chayleaf/dotfiles
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity
dotfiles/system/devices/radxa-rock5a-server.nix

84 lines
2.3 KiB
Nix
Raw Blame History

{ config
, lib
, router-config
, hardware
, ... }:
let
encUuid = "15945050-df48-418b-b736-827749b9262a";
encPart = "/dev/disk/by-uuid/${encUuid}";
rootUuid = "de454394-8cc1-4267-b62b-1e25062f7cf4";
rootPart = "/dev/disk/by-uuid/${rootUuid}";
bootUuid = "0603-5955";
bootPart = "/dev/disk/by-uuid/${bootUuid}";
in
{
imports = [
../hardware/radxa-rock5a
../hosts/nixserver
hardware.common-pc-ssd
];
boot.initrd.availableKernelModules = [
# network in initrd
"dwmac-rk"
# fde unlock in initrd
"dm_mod" "dm_crypt" "encrypted_keys"
];
networking.useDHCP = true;
boot.initrd = {
preLVMCommands = lib.mkOrder 499 ''
ip link set eth0 address ${router-config.router-settings.serverInitrdMac} || true
'';
postMountCommands = ''
ip link set eth0 address ${router-config.router-settings.serverMac} || true
'';
network.enable = true;
network.udhcpc.extraArgs = [ "-t6" ];
network.ssh = {
enable = true;
port = 22;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [
"/secrets/initrd/ssh_host_rsa_key"
"/secrets/initrd/ssh_host_ed25519_key"
];
# shell = "/bin/cryptsetup-askpass";
};
luks.devices."cryptroot" = {
device = encPart;
# idk whether this is needed but it works
preLVM = true;
# see https://asalor.blogspot.de/2011/08/trim-dm-crypt-problems.html before enabling
allowDiscards = true;
# improve SSD performance
bypassWorkqueues = true;
};
};
fileSystems = {
"/" = { device = "none"; fsType = "tmpfs"; neededForBoot = true;
options = [ "defaults" "size=2G" "mode=755" ]; };
# TODO: switch to bcachefs?
# I wanna do it some day, but maybe starting with the next disk I get for this server
"/persist" =
{ device = rootPart; fsType = "btrfs"; neededForBoot = true;
options = [ "subvol=@" "compress=zstd" ]; };
"/boot" =
{ device = bootPart; fsType = "vfat"; neededForBoot = true; };
};
impermanence = {
enable = true;
path = /persist;
directories = [
{ directory = /home/${config.common.mainUsername}; user = config.common.mainUsername; group = "users"; mode = "0700"; }
{ directory = /root; mode = "0700"; }
{ directory = /nix; }
];
};
}
Reference in a new issue View git blame Copy permalink