forked from hacc/haccfiles
bundle encboot
this does nothing but move the module & rename the hexchen.* options to hacc.*
This commit is contained in:
parent
39531f1c48
commit
0140b7a9fb
4 changed files with 48 additions and 2 deletions
|
@ -40,6 +40,7 @@
|
||||||
let modules = nix-hexchen.nixosModules // {
|
let modules = nix-hexchen.nixosModules // {
|
||||||
bindMounts = import ./modules/bindmounts.nix;
|
bindMounts = import ./modules/bindmounts.nix;
|
||||||
nopersist = import ./modules/nopersist.nix;
|
nopersist = import ./modules/nopersist.nix;
|
||||||
|
encboot = import ./modules/encboot.nix;
|
||||||
};
|
};
|
||||||
profiles = nix-hexchen.nixosModules.profiles // {
|
profiles = nix-hexchen.nixosModules.profiles // {
|
||||||
container = import ./modules/container-profile.nix;
|
container = import ./modules/container-profile.nix;
|
||||||
|
|
45
modules/encboot.nix
Normal file
45
modules/encboot.nix
Normal file
|
@ -0,0 +1,45 @@
|
||||||
|
{ config, pkgs, lib, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
|
||||||
|
let cfg = config.hacc.encboot;
|
||||||
|
|
||||||
|
in {
|
||||||
|
options = {
|
||||||
|
hacc.encboot = {
|
||||||
|
enable = mkOption {
|
||||||
|
type = types.bool;
|
||||||
|
default = false;
|
||||||
|
};
|
||||||
|
networkDrivers = mkOption { type = with types; listOf str; };
|
||||||
|
dataset = mkOption {
|
||||||
|
type = types.str;
|
||||||
|
default = "zroot";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
boot.initrd.kernelModules = cfg.networkDrivers;
|
||||||
|
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 2222;
|
||||||
|
authorizedKeys = with lib;
|
||||||
|
concatLists (mapAttrsToList (name: user:
|
||||||
|
if elem "wheel" user.extraGroups then
|
||||||
|
user.openssh.authorizedKeys.keys
|
||||||
|
else
|
||||||
|
[ ]) config.users.users);
|
||||||
|
hostKeys = [ /etc/ssh/encboot_host ];
|
||||||
|
};
|
||||||
|
|
||||||
|
postCommands = ''
|
||||||
|
zpool import ${cfg.dataset}
|
||||||
|
echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
|
@ -8,7 +8,7 @@ with lib;
|
||||||
users.mutableUsers = false;
|
users.mutableUsers = false;
|
||||||
|
|
||||||
boot.initrd = mkIf (config.fileSystems."/".fsType == "zfs") {
|
boot.initrd = mkIf (config.fileSystems."/".fsType == "zfs") {
|
||||||
network.ssh.hostKeys = mkIf config.hexchen.encboot.enable
|
network.ssh.hostKeys = mkIf config.hacc.encboot.enable
|
||||||
(mkForce [ /persist/ssh/encboot_host ]);
|
(mkForce [ /persist/ssh/encboot_host ]);
|
||||||
|
|
||||||
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable)
|
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable)
|
||||||
|
|
|
@ -24,7 +24,7 @@
|
||||||
|
|
||||||
hacc.bindToPersist = [ "/var/lib/acme" ];
|
hacc.bindToPersist = [ "/var/lib/acme" ];
|
||||||
|
|
||||||
hexchen.encboot = {
|
hacc.encboot = {
|
||||||
enable = true;
|
enable = true;
|
||||||
dataset = "-a";
|
dataset = "-a";
|
||||||
networkDrivers = [ "igb" ];
|
networkDrivers = [ "igb" ];
|
||||||
|
|
Loading…
Reference in a new issue