bundle encboot

this does nothing but move the module & rename the hexchen.* options to hacc.*
This commit is contained in:
stuebinm 2024-01-31 23:47:02 +01:00
parent 39531f1c48
commit 0140b7a9fb
4 changed files with 48 additions and 2 deletions

View file

@ -40,6 +40,7 @@
let modules = nix-hexchen.nixosModules // { let modules = nix-hexchen.nixosModules // {
bindMounts = import ./modules/bindmounts.nix; bindMounts = import ./modules/bindmounts.nix;
nopersist = import ./modules/nopersist.nix; nopersist = import ./modules/nopersist.nix;
encboot = import ./modules/encboot.nix;
}; };
profiles = nix-hexchen.nixosModules.profiles // { profiles = nix-hexchen.nixosModules.profiles // {
container = import ./modules/container-profile.nix; container = import ./modules/container-profile.nix;

45
modules/encboot.nix Normal file
View file

@ -0,0 +1,45 @@
{ config, pkgs, lib, ... }:
with lib;
let cfg = config.hacc.encboot;
in {
options = {
hacc.encboot = {
enable = mkOption {
type = types.bool;
default = false;
};
networkDrivers = mkOption { type = with types; listOf str; };
dataset = mkOption {
type = types.str;
default = "zroot";
};
};
};
config = mkIf cfg.enable {
boot.initrd.kernelModules = cfg.networkDrivers;
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
authorizedKeys = with lib;
concatLists (mapAttrsToList (name: user:
if elem "wheel" user.extraGroups then
user.openssh.authorizedKeys.keys
else
[ ]) config.users.users);
hostKeys = [ /etc/ssh/encboot_host ];
};
postCommands = ''
zpool import ${cfg.dataset}
echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
'';
};
};
}

View file

@ -8,7 +8,7 @@ with lib;
users.mutableUsers = false; users.mutableUsers = false;
boot.initrd = mkIf (config.fileSystems."/".fsType == "zfs") { boot.initrd = mkIf (config.fileSystems."/".fsType == "zfs") {
network.ssh.hostKeys = mkIf config.hexchen.encboot.enable network.ssh.hostKeys = mkIf config.hacc.encboot.enable
(mkForce [ /persist/ssh/encboot_host ]); (mkForce [ /persist/ssh/encboot_host ]);
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable)

View file

@ -24,7 +24,7 @@
hacc.bindToPersist = [ "/var/lib/acme" ]; hacc.bindToPersist = [ "/var/lib/acme" ];
hexchen.encboot = { hacc.encboot = {
enable = true; enable = true;
dataset = "-a"; dataset = "-a";
networkDrivers = [ "igb" ]; networkDrivers = [ "igb" ];