nixos-config/config/hardware/socrates.nix

{ config, lib, pkgs, ... }:

{
  imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];

  config = {

    boot = {
      initrd = {
        luks.devices.socrates-unlocked = {
          device = "/dev/socrates/socrates-locked";
          preLVM = false;
          allowDiscards = true;
        };
        availableKernelModules = [
          "xhci_pci"
          "ehci_pci"
          "ahci"
          "usb_storage"
          "usbhid"
          "sd_mod"
          "r8169"
        ];
        kernelModules = [ "dm-snapshot" ];
        network = {
          enable = true;
          ssh = {
            enable = true;
            port = 22;
            authorizedKeys = [
              "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
              "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
            ];
            hostKeys = [
              "/state/ssh/ssh_host_ed25519_key"
              "/state/ssh/ssh_host_rsa_key"
            ];
          };
        };
      };

      loader = {
        grub = {
          enable = true;
          version = 2;
          device = "/dev/sda";
        };
      };

      kernelModules = [ ];
      extraModulePackages = [ ];
    };

    fileSystems = {
      "/" = {
        device = "socrates-root";
        fsType = "tmpfs";
        options = [ "mode=755" "noexec" ];
      };

      "/boot" = {
        device = "/dev/disk/by-label/socrates-boot";
        fsType = "ext4";
        options = [ "noatime" "nodiratime" "noexec" ];
      };

      "/nix" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];
      };

      "/var/log" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };

      "/state" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };

      "/home" = {
        device = "/dev/disk/by-label/socrates-data";
        fsType = "btrfs";
        options = [ "subvol=@home" "compress=zstd" "noatime" "nodiratime" "noexec" ];
      };
    };

    swapDevices = [{
      device = "/dev/socrates/socrates-swap";
      randomEncryption.enable = true;
    }];

    networking = {
      macvlans = {
        intif0 = {
          interface = "enp1s0";
          mode = "bridge";
        };
      };

      interfaces = {
        enp1s0.useDHCP = false;
        intif0 = {
          macAddress = "02:f2:30:b8:71:42";
        };
      };
    };
  };
}
Added socrates, added multiple deploy keys 2021-09-21 23:56:49 -07:00			`{ config, lib, pkgs, ... }:`

			`{`
			`imports = [ <nixpkgs/nixos/modules/installer/scan/not-detected.nix> ];`

			`config = {`

			`boot = {`
			`initrd = {`
			`luks.devices.socrates-unlocked = {`
			`device = "/dev/socrates/socrates-locked";`
			`preLVM = false;`
			`allowDiscards = true;`
			`};`
			`availableKernelModules = [`
			`"xhci_pci"`
			`"ehci_pci"`
			`"ahci"`
			`"usb_storage"`
			`"usbhid"`
			`"sd_mod"`
			`"r8169"`
			`];`
			`kernelModules = [ "dm-snapshot" ];`
			`network = {`
			`enable = true;`
			`ssh = {`
			`enable = true;`
			`port = 22;`
			`authorizedKeys = [`
			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDPwh522lvafTJYA0X2uFdP7Ws+Um1f8gZsARK1Y5nMzf6ZcWBF1jplTOKUVSOl4isMWni0Tu0TnX4zqCcgocWUVbwIwXSIRYqdiCPvVOH+/Ibc97n1/dYxk5JPMtbrsEw6/gWZxVg0qwe0J3dQWldEMiDY7iWhlrmIr7YL+Y3PUd7DOwp3PbfWfNyzTfE1kXcz5YvTeN+txFhbbXT0oS2R2wtc1vYXFZ/KbNstjqd+i8jszAq3ZkbbwL3aNR0RO4n8+GoIILGw8Ya4eP7D6+mYk608IhAoxpGyMrUch2TC2uvOK3rd/rw1hsTxf4AKjAZbrfd/FJaYru9ZeoLjD4bRGMdVp56F1m7pLvRiWRK62pV2Q/fjx+4KjHUrgyPd601eUIP0ayS/Rfuq8ijLpBJgO5/Y/6mFus/kjZIfRR9dXfLM67IMpyEzEITYrc/R2sedWf+YHxSh6eguAZ/kLzioar1nHLR7Wzgeu0tgWkD78WQGjpXGoefAz3xHeBg3Et0="
			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDGVez4of30f+j0cWKj5kYCKeFjyNsYvG9UbOMxF5hImD2lP5MSbFBv31gFgHjx3yCG4zQRZlpuyU5uWo0qIwe9N84/LcZcB9WrWKZXDmuof7zPFy0J+Hj+LVLDQI/mVXHNwkMhBMHpPrdwA05EYDAYCYklWT4cSByu10pHtST+olF8i+A+UQgUzgNZzdJVeiYZv6MBDTYsJWptGeDUkl2B0Es3gtbGYcCCfnyS3RC7DIXlDo3NBbAr7WaHY2MBbT+R/+jicn9E3IY3NCM5jENxqmvHy9MDsxEEYgFNm7IDwq4V1VRUWy277YsvRbmEaHb+osOA5u1VNN4z3UftOZcSZgR5C/vR71cENXoPt1YQpCzu7i38ojtvL+tDVEKT7sIovrQw8q1sszNlW2nXh8RSPiIq5TMnrV73MP0egKcr9n3tfxwi1BIkLjvfom/02BkTK9R9v+VMNhYU1YwROhORCiMIgoxUGiUvtH8u38JGr7E0hhMoAjCE5k80WPUivl0="
			`];`
			`hostKeys = [`
			`"/state/ssh/ssh_host_ed25519_key"`
			`"/state/ssh/ssh_host_rsa_key"`
			`];`
			`};`
			`};`
			`};`

			`loader = {`
			`grub = {`
			`enable = true;`
			`version = 2;`
			`device = "/dev/sda";`
			`};`
			`};`

			`kernelModules = [ ];`
			`extraModulePackages = [ ];`
			`};`

			`fileSystems = {`
			`"/" = {`
			`device = "socrates-root";`
			`fsType = "tmpfs";`
			`options = [ "mode=755" "noexec" ];`
			`};`

			`"/boot" = {`
			`device = "/dev/disk/by-label/socrates-boot";`
			`fsType = "ext4";`
			`options = [ "noatime" "nodiratime" "noexec" ];`
			`};`

			`"/nix" = {`
			`device = "/dev/disk/by-label/socrates-data";`
			`fsType = "btrfs";`
			`options = [ "subvol=@nix" "compress=zstd" "noatime" "nodiratime" ];`
			`};`

			`"/var/log" = {`
			`device = "/dev/disk/by-label/socrates-data";`
			`fsType = "btrfs";`
			`options = [ "subvol=@log" "compress=zstd" "noatime" "nodiratime" "noexec" ];`
			`};`

			`"/state" = {`
			`device = "/dev/disk/by-label/socrates-data";`
			`fsType = "btrfs";`
			`options = [ "subvol=@state" "compress=zstd" "noatime" "nodiratime" "noexec" ];`
			`};`

			`"/home" = {`
			`device = "/dev/disk/by-label/socrates-data";`
			`fsType = "btrfs";`
			`options = [ "subvol=@home" "compress=zstd" "noatime" "nodiratime" "noexec" ];`
			`};`
			`};`

			`swapDevices = [{`
			`device = "/dev/socrates/socrates-swap";`
			`randomEncryption.enable = true;`
			`}];`

			`networking = {`
			`macvlans = {`
			`intif0 = {`
			`interface = "enp1s0";`
			`mode = "bridge";`
			`};`
			`};`

			`interfaces = {`
			`enp1s0.useDHCP = false;`
			`intif0 = {`
			`macAddress = "02:f2:30:b8:71:42";`
			`};`
			`};`
			`};`
			`};`
			`}`