From efd2091a76945c5d58904a56c9e264250b643f1d Mon Sep 17 00:00:00 2001 From: makefu Date: Mon, 30 May 2022 12:57:12 +0200 Subject: [PATCH] ma iso.r: cleanup --- 1systems/iso/config.nix | 18 +++++++++++------- 1systems/iso/justdoit.nix | 18 +++++------------- 1systems/iso/target-config.nix | 14 ++++++++++---- 3 files changed, 26 insertions(+), 24 deletions(-) diff --git a/1systems/iso/config.nix b/1systems/iso/config.nix index 6c4f623..2071212 100644 --- a/1systems/iso/config.nix +++ b/1systems/iso/config.nix @@ -9,17 +9,22 @@ with import ; # ./justdoit.nix { + environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' + #!/bin/sh + ip addr add 178.254.30.202/255.255.252.0 dev ens3 + ip route add default via 178.254.28.1 + echo nameserver 1.1.1.1 > /etc/resolv.conf + '')]; kexec.justdoit = { - # bootSize = 512; - rootDevice = "/dev/sdb"; - swapSize = 1024; + bootSize = 512; + rootDevice = "/dev/vda"; bootType = "vfat"; - luksEncrypt = true; - uefi = true; + luksEncrypt = false; + uefi = false; }; } ]; - boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; + # boot.kernelPackages = lib.mkDefault pkgs.linuxPackages_latest; # TODO: NIX_PATH and nix.nixPath are being set by default.nix right now # cd ~/stockholm ; nix-build -A config.system.build.isoImage -I nixos-config=makefu/1systems/iso/config.nix -I secrets=/home/makefu/secrets/iso /var/src/nixpkgs/nixos #krebs.build.host = { cores = 0; }; @@ -33,7 +38,6 @@ with import ; EDITOR=vim ''; # iso-specific - boot.kernelParams = [ "copytoram" ]; services.openssh = { enable = true; hostKeys = [ diff --git a/1systems/iso/justdoit.nix b/1systems/iso/justdoit.nix index 7947953..0ce9049 100644 --- a/1systems/iso/justdoit.nix +++ b/1systems/iso/justdoit.nix @@ -67,29 +67,22 @@ in { unit: sectors ${lib.optionalString (cfg.bootType != "zfs") "1 : size=${toString (2048 * cfg.bootSize)}, type=0FC63DAF-8483-4772-8E79-3D69D8477DE4"} ${lib.optionalString (! cfg.uefi) "4 : size=4096, type=21686148-6449-6E6F-744E-656564454649"} - 2 : size=${toString (2048 * cfg.swapSize)}, type=0657FD6D-A4AB-43C4-84E5-0933C84B4F4F - 3 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 + 2 : type=0FC63DAF-8483-4772-8E79-3D69D8477DE4 EOF ${if cfg.luksEncrypt then '' cryptsetup luksFormat ${cfg.rootDevice}${x}2 - cryptsetup open --type luks ${cfg.rootDevice}${x}2 swap - cryptsetup luksFormat ${cfg.rootDevice}${x}3 - cryptsetup open --type luks ${cfg.rootDevice}${x}3 root + cryptsetup open --type luks ${cfg.rootDevice}${x}2 root export ROOT_DEVICE=/dev/mapper/root - export SWAP_DEVICE=/dev/mapper/swap '' else '' - export ROOT_DEVICE=${cfg.rootDevice}${x}3 - export SWAP_DEVICE=${cfg.rootDevice}${x}2 + export ROOT_DEVICE=${cfg.rootDevice}${x}2 ''} ${lib.optionalString (cfg.bootType != "zfs") "export NIXOS_BOOT=${cfg.rootDevice}${x}1"} mkdir -p /mnt ${mkBootTable.${cfg.bootType}} - mkswap $SWAP_DEVICE -L NIXOS_SWAP zpool create -o ashift=12 -o altroot=/mnt ${cfg.poolName} $ROOT_DEVICE zfs create -o mountpoint=legacy ${cfg.poolName}/root zfs create -o mountpoint=legacy ${cfg.poolName}/home zfs create -o mountpoint=legacy ${cfg.poolName}/nix - swapon $SWAP_DEVICE mount -t zfs ${cfg.poolName}/root /mnt/ mkdir /mnt/{home,nix,boot} mount -t zfs ${cfg.poolName}/home /mnt/home/ @@ -111,8 +104,7 @@ in { networking.hostId = "$hostId"; # required for zfs use ${lib.optionalString cfg.luksEncrypt '' boot.initrd.luks.devices = [ - { name = "swap"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } - { name = "root"; device = "${cfg.rootDevice}${x}3"; preLVM = true; } + { name = "root"; device = "${cfg.rootDevice}${x}2"; preLVM = true; } ]; ''} } @@ -120,9 +112,9 @@ in { nixos-install umount /mnt/home /mnt/nix ${lib.optionalString (cfg.bootType != "zfs") "/mnt/boot"} /mnt zpool export ${cfg.poolName} - swapoff $SWAP_DEVICE ''; environment.systemPackages = [ config.system.build.justdoit ]; boot.supportedFilesystems = [ "zfs" ]; + users.users.root.openssh.authorizedKeys.keys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCl3RTOHd5DLiVeUbUr/GSiKoRWknXQnbkIf+uNiFO+XxiqZVojPlumQUVhasY8UzDzj9tSDruUKXpjut50FhIO5UFAgsBeMJyoZbgY/+R+QKU00Q19+IiUtxeFol/9dCO+F4o937MC0OpAC10LbOXN/9SYIXueYk3pJxIycXwUqhYmyEqtDdVh9Rx32LBVqlBoXRHpNGPLiswV2qNe0b5p919IGcslzf1XoUzfE3a3yjk/XbWh/59xnl4V7Oe7+iQheFxOT6rFA30WYwEygs5As//ZYtxvnn0gA02gOnXJsNjOW9irlxOUeP7IOU6Ye3WRKFRR0+7PS+w8IJLag2xb" ]; }; } diff --git a/1systems/iso/target-config.nix b/1systems/iso/target-config.nix index 6915e41..59d2960 100644 --- a/1systems/iso/target-config.nix +++ b/1systems/iso/target-config.nix @@ -1,12 +1,12 @@ -{ lib, ... }: +{ pkgs, lib, ... }: { imports = [ ./hardware-configuration.nix ./generated.nix ]; boot.loader.grub.enable = true; boot.loader.grub.version = 2; boot.zfs.devNodes = "/dev"; # fixes some virtualmachine issues - boot.zfs.forceImportRoot = false; - boot.zfs.forceImportAll = false; + #boot.zfs.forceImportRoot = false; + #boot.zfs.forceImportAll = false; boot.kernelParams = [ "boot.shell_on_fail" "panic=30" "boot.panic_on_fail" # reboot the machine upon fatal boot issues @@ -18,8 +18,15 @@ SystemMaxUse=1G RuntimeMaxUse=128M ''; + environment.systemPackages = [ (pkgs.writeScriptBin "network-setup" '' + #!/bin/sh + ip addr add 178.254.30.202/255.255.252.0 dev ens3 + ip route add default via 178.254.28.1 + echo nameserver 1.1.1.1 > /etc/resolv.conf + '')]; # minimal + boot.supportedFilesystems = [ "zfs" ]; programs.command-not-found.enable = false; time.timeZone = "Europe/Berlin"; programs.ssh.startAgent = false; @@ -36,5 +43,4 @@ "net.ipv6.conf.all.use_tempaddr" = lib.mkDefault "2"; "net.ipv6.conf.default.use_tempaddr" = lib.mkDefault "2"; }; - services.nscd.enable = false; }