blob: 915f124338f8b844763219f580dda3b000fc7d09 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
|
{ config, lib, pkgs, ... }:
let
myLib = import ./lib.nix { inherit pkgs lib; };
myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };
mkDevice = category: num: uuid: {
name = "mikiya-${category}-crypt-${toString num}";
device = "/dev/disk/by-uuid/${uuid}";
keyFile = "/root/raid.key";
};
systemDevice = "/dev/disk/by-id/ata-MKNSSDCR60GB-DX_MKN1140A0000025162";
systemPartition = "/dev/disk/by-uuid/56910867-ed83-438a-b67c-c057e662c89e";
rootDevice = "/dev/mapper/mikiya-root";
raidDevices = lib.imap (mkDevice "raid") [
"f0069e04-d058-40b3-8f13-92f11c4c2546"
];
in {
imports = [ ./base-server.nix ];
config = {
boot = {
loader.grub.device = systemDevice;
kernelModules = [ "kvm-intel" ];
kernelParams = [ "ip=192.168.0.5" ];
initrd = {
network = {
enable = true;
ssh.enable = true;
ssh.authorizedKeys = myLib.authKeys;
# we wait until the root device is unlocked (by ssh)
postCommands = ''
echo "Waiting for ssh unlock of ${rootDevice} (infinitely)"
while [ ! -e ${rootDevice} ]; do sleep 1; done
'';
};
availableKernelModules = [
"ahci" "xhci_pci" "usb_storage" "usbhid" "sd_mod"
# used for ethernet device(s)
"r8169"
];
# decrypt root device
luks.devices.mikiya-root.device = systemPartition;
};
};
fileSystems."/" = {
device = rootDevice;
fsType = "ext4";
options = [ "ssd" ];
};
fileSystems."/boot" = {
device = "/dev/disk/by-uuid/9aa38aa7-652f-4762-a0c2-b70332b93f4d";
fsType = "ext3";
};
nix.settings.max-jobs = 4;
vuizvui.user.profpatsch.server.sshPort = 22;
/*
# decrypt RAID with key from root
environment.etc.crypttab.text =
let luksDevice = dev: "${dev.name} ${dev.device} ${dev.keyFile} luks";
in concatMapStringsSep "\n" luksDevice raidDevices;
powerManagement = {
# spin down raid drives after 30 minutes
powerUpCommand =
let driveStandby = drive: "${pkgs.hdparm}/sbin/hdparm -S 241 ${drive.device}";
in concatMapStringsSep "\n" driveStandby raidDevices;
*/
users.users = { inherit (myLib) philip; };
};
}
|