Migrate to 20.09
This commit is contained in:
parent
e79e823b9c
commit
7c5dce9fbd
|
@ -28,7 +28,8 @@ in {
|
|||
m0wire = {
|
||||
allowedIPsAsRoutes = false;
|
||||
ips = [ "${hosts.apollo-wg}/112" ];
|
||||
privateKeyFile = "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
|
||||
privateKeyFile =
|
||||
"/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
|
||||
peers = [{
|
||||
publicKey = wireguard.pub.hera;
|
||||
allowedIPs = [ "::/0" ];
|
||||
|
@ -90,15 +91,15 @@ in {
|
|||
};
|
||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||
|
||||
cdark_net = {
|
||||
enable = true;
|
||||
hostName = "${me.user}_${config.networking.hostName}";
|
||||
ed25519PrivateKeyFile = /etc/nixos/nixos/machines + "/${config.networking.hostName}"
|
||||
+ /secret/tinc/ed25519_key.priv;
|
||||
hostsDirectory =
|
||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
||||
ip6address = "fd23:42:cda:4342::2";
|
||||
ip4address = "172.20.71.2";
|
||||
};
|
||||
#cdark_net = {
|
||||
#enable = true;
|
||||
#hostName = "${me.user}_${config.networking.hostName}";
|
||||
#ed25519PrivateKeyFile = /etc/nixos/nixos/machines
|
||||
#+ "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
|
||||
#hostsDirectory =
|
||||
#pkgs.fetchgit { url = "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"; };
|
||||
#ip6address = "fd23:42:cda:4342::2";
|
||||
#ip4address = "172.20.71.2";
|
||||
#};
|
||||
system.stateVersion = "19.09";
|
||||
}
|
||||
|
|
|
@ -1,6 +1,6 @@
|
|||
{ ... }: {
|
||||
|
||||
m-0.server.initSSHKey = ./secret/boot_rsa;
|
||||
m-0.server.initSSHKey = ./secret/ssh_boot_rsa;
|
||||
|
||||
boot = {
|
||||
loader.grub = {
|
||||
|
|
|
@ -54,7 +54,6 @@ let
|
|||
nextcloud = {
|
||||
enable = true;
|
||||
hostName = hostname;
|
||||
nginx.enable = true;
|
||||
package = pkgs.nextcloud18;
|
||||
maxUploadSize = "10g";
|
||||
caching = {
|
||||
|
|
BIN
nixos/machines/hera/secret/ssh_boot_rsa
Normal file
BIN
nixos/machines/hera/secret/ssh_boot_rsa
Normal file
Binary file not shown.
|
@ -1,19 +1,15 @@
|
|||
{ lib, config, ... }:
|
||||
let
|
||||
secretsFile = "/var/lib/luks-secret/key";
|
||||
secretsInitrd = "/boot/grub/secrets-initrd.gz";
|
||||
let secretsFile = "/var/lib/luks-secret/key";
|
||||
in {
|
||||
boot.initrd.luks.devices."nixos" = {
|
||||
fallbackToPassword = true;
|
||||
keyFile = secretsFile;
|
||||
};
|
||||
# copy the secret into the additional initramfs. `null` means same path
|
||||
boot.initrd.secrets."${secretsFile}" = null;
|
||||
boot.loader = {
|
||||
supportsInitrdSecrets = lib.mkForce true;
|
||||
grub.extraInitrd = secretsInitrd;
|
||||
grub.extraPrepareConfig = ''
|
||||
${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
|
||||
'';
|
||||
boot = {
|
||||
initrd = {
|
||||
luks.devices."nixos" = {
|
||||
fallbackToPassword = true;
|
||||
keyFile = secretsFile;
|
||||
};
|
||||
# copy the secret into the additional initramfs. `null` means same path
|
||||
secrets."${secretsFile}" = null;
|
||||
};
|
||||
loader.supportsInitrdSecrets = lib.mkForce true;
|
||||
};
|
||||
}
|
||||
|
|
|
@ -9,11 +9,7 @@ with lib; {
|
|||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
|
||||
# generate file with
|
||||
# nix-shell -p dropbear
|
||||
# dropbearkey -t rsa -f boot_rsa
|
||||
hostRSAKey = config.m-0.server.initSSHKey;
|
||||
hostKeys = [ config.m-0.server.initSSHKey ];
|
||||
};
|
||||
};
|
||||
postMountCommands = "ip link set eth0 down";
|
||||
|
|
|
@ -8,5 +8,5 @@ buildGoModule rec {
|
|||
rev = version;
|
||||
sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
|
||||
};
|
||||
modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
|
||||
vendorSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
|
||||
}
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
{ buildGoModule, fetchFromGitHub }:
|
||||
buildGoModule {
|
||||
pname = "neuron-language-server";
|
||||
version = "0.1";
|
||||
version = "0.1.1";
|
||||
|
||||
src = fetchFromGitHub {
|
||||
owner = "aca";
|
||||
|
@ -10,5 +10,7 @@ buildGoModule {
|
|||
sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
|
||||
};
|
||||
|
||||
vendorSha256 = "02dajl4l3c8522ik2hmiq8cx4kj4h2ykx8l7qsal5xznx9pqbs7i";
|
||||
doCheck = false;
|
||||
|
||||
vendorSha256 = "0pjjkw0633l8qbvwzy57rx76zjn3w3kf5f7plxnpxih9zj0q258l";
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue