blob: d0a4c26742c64930cab324da0f123e7736bf7e41 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
|
{ config, lib, pkgs, ... }:
let
myLib = import ./lib.nix { inherit pkgs lib; };
myPkgs = import ./pkgs.nix { inherit pkgs lib myLib; };
mkDevice = category: num: uuid: {
name = "mikiya-${category}-crypt-${toString num}";
device = "/dev/disk/by-uuid/${uuid}";
keyFile = "/root/raid.key";
};
systemDevice = "/dev/disk/by-id/ata-MKNSSDCR60GB-DX_MKN1140A0000025162";
systemPartition = {
name = "mikiya-root";
device = "/dev/disk/by-uuid/56910867-ed83-438a-b67c-c057e662c89e";
};
raidDevices = lib.imap (mkDevice "raid") [
"f0069e04-d058-40b3-8f13-92f11c4c2546"
];
in {
imports = [ ./base-server.nix ];
config = {
vuizvui.user.profpatsch.server.sshPort = 22;
boot = {
loader.grub.device = systemDevice;
initrd = {
network = {
enable = true;
ssh.enable = true;
ssh.authorizedKeys = myLib.authKeys;
};
# decrypt root device
luks.devices = [systemPartition];
};
};
fileSystems."/" = {
device = "/dev/mapper/mikiya-root";
fsType = "ext4";
options = [ "ssd" ];
};
/*
# decrypt RAID with key from root
environment.etc.crypttab.text =
let luksDevice = dev: "${dev.name} ${dev.device} ${dev.keyFile} luks";
in concatMapStringsSep "\n" luksDevice raidDevices;
powerManagement = {
# spin down raid drives after 30 minutes
powerUpCommand =
let driveStandby = drive: "${pkgs.hdparm}/sbin/hdparm -S 241 ${drive.device}";
in concatMapStringsSep "\n" driveStandby raidDevices;
*/
users.users = { inherit (myLib) philip; };
};
}
|