This commit is contained in:
iFargle 2023-11-26 20:29:58 +09:00
parent b45f7cb8d3
commit d8885734fc
4 changed files with 31 additions and 22 deletions

View file

@ -11,6 +11,16 @@
supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
mandatoryFeatures = [ ];
}
# {
# hostName = "framework-server"; # Only availalbe on the Headscale network
# sshUser = "albert";
# protocol = "ssh-ng";
# maxJobs = 16;
# speedFactor = 2;
# systems = [ "x86_64-linux" "aarch64-linux" ];
# supportedFeatures = [ "nixos-test" "benchmark" "big-parallel" "kvm" ];
# mandatoryFeatures = [ ];
# }
];
nix.extraOptions = ''builders-use-substitutes = true'';
}

View file

@ -1,6 +1,7 @@
{ lib, config, pkgs, ...}: {
imports = [ ./boot.nix ];
# SecureBoot
boot.loader.systemd-boot.enable = lib.mkForce false;
boot.lanzaboote.enable = true;

View file

@ -3,19 +3,7 @@
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
# ssh setup
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
secrets = {
"/etc/ssh/ssh_host_rsa_key" = "/etc/secrets/initrd/ssh_host_rsa_key";
};
systemd.users.root.shell = "/bin/cryptsetup-askpass";
network.enable = true;
availableKernelModules = [ "cdc_ncm" ];
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
config.users.users.root.openssh.authorizedKeys.keys = [
# root@japan-rpi4
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCS7V/UnkVoLKcppV7Ew7VjkG6usGrFaFSSP3pnJE9ZFotErsSwxYiP7zG3giKX4x+xpP0NTf67qanDAHF3gBO9OeBSxQaUYN+Vuw6nThF7zqiyCRdd0ek/5RBvhrPlcH8h5VSk0UzVCsX18StrrYGjg5qvDf89Zfa3eikWFU162jTdUERK6nw/RzURZWTjrwN8JMePUF50FG5iyvAwL+yQf5U9Xu4TelK3i1k1yscOiWmKW5MBIqE6VN4JL1fCnE3k8tJENXhmp0gnGY+H1tvd+iJkqYbXoujAyXNTrKULf/OknjVg6DlsxJ190OgpeLw6JBw6wvbXIvTQ0B5VX+Sv+CH3vmuHeyt9IpHFti8MIEIoZ9m5xDoGAKKiOzPKjll4yNgPVEHZKOloHpnz2wmXIHV2Qxxg/IWjImtkTgm0S0Io0RIEblJK1Pz9Y/6JqRyK33+wJs8FKUYv9YX4wn8u8out0qdf0H0hH5xRr4Y+1ZoJO1DLM55kf1e+kGpOsG8= root@japan-rpi4"
# Phone
@ -31,6 +19,16 @@
# albert@nixos-framework
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDI7fJtiVPMYN2xJVdr84r1Vrquvo0abJQKtt1NO/F0umyCRvGBaim33KrgyWi8fFCqV6/26JNXx8TdJ6ekczuolxE6/LGIngJ4KUFrAaU9QDdcC7dkDGGUbsGXBNKcvy1uI2dJPqEA1+VotjwTs00Xa6nl9d5VH3yMo2Qgn3HoZvZKbBj2H+06ZJaFckLp7GT7OoPWOE50VxgH8tUsQOlgt/ZaFx7klI7EJLus7lo8gLsQeZPJVT9DXFDUJwwbUeUA/BwnRVPMTF1YrhKat/mvl7iApjNYojxClcEArj2e/hqV7EQrDv8wuW7ocb1HW/r2RLtytP27wJNc9RkrFL4mhvsRbFX2XmhbCoyCS4a1fZyxBqSS7jPbG8IBiAaMi9R45b1Jg4zE+960BKKpcrKJoU5+JHX23XJM4+1Mz9aCL2elSed5KeQDjCGdiYRL7NaqXzVK1qjgPbNsdEoL2VYuz8lT1yAtAEh7O+zFf/Argj5qaTlcRfSvKSYT3/rIj75MBLu3XKrcxBAl+2GE0WW8Wsk04XPiyR3dvAhpbLlkpQFCzsJvkAAwJr6Nh3ihY9bwBgLX8zY8ry+gkSMEsa5coazINkvJLtlLWOGt3Z5wkRIWXIrWDpGyLQCOKgUekUVIvYqJDYYuYMk/DJUJQ2OOtZMSHjXd/ajAGfRRU6hQoYopJIAPVBsZNAmQkVz1ijqX9L/B3LkPUTB3q4rxveTFFxdwFIv/QZp3Q258Sl/zfki1QPH+11Eezr2mmMLMc/AzPBONRb3T7/fv8aLXWBoI20az0lb+xCJFBkH4iVKWxAdpBD2Ou/Bc8QiEtPD5g59/bVkWnLcx03TrSL1UChcV7BIlBO0/CEcul9DZEPFaZvyAuSypIT7+Te1DSUqPugtFPdx9vnlXcar5JUfsTTgiJkHxWhidpxv36CBiwnCeAEhUhF/O2je8HCg9vkn9/WLu05X8xBFtQto5mH0SR/wAlz6iUEjQ4JvZMOsQnKnQxGRimmsAU2vM4YwO8u3xnJzs1ClJaWwkOwoHR9voBoY1Atzr/LI7o4R1mAw+HX7FtOqSnbeiD5Zv7OTNcP1RFp5rCCHoryp6WA4biVKZc7hrwDNb8jsym67Ji7Xy0VebZ9+/KOEcZMqgW94zqBlLPjL8VjwPRMdcq0yynho0TME84ODlY4Qfj6bIGcaQ+DEIVirwiomHKlWwX9kG/p4d1NByr4gM1kQ2UFGIgiXFcd56cf5mxR+0y9MhX4Wt2TRqqiwo5lEJz+ftikm3eFvCI5R9/nyVe5PPNz/UIuHjeiQ25b+eU1rt/jxQskqZsqUc8yBvfj67yIp+w3m1LHUfzXTjcPbJaNU68TgH1dComy8P albert@nixos-framework"
];
# ssh setup
boot.kernelParams = [ "ip=192.168.1.2" ];
boot.initrd = {
availableKernelModules = [ "cdc_ncm" ];
systemd.users.root.shell = "/bin/cryptsetup-askpass";
network.enable = true;
network.ssh = {
enable = true;
port = 22;
hostKeys = [
# Generate new keys with:
# sudo mkdir -p /etc/secrets/initrd/