machines/profpatsch/mikiya.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68

{ config, lib, pkgs, ... }:

let
  myLib  = import ./lib.nix  { inherit pkgs lib; };
  myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };

  mkDevice = category: num: uuid: {
    name = "mikiya-${category}-crypt-${toString num}";
    device = "/dev/disk/by-uuid/${uuid}";
    keyFile = "/root/raid.key";
  };

  systemDevice = "/dev/disk/by-id/ata-MKNSSDCR60GB-DX_MKN1140A0000025162";
  systemPartition = {
    name = "mikiya-root";
    device = "/dev/disk/by-uuid/56910867-ed83-438a-b67c-c057e662c89e";
  };

  raidDevices = lib.imap (mkDevice "raid") [
    "f0069e04-d058-40b3-8f13-92f11c4c2546"
  ];


in {
  imports = [ ./base-server.nix ];

  config = {

    vuizvui.user.profpatsch.server.sshPort = 22;
    boot = {
      loader.grub.device = systemDevice;
      initrd = {
        network = {
          enable = true;
          ssh.enable = true;
          ssh.authorizedKeys = myLib.authKeys;
        };

        # decrypt root device
        luks.devices = [systemPartition];
      };
    };

    fileSystems."/" = {
      device = "/dev/mapper/mikiya-root";
      fsType = "ext4";
      options = [ "ssd" ];
    };

    /*
    # decrypt RAID with key from root
    environment.etc.crypttab.text =
      let luksDevice = dev: "${dev.name} ${dev.device} ${dev.keyFile} luks";
      in concatMapStringsSep "\n" luksDevice raidDevices;

    powerManagement = {
      # spin down raid drives after 30 minutes
      powerUpCommand =
        let driveStandby = drive: "${pkgs.hdparm}/sbin/hdparm -S 241 ${drive.device}";
        in concatMapStringsSep "\n" driveStandby raidDevices;
    */

    users.users = { inherit (myLib) philip; };

  };

}