dUXzEwIxZ0a2iTDF7e/hv4GFmn7ejfSr5JWSPCI=",
"owner": "oddlama", "owner": "oddlama",
"repo": "agenix-rekey", "repo": "agenix-rekey",
"rev": "46a38999c4dc009ef2ec759344cbe19ccf4b7b95", "rev": "d00eaa5c9bb71a0858fe7fd4a148445a428b311c",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -53,11 +53,11 @@
"stable": "stable" "stable": "stable"
}, },
"locked": { "locked": {
"lastModified": 1675730932, "lastModified": 1682202576,
"narHash": "sha256-XcmirehPIcZGS7PzkS3WvAYQ9GBlBvCxYToIOIV2PVE=", "narHash": "sha256-vcTEEEHKx4PTfY80bUmZMwXRy0cTDJCkULHhqe1HJS8=",
"owner": "zhaofengli", "owner": "zhaofengli",
"repo": "colmena", "repo": "colmena",
"rev": "e034c15825c439131e4489de5a82cf8e5398fa61", "rev": "089431737e283ed3e402a7dff578cb442444c431",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -187,11 +187,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681918601, "lastModified": 1682273416,
"narHash": "sha256-bhBGPPXSbzkYiMI6avFJq79GtMngHYEje85/vXjJnts=", "narHash": "sha256-YvRc5TOyf92Fcvt6cYfsqxfjqalAUME3Klv4IbdhkBE=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "dfe7024f7ed9a1ccf7417c9683b6839f0e6f83a4", "rev": "a5a294a622a7d3a837aaa145334e4d813c1bc5b1",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -202,11 +202,11 @@
}, },
"impermanence": { "impermanence": {
"locked": { "locked": {
"lastModified": 1675359654, "lastModified": 1682268411,
"narHash": "sha256-FPxzuvJkcO49g4zkWLSeuZkln54bLoTtrggZDJBH90I=", "narHash": "sha256-ICDKQ7tournRVtfM8C2II0qHiOZOH1b3dXVOCsgr11o=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "6138eb8e737bffabd4c8fc78ae015d4fd6a7e2fd", "rev": "df1692e2d9f1efc4300b1ea9201831730e0b817d",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -237,11 +237,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1681747916, "lastModified": 1682097095,
"narHash": "sha256-tpWJMHWbTrFD2Nmj3Y3qYXoaTP4LFT0P0wt5zW8/aI8=", "narHash": "sha256-ecIKDVpayjIDEdxWCSHmG4yJQ21/nKZkhFNlLzwttWU=",
"owner": "astro", "owner": "astro",
"repo": "microvm.nix", "repo": "microvm.nix",
"rev": "68f1b9ece0f116d5ea1d1ecaf17f7b526303df81", "rev": "b2627f159e8b54e4f6af7edc88b64fa3736819c9",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -288,11 +288,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1681737997, "lastModified": 1682181988,
"narHash": "sha256-pHhjgsIkRMu80LmVe8QoKIZB6VZGRRxFmIvsC5S89k4=", "narHash": "sha256-CYWhlNi16cjGzMby9h57gpYE59quBcsHPXiFgX4Sw5k=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "f00994e78cd39e6fc966f0c4103f908e63284780", "rev": "6c43a3495a11e261e5f41e5d7eda2d71dae1b2fe",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -331,11 +331,11 @@
"nixpkgs-stable": "nixpkgs-stable" "nixpkgs-stable": "nixpkgs-stable"
}, },
"locked": { "locked": {
"lastModified": 1681831107, "lastModified": 1682326782,
"narHash": "sha256-pXl3DPhhul9NztSetUJw2fcN+RI3sGOYgKu29xpgnqw=", "narHash": "sha256-wj7p7iEwQXAfTZ6QokAe0dMbpQk5u7ympDnaiPvbv1w=",
"owner": "cachix", "owner": "cachix",
"repo": "pre-commit-hooks.nix", "repo": "pre-commit-hooks.nix",
"rev": "b7ca8f6fff42f6af75c17f9438fed1686b7d855d", "rev": "56cd2d47a9c937be98ab225cf014b450f1533cdb",
"type": "github" "type": "github"
}, },
"original": { "original": {

1
hosts/common/core/default.nix
View file

@ -52,6 +52,7 @@
}; };
boot = { boot = {
initrd.systemd.enable = true;
kernelParams = ["log_buf_len=10M"]; kernelParams = ["log_buf_len=10M"];
tmp.useTmpfs = true; tmp.useTmpfs = true;
}; };

10
hosts/common/core/net.nix
View file

@ -74,6 +74,11 @@ in {
}; };
}; };
systemd.network = {
enable = true;
wait-online.anyInterface = true;
};
# Rename known network interfaces # Rename known network interfaces
services.udev.packages = let services.udev.packages = let
interfaceNamesUdevRules = pkgs.writeTextFile { interfaceNamesUdevRules = pkgs.writeTextFile {
@ -85,9 +90,4 @@ in {
destination = "/etc/udev/rules.d/01-interface-names.rules"; destination = "/etc/udev/rules.d/01-interface-names.rules";
}; };
in [interfaceNamesUdevRules]; in [interfaceNamesUdevRules];
systemd.network = {
enable = true;
wait-online.anyInterface = true;
};
} }

4
hosts/ward/default.nix
View file

@ -10,7 +10,7 @@
../common/core ../common/core
../common/hardware/intel.nix ../common/hardware/intel.nix
#../common/initrd-ssh.nix ../common/initrd-ssh.nix
../common/efi.nix ../common/efi.nix
../common/zfs.nix ../common/zfs.nix
@ -20,7 +20,7 @@
./net.nix ./net.nix
]; ];
boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci"]; boot.initrd.availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "usb_storage" "sd_mod" "sdhci_pci" "r8169"];
#services.authelia.instances.main = { #services.authelia.instances.main = {
# enable = true; # enable = true;

19
hosts/ward/net.nix
View file

@ -11,6 +11,11 @@
in { in {
networking.hostId = nodeSecrets.networking.hostId; networking.hostId = nodeSecrets.networking.hostId;
boot.initrd.systemd.network = {
enable = true;
networks = {inherit (config.systemd.network.networks) "10-wan";};
};
systemd.network.networks = { systemd.network.networks = {
"10-lan" = { "10-lan" = {
address = [net.lan.ipv4cidr net.lan.ipv6cidr]; address = [net.lan.ipv4cidr net.lan.ipv6cidr];
@ -39,18 +44,8 @@ in {
networking.nftables.firewall = { networking.nftables.firewall = {
zones = lib.mkForce { zones = lib.mkForce {
lan = { lan.interfaces = ["lan"];
interfaces = ["lan"]; wan.interfaces = ["wan"];
#ipv4Addresses = [(cidr.canonicalize net.lan.ipv4cidr)];
#ipv6Addresses = [(cidr.canonicalize net.lan.ipv6cidr)];
};
wan = {
interfaces = ["wan"];
# TODO ipv4Addresses = [ net.wan.netv4 ];
# TODO ipv6Addresses = [ net.wan.netv6 ];
#ipv4Addresses = ["192.168.1.0/22"];
#ipv6Addresses = ["fd00::/64"];
};
}; };
rules = lib.mkForce { rules = lib.mkForce {

3
nix/generate-node.nix
View file

@ -18,11 +18,10 @@ in
pkgs = self.pkgs.${nodeMeta.system}; pkgs = self.pkgs.${nodeMeta.system};
specialArgs = { specialArgs = {
inherit (nixpkgs) lib; inherit (nixpkgs) lib;
inherit (self) extraLib; inherit (self) extraLib nodes;
inherit inputs; inherit inputs;
inherit nodeName; inherit nodeName;
inherit nodeMeta; inherit nodeMeta;
inherit (self) nodes;
secrets = self.secrets.content; secrets = self.secrets.content;
nodeSecrets = self.secrets.content.nodes.${nodeName}; nodeSecrets = self.secrets.content.nodes.${nodeName};
nixos-hardware = nixos-hardware.nixosModules; nixos-hardware = nixos-hardware.nixosModules;