mlaga97
/
mlaga97-nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Encrypted root VM testing

This commit is contained in:
Lauren Lagarde 2025-06-10 21:43:11 -05:00
parent 4befc47285
commit 4ebb7a41ff
6 changed files with 49 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
features/initrd-ssh.nix
View File

@ -1,6 +1,10 @@
# ssh-keygen -t ed25519 -N "" -f ./ssh_host_ed25519_key # ssh-keygen -t ed25519 -N "" -f ./ssh_host_ed25519_key
{ ... }: { { ... }: {
imports = [
./systemd-boot.nix
];
boot.initrd = { boot.initrd = {
systemd = { systemd = {
enable = true; enable = true;

2
features/virtualization/libvirt-guest-uefi.nix
View File

@ -3,4 +3,6 @@
kernelModules = [ "virtio_net" "e1000" ]; kernelModules = [ "virtio_net" "e1000" ];
availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ]; availableKernelModules = [ "ahci" "xhci_pci" "virtio_pci" "sr_mod" "virtio_blk" ];
}; };
boot.zfs.devNodes = "/dev/disk/by-partuuid";
} }

11
flake.nix
View File

@ -171,6 +171,17 @@
./systems/vm-docker-luks.nix ./systems/vm-docker-luks.nix
] ++ inherited_modules; ] ++ inherited_modules;
}; };
vm-docker-zfs-test = nixpkgs.lib.nixosSystem {
system = "x86_64-linux";
modules = [
{
networking.hostName = "vm-docker-zfs-test";
networking.hostId = "459ecfce";
}
./systems/vm-docker-host/vm-docker-host-zfs.nix
] ++ inherited_modules;
};
}; };
packages.aarch64-linux = { packages.aarch64-linux = {

16
systems/vm-docker-host/vm-docker-host-base.nix
View File

@ -1,18 +1,18 @@
{ ... }: { { ... }: {
imports = [ imports = [
# Core Features # Core Features
../features/base.nix ../../features/base.nix
../features/tui-apps.nix ../../features/tui-apps.nix
../features/openssh-server.nix ../../features/openssh-server.nix
# Core Tweaks # Core Tweaks
../tweaks/zram.nix ../../tweaks/zram.nix
../tweaks/enable_flakes.nix ../../tweaks/enable_flakes.nix
../tweaks/disable_nixos_user.nix ../../tweaks/disable_nixos_user.nix
../tweaks/systemd-resolved_nonsense.nix ../../tweaks/systemd-resolved_nonsense.nix
# Lauren Base # Lauren Base
../users/lauren_lagarde/lauren_lagarde.nix ../../users/lauren_lagarde/lauren_lagarde.nix
# Dotspace # Dotspace
../../secrets/dotspace.nix ../../secrets/dotspace.nix

6
systems/vm-docker-host/vm-docker-host-luks.nix
View File

@ -6,7 +6,11 @@
./vm-docker-host-base.nix ./vm-docker-host-base.nix
# UEFI SSH LUKS # UEFI SSH LUKS
../../features/initrd_ssh.nix ../../features/initrd-ssh.nix
../../features/libvirt-uefi-guest.nix ../../features/libvirt-uefi-guest.nix
../../disko/libvirt/uefi-base.nix
../../disko/libvirt/luks-lvm.nix
../../disko/libvirt/lvm-ext4.nix
]; ];
} }

19
systems/vm-docker-host/vm-docker-host-zfs.nix Normal file
View File

@ -0,0 +1,19 @@
# git add *; tar -cavf /Parlor/Lauren/mlaga97-nixos.tar.zst ../mlaga97-nixos
# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nix run 'github:nix-community/disko/latest#disko-install' -- --extra-files ./ssh_host_ed25519_key /root/secrets/initrd/ssh_host_ed25519_key --flake mlaga97-nixos#$TARGET_HOSTNAME --disk vda /dev/vda
# tar -xvf /Parlor/Lauren/mlaga97-nixos.tar.zst; sudo nixos-rebuild switch --flake mlaga97-nixos?submodules=1#$HOSTNAME
{ ... }: {
imports = [
./vm-docker-host-base.nix
# UEFI SSH ZFS
../../tweaks/zfs.nix
../../features/initrd-ssh.nix
../../features/virtualization/libvirt-guest-uefi.nix
../../disko/libvirt/uefi-zfs-base.nix
../../disko/libvirt/zfs-mirror.nix
../../disko/libvirt/zfs-encrypted.nix
];
boot.supportedFilesystems = [ "zfs" ];
}