chn/nixos
1
0
Fork 0
mirror of https://github.com/CHN-beta/nixos.git synced 2026-01-12 04:39:23 +08:00
Code Issues Packages Projects Releases Wiki Activity

暂存

Browse Source
This commit is contained in:
陈浩南
2023-08-01 22:40:09 +08:00
parent f3694fb421
commit af1a9c5a0a
4 changed files with 37 additions and 41 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
flake.nix
View File

@@ -296,7 +296,11 @@
"/dev/mapper/root" = { "/nix" = "/nix"; "/nix/rootfs/current" = "/"; };
};
};
decrypt.manual = { enable = true; devices = [ "/dev/mapper/root" ]; };
decrypt.manual =
{
enable = true;
devices = { "/dev/disk/by-uuid/cc0c27bb-15b3-4932-98a9-583b426002be" = "root"; };
};
rollingRootfs = { device = "/dev/mapper/root"; path = "/nix/rootfs"; };
};
packages =

26
modules/boot/default.nix
View File

@@ -9,7 +9,11 @@ inputs:
installDevice = mkOption { type = types.str; }; # "efi" using efi, or dev path like "/dev/sda" using bios
};
network.enable = mkOption { type = types.bool; default = false; };
sshd.enable = mkOption { type = types.bool; default = false; };
sshd =
{
enable = mkOption { type = types.bool; default = false; };
hostKeys = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
};
};
config =
let
@@ -57,25 +61,13 @@ inputs:
)
# network
(
mkIf inputs.config.nixos.boot.network.enable
{
boot =
{
initrd.network.enable = true;
kernelParams = [ "ip=dhcp" ];
};
}
mkIf boot.network.enable
{ boot = { initrd.network.enable = true; kernelParams = [ "ip=dhcp" ]; }; }
)
# sshd
(
mkIf inputs.config.nixos.boot.sshd.enable
{
boot.initrd.network.ssh =
{
enable = true;
hostKeys = [ "/etc/ssh/initrd_ssh_host_ed25519_key" ];
};
}
mkIf boot.sshd.enable
{ boot.initrd.network.ssh = { enable = true; hostKeys = boot.sshd.hostKeys; };}
)
];
}

36
modules/fileSystems/default.nix
View File

@@ -27,7 +27,7 @@ inputs:
manual =
{
enable = mkOption { type = types.bool; default = false; };
devices = mkOption { type = types.listOf types.nonEmptyStr; default = []; };
devices = mkOption { type = types.attrsOf types.nonEmptyStr; default = {}; };
};
};
mdadm = mkOption { type = types.nullOr types.str; default = null; };
@@ -140,22 +140,30 @@ inputs:
{
cryptsetup = "${inputs.pkgs.cryptsetup.bin}/bin/cryptsetup";
usbip = "${inputs.config.boot.kernelPackages.usbip}/bin/usbip";
decrypt = inputs.pkgs.writeShellScript "decrypt" (stripeTabs
"
modprobe vhci-hcd
busid=$(usbip list -r 127.0.0.1 | head -n4 | tail -n1 | awk '{print $1}' | sed 's/://')
usbip attach -r 127.0.0.1 -b $busid
${concatStringsSep "; " (map (device: "systemd-cryptsetup attach ${device.value} ${device.name}")
(attrsToList fileSystems.decrypt.manual.devices))}
");
};
services.wait-manual-decrypt =
{
wantedBy = [ "cryptsetup.target" ];
before = [ "cryptsetup-pre.target" "initrd-root-device.target" "local-fs-pre.target" ];
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
script = concatStringsSep "\n" (map
(device: "while [ ! -e ${device} ]; do sleep 1; done")
fileSystems.decrypt.manual.devices);
};
# services.wait-manual-decrypt =
# {
# wantedBy = [ "initrd-root-fs.target" ];
# before = [ "cryptsetup-pre.target" "initrd-root-device.target" "local-fs-pre.target" ];
# unitConfig.DefaultDependencies = false;
# serviceConfig.Type = "oneshot";
# script = concatStringsSep "\n" (map
# (device: "while [ ! -e ${device} ]; do sleep 1; done")
# fileSystems.decrypt.manual.devices);
# };
};
};
# fileSystems = listToAttrs (map
# (device: { name = device; value.options = [ "x-systemd.mount-timeout=1h" ]; })
# fileSystems.decrypt.manual.devices);
fileSystems = listToAttrs (map
(device: { name = device; value.options = [ "x-systemd.device-timeout=10min" ]; })
fileSystems.decrypt.manual.devices);
}
)
# mdadm

10
modules/services/default.nix
View File

@@ -75,15 +75,7 @@ inputs:
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_rsa_key"
]
++ (
if inputs.config.boot.initrd.network.ssh.enable then
[
"/etc/ssh/initrd_ssh_host_ed25519_key.pub"
"/etc/ssh/initrd_ssh_host_ed25519_key"
]
else []
);
];
};
}
)