Migrate to 20.09
This commit is contained in:
parent
e79e823b9c
commit
7c5dce9fbd
|
@ -28,7 +28,8 @@ in {
|
||||||
m0wire = {
|
m0wire = {
|
||||||
allowedIPsAsRoutes = false;
|
allowedIPsAsRoutes = false;
|
||||||
ips = [ "${hosts.apollo-wg}/112" ];
|
ips = [ "${hosts.apollo-wg}/112" ];
|
||||||
privateKeyFile = "/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
|
privateKeyFile =
|
||||||
|
"/etc/nixos/nixos/machines/apollo/secret/wireguard-private";
|
||||||
peers = [{
|
peers = [{
|
||||||
publicKey = wireguard.pub.hera;
|
publicKey = wireguard.pub.hera;
|
||||||
allowedIPs = [ "::/0" ];
|
allowedIPs = [ "::/0" ];
|
||||||
|
@ -90,15 +91,15 @@ in {
|
||||||
};
|
};
|
||||||
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
boot.kernel.sysctl = { "fs.inotify.max_user_watches" = 204800; };
|
||||||
|
|
||||||
cdark_net = {
|
#cdark_net = {
|
||||||
enable = true;
|
#enable = true;
|
||||||
hostName = "${me.user}_${config.networking.hostName}";
|
#hostName = "${me.user}_${config.networking.hostName}";
|
||||||
ed25519PrivateKeyFile = /etc/nixos/nixos/machines + "/${config.networking.hostName}"
|
#ed25519PrivateKeyFile = /etc/nixos/nixos/machines
|
||||||
+ /secret/tinc/ed25519_key.priv;
|
#+ "/${config.networking.hostName}" + /secret/tinc/ed25519_key.priv;
|
||||||
hostsDirectory =
|
#hostsDirectory =
|
||||||
(builtins.fetchGit "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts");
|
#pkgs.fetchgit { url = "ssh://git@git.darmstadt.ccc.de/cdark.net/hosts"; };
|
||||||
ip6address = "fd23:42:cda:4342::2";
|
#ip6address = "fd23:42:cda:4342::2";
|
||||||
ip4address = "172.20.71.2";
|
#ip4address = "172.20.71.2";
|
||||||
};
|
#};
|
||||||
system.stateVersion = "19.09";
|
system.stateVersion = "19.09";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,6 +1,6 @@
|
||||||
{ ... }: {
|
{ ... }: {
|
||||||
|
|
||||||
m-0.server.initSSHKey = ./secret/boot_rsa;
|
m-0.server.initSSHKey = ./secret/ssh_boot_rsa;
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
loader.grub = {
|
loader.grub = {
|
||||||
|
|
|
@ -54,7 +54,6 @@ let
|
||||||
nextcloud = {
|
nextcloud = {
|
||||||
enable = true;
|
enable = true;
|
||||||
hostName = hostname;
|
hostName = hostname;
|
||||||
nginx.enable = true;
|
|
||||||
package = pkgs.nextcloud18;
|
package = pkgs.nextcloud18;
|
||||||
maxUploadSize = "10g";
|
maxUploadSize = "10g";
|
||||||
caching = {
|
caching = {
|
||||||
|
|
BIN
nixos/machines/hera/secret/ssh_boot_rsa
Normal file
BIN
nixos/machines/hera/secret/ssh_boot_rsa
Normal file
Binary file not shown.
|
@ -1,19 +1,15 @@
|
||||||
{ lib, config, ... }:
|
{ lib, config, ... }:
|
||||||
let
|
let secretsFile = "/var/lib/luks-secret/key";
|
||||||
secretsFile = "/var/lib/luks-secret/key";
|
|
||||||
secretsInitrd = "/boot/grub/secrets-initrd.gz";
|
|
||||||
in {
|
in {
|
||||||
boot.initrd.luks.devices."nixos" = {
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
luks.devices."nixos" = {
|
||||||
fallbackToPassword = true;
|
fallbackToPassword = true;
|
||||||
keyFile = secretsFile;
|
keyFile = secretsFile;
|
||||||
};
|
};
|
||||||
# copy the secret into the additional initramfs. `null` means same path
|
# copy the secret into the additional initramfs. `null` means same path
|
||||||
boot.initrd.secrets."${secretsFile}" = null;
|
secrets."${secretsFile}" = null;
|
||||||
boot.loader = {
|
};
|
||||||
supportsInitrdSecrets = lib.mkForce true;
|
loader.supportsInitrdSecrets = lib.mkForce true;
|
||||||
grub.extraInitrd = secretsInitrd;
|
|
||||||
grub.extraPrepareConfig = ''
|
|
||||||
${config.system.build.initialRamdiskSecretAppender}/bin/append-initrd-secrets ${secretsInitrd}
|
|
||||||
'';
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,11 +9,7 @@ with lib; {
|
||||||
ssh = {
|
ssh = {
|
||||||
enable = true;
|
enable = true;
|
||||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
|
hostKeys = [ config.m-0.server.initSSHKey ];
|
||||||
# generate file with
|
|
||||||
# nix-shell -p dropbear
|
|
||||||
# dropbearkey -t rsa -f boot_rsa
|
|
||||||
hostRSAKey = config.m-0.server.initSSHKey;
|
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
postMountCommands = "ip link set eth0 down";
|
postMountCommands = "ip link set eth0 down";
|
||||||
|
|
|
@ -8,5 +8,5 @@ buildGoModule rec {
|
||||||
rev = version;
|
rev = version;
|
||||||
sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
|
sha256 = "0nx99iab2y10m4jh4jl9c4y7j4iy8zlyfcn42v4y4mlk1507czlj";
|
||||||
};
|
};
|
||||||
modSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
|
vendorSha256 = "0nrl1d1628isd6183a9rj4qmsmzpbsf656cm75vw0lz2x0s4x7dg";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,7 @@
|
||||||
{ buildGoModule, fetchFromGitHub }:
|
{ buildGoModule, fetchFromGitHub }:
|
||||||
buildGoModule {
|
buildGoModule {
|
||||||
pname = "neuron-language-server";
|
pname = "neuron-language-server";
|
||||||
version = "0.1";
|
version = "0.1.1";
|
||||||
|
|
||||||
src = fetchFromGitHub {
|
src = fetchFromGitHub {
|
||||||
owner = "aca";
|
owner = "aca";
|
||||||
|
@ -10,5 +10,7 @@ buildGoModule {
|
||||||
sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
|
sha256 = "1kbh0bzzfmk7aj3c6k3ifwx4p42lw2pnr68srk3qpy6hjna8nczb";
|
||||||
};
|
};
|
||||||
|
|
||||||
vendorSha256 = "02dajl4l3c8522ik2hmiq8cx4kj4h2ykx8l7qsal5xznx9pqbs7i";
|
doCheck = false;
|
||||||
|
|
||||||
|
vendorSha256 = "0pjjkw0633l8qbvwzy57rx76zjn3w3kf5f7plxnpxih9zj0q258l";
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue