From f666c217906382bd63dddc83f7f822c1798c3df7 Mon Sep 17 00:00:00 2001 From: System administrator Date: Sat, 22 Aug 2015 23:28:41 +0000 Subject: add pornocauster systems --- makefu/1systems/pornocauster.nix | 43 ++++++++++++++++++++++++++++++++ makefu/2configs/sda-crypto-root-home.nix | 35 ++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 makefu/1systems/pornocauster.nix create mode 100644 makefu/2configs/sda-crypto-root-home.nix (limited to 'makefu') diff --git a/makefu/1systems/pornocauster.nix b/makefu/1systems/pornocauster.nix new file mode 100644 index 000000000..b8ba9289b --- /dev/null +++ b/makefu/1systems/pornocauster.nix @@ -0,0 +1,43 @@ +# +# +# +{ config, pkgs, ... }: + +{ + imports = + [ # Include the results of the hardware scan. + ../2configs/base.nix + ../2configs/base-gui.nix + ../2configs/tinc-basic-retiolum.nix + #../2configs/sda-crypto-root.nix + ../2configs/sda-crypto-root-home.nix + # hardware specifics are in here + ../2configs/tp-x200.nix + + #../2configs/disable_v6.nix + #../2configs/rad1o.nix + + #../2configs/exim-retiolum.nix + ]; + # not working in vm + krebs.build.host = config.krebs.hosts.pornocauster; + krebs.build.user = config.krebs.users.makefu; + krebs.build.target = "root@localhost"; + + boot.kernelModules = [ "kvm-intel" ]; + + + networking.firewall.allowedTCPPorts = [ + 25 + ]; + + krebs.build.deps = { + nixpkgs = { + #url = https://github.com/NixOS/nixpkgs; + # rev=$(curl https://nixos.org/channels/nixos-unstable/git-revision -L) + url = https://github.com/makefu/nixpkgs; + #rev = "8b8b65da24f13f9317504e8bcba476f9161613fe"; + rev = "f5fe787f778b872c6b2221598501c9310cb83915"; + }; + }; +} diff --git a/makefu/2configs/sda-crypto-root-home.nix b/makefu/2configs/sda-crypto-root-home.nix new file mode 100644 index 000000000..28d140119 --- /dev/null +++ b/makefu/2configs/sda-crypto-root-home.nix @@ -0,0 +1,35 @@ +{ config, lib, pkgs, ... }: + +# sda: bootloader grub2 +# sda1: boot ext4 (label nixboot) +# sda2: cryptoluks -> ext4 +with lib; +{ + boot = { + loader.grub.enable =true; + loader.grub.version =2; + loader.grub.device = "/dev/sda"; + + initrd.luks.devices = [ { name = "main"; device = "/dev/sda2"; allowDiscards=true; }]; + initrd.luks.cryptoModules = ["aes" "sha512" "sha1" "xts" ]; + initrd.availableKernelModules = ["xhci_hcd" "ehci_pci" "ahci" "usb_storage" ]; + }; + fileSystems = { + "/" = { + device = "/dev/mapper/main-root"; + fsType = "ext4"; + options="defaults,discard"; + }; + # TODO: just import sda-crypto-root, add this device + "/home" = { + device = "/dev/mapper/main-home"; + fsType = "ext4"; + options="defaults,discard"; + }; + "/boot" = { + device = "/dev/disk/by-label/nixboot"; + fsType = "ext4"; + options="defaults,discard"; + }; + }; +} -- cgit v1.2.3