From d818805989b4b9d9102a8dd85f23d60872d77cbb Mon Sep 17 00:00:00 2001 From: Astrid Yu Date: Mon, 25 Mar 2024 00:36:55 -0700 Subject: [PATCH] more ill-fated attempts? --- machines/boop/README.md | 2 +- machines/boop/boot.nix | 7 ++----- machines/boop/bootstrap.sh | 28 ++++++++++++++++++++++++++++ machines/boop/configuration.nix | 1 + machines/boop/fs.nix | 1 + nix/nixos-modules/roles/server.nix | 8 ++++---- 6 files changed, 37 insertions(+), 10 deletions(-) create mode 100644 machines/boop/bootstrap.sh diff --git a/machines/boop/README.md b/machines/boop/README.md index 0999d27c..71400ed4 100644 --- a/machines/boop/README.md +++ b/machines/boop/README.md @@ -1,3 +1,3 @@ -# `xn--vp9h` (pronounced 🤓) +# boop another server for applications and compute and stuff diff --git a/machines/boop/boot.nix b/machines/boop/boot.nix index 4d1c103d..0ef03ad4 100644 --- a/machines/boop/boot.nix +++ b/machines/boop/boot.nix @@ -23,16 +23,13 @@ in { # because we want to be able to decrypt host keys over SSH boot.initrd.network = { - udhcpc = { - enable = true; - extraArgs = [ "-i" constants.mgmt_if ]; - }; + enable = true; + udhcpc.enable = true; postCommands = '' ip addr ''; ssh = { enable = true; - port = 2222; hostKeys = [ ./initrd/ssh_host_rsa_key ./initrd/ssh_host_ed25519_key ]; authorizedKeys = inputs.self.lib.sshKeyDatabase.users.astrid; }; diff --git a/machines/boop/bootstrap.sh b/machines/boop/bootstrap.sh new file mode 100644 index 00000000..c1f6772b --- /dev/null +++ b/machines/boop/bootstrap.sh @@ -0,0 +1,28 @@ +#!/usr/bin/env bash + +set -euxo pipefail + +mkdisks() { + zpool create rpool mirror /dev/disk/by-id/nvme-eui.6479a7869ad03b89 /dev/disk/by-id/nvme-eui.6479a7869ad04a16 + zfs create -o encryption=on -o keylocation=prompt -o keyformat=passphrase rpool/enc + zfs set mountpoint=none rpool + zfs set compression=on rpool + for pool in rpool/enc/var rpool/enc/etc rpool/enc/tmp rpool/enc/home rpool/nix; do + zfs create -o mountpoint=legacy $pool + done + zfs list +} + +mountdisks() { + mount -t tmpfs -osize=256M,mode=755 rootfs /mnt + mount -t zfs -o x-mount.mkdir rpool/enc/tmp /mnt/tmp + mount -t zfs -o x-mount.mkdir rpool/nix /mnt/nix + mount -t zfs -o x-mount.mkdir rpool/enc/var /mnt/var + mount -t zfs -o x-mount.mkdir rpool/enc/etc /mnt/etc + mount -t zfs -o x-mount.mkdir rpool/enc/home /mnt/home + mount -o x-mount.mkdir /dev/disk/by-uuid/D30E-26C7 /mnt/boot +} + +runinstall() { + nixos-install --no-channel-copy --option substituters "" $@ +} \ No newline at end of file diff --git a/machines/boop/configuration.nix b/machines/boop/configuration.nix index 3db8db2b..ecb758a6 100644 --- a/machines/boop/configuration.nix +++ b/machines/boop/configuration.nix @@ -17,6 +17,7 @@ with lib; { astral = { users.alia.enable = true; + users.astrid.enable = true; virt = { docker.enable = true; libvirt.enable = true; diff --git a/machines/boop/fs.nix b/machines/boop/fs.nix index 50f3d457..557bc805 100644 --- a/machines/boop/fs.nix +++ b/machines/boop/fs.nix @@ -4,6 +4,7 @@ fileSystems."/" = { device = "rootfs"; fsType = "tmpfs"; + options = [ "defaults" "size=256M" "mode=755" ]; }; fileSystems."/tmp" = { diff --git a/nix/nixos-modules/roles/server.nix b/nix/nixos-modules/roles/server.nix index e2e038fa..f8041b34 100644 --- a/nix/nixos-modules/roles/server.nix +++ b/nix/nixos-modules/roles/server.nix @@ -16,10 +16,10 @@ with lib; { boot.kernelPackages = pkgs.linuxKernel.packages.linux_hardened; # Enable SSH in initrd for debugging - boot.initrd.network.ssh = { - enable = true; - authorizedKeys = [ inputs.self.lib.sshKeyDatabase.users.astrid ]; - }; + # boot.initrd.network.ssh = { + # enable = true; + # authorizedKeys = [ inputs.self.lib.sshKeyDatabase.users.astrid ]; + # }; astral = { acme.enable = true;