91 lines
2.2 KiB
Nix
91 lines
2.2 KiB
Nix
{ ... }:
|
|
|
|
{
|
|
boot.initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
authorizedKeys = [
|
|
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOv7i4ChPUm+DmELG6uRx0co4quhQ+h7QB4fgcxcC3qx contact@elliehigh.com"
|
|
];
|
|
shell = "/bin/cryptsetup-askpass";
|
|
hostKeys = [ "/etc/initrd-ssh/ssh_host_ed25519_dropbear" ];
|
|
};
|
|
};
|
|
|
|
boot.initrd.preLVMCommands = ''
|
|
iptables -A INPUT -s 192.168.1.0/24 -p tcp --dport 22 -j ACCEPT
|
|
iptables -A INPUT -p tcp --dport 22 -j DROP
|
|
'';
|
|
|
|
fileSystems."/media" = {
|
|
device = "/dev/mapper/crypted";
|
|
fsType = "btrfs";
|
|
options = [
|
|
"subvol=/media"
|
|
"compress=zstd"
|
|
"noatime"
|
|
];
|
|
};
|
|
|
|
disko.devices.disk.main = {
|
|
type = "disk";
|
|
device = "/dev/sda";
|
|
content = {
|
|
"type" = "gpt";
|
|
partitions = {
|
|
ESP = {
|
|
size = "512M";
|
|
type = "EF00";
|
|
content = {
|
|
type = "filesystem";
|
|
format = "vfat";
|
|
mountpoint = "/boot";
|
|
mountOptions = [ "umask=0077" ];
|
|
};
|
|
};
|
|
luks = {
|
|
size = "100%";
|
|
content = {
|
|
type = "luks";
|
|
name = "crypted";
|
|
settings = {
|
|
allowDiscards = true;
|
|
};
|
|
content = {
|
|
type = "btrfs";
|
|
# extraArgs = [ "-f" ];
|
|
subvolumes = {
|
|
"/root" = {
|
|
mountpoint = "/";
|
|
mountOptions = [
|
|
"compress=zstd"
|
|
"noatime"
|
|
];
|
|
};
|
|
"/home" = {
|
|
mountpoint = "/home";
|
|
mountOptions = [
|
|
"compress=zstd"
|
|
"noatime"
|
|
];
|
|
};
|
|
"/jellyfin" = {
|
|
mountpoint = "/jellyfin";
|
|
mountOptions = [
|
|
"compress=zstd"
|
|
"noatime"
|
|
];
|
|
};
|
|
"/swap" = {
|
|
mountpoint = "/.swapvol";
|
|
swap.swapfile.size = "36G";
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
}
|