nix/systems/rescue-kexec/default.nix

{ lib
, pkgs
, inputs
, ...
}: {
  imports = [
    ../../os-mods/age
    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"
    # "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
    #  "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"
    # "${inputs.nixos-images}/nix/kexec-installer/module.nix"
  ];

  nix = {
    settings.experimental-features = [ "nix-command" "flakes" ];
    extraOptions = "experimental-features = nix-command flakes";
  };

  services = {
    openssh.settings.PermitRootLogin = lib.mkForce "yes";
    # TODO Add authorized Keys
  };

  boot =
    let
      version = "6.12-rc1";
      # version = "6.12-rc3";
      kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };
      # ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";
      # ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";
      ref = "81f8ef6863d2a40bd67b604d46f9a63b6e708818";
      linux_mainline =
        { buildLinux
        , fetchzip
        , ...
        } @ args:
        buildLinux {
          version = version;
          src = fetchzip {
            # url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";
            # hash = "";
            # url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
            # hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";

            url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";
            hash = "sha256-kwPeZEpwIOPoLIEBQydyJqzHGpLoJdGqvHqkKaq03oU=";
          };
          modDirVersion = lib.versions.pad 3 version;
          kernelPatches = [
            kernelPatches.bridge_stp_helper
            kernelPatches.request_key_helper
          ];
          extraMeta.branch = "master";
        };
      linuxMainlinePkg = pkgs.callPackage linux_mainline { };
      linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);
    in
    {
      kernelPackages = lib.mkForce linuxMainlinePkgs;
      supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];
    };

  users.users.root.openssh.authorizedKeys.keys = [
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"
    "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de"
  ];

  users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos
  users.extraUsers.root.initialPassword = lib.mkForce null;
  users.extraUsers.root.initialHashedPassword = lib.mkForce null;

  systemd = {
    services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
    targets = {
      sleep.enable = false;
      suspend.enable = false;
      hibernate.enable = false;
      hybrid-sleep.enable = false;
    };
  };

  networking = {
    hostName = "rescue-kexec";
  };
}
Reinit after agenix setup 2025-02-24 17:26:11 +01:00			`{ lib`
			`, pkgs`
			`, inputs`
			`, ...`
			`}: {`
			`imports = [`
			`../../os-mods/age`
			`# "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-graphical-plasma5.nix"`
			`# "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"`
			`# "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/channel.nix"`
			`# "${inputs.nixos-images}/nix/kexec-installer/module.nix"`
			`];`

			`nix = {`
			`settings.experimental-features = [ "nix-command" "flakes" ];`
			`extraOptions = "experimental-features = nix-command flakes";`
			`};`

			`services = {`
			`openssh.settings.PermitRootLogin = lib.mkForce "yes";`
			`# TODO Add authorized Keys`
			`};`

			`boot =`
			`let`
			`version = "6.12-rc1";`
			`# version = "6.12-rc3";`
			`kernelPatches = pkgs.callPackage "${inputs.nixpkgs}/pkgs/os-specific/linux/kernel/patches.nix" { };`
			`# ref = "6efbea77b390604a7be7364583e19cd2d6a1291b";`
			`# ref = "bc6d2d10418e1bfdb95b16f5dd4cca42d5dec766";`
			`ref = "81f8ef6863d2a40bd67b604d46f9a63b6e708818";`
			`linux_mainline =`
			`{ buildLinux`
			`, fetchzip`
			`, ...`
			`} @ args:`
			`buildLinux {`
			`version = version;`
			`src = fetchzip {`
			`# url = "https://git.kernel.org/torvalds/t/linux-${ref}.tar.gz";`
			`# hash = "";`
			`# url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";`
			`# hash = "sha256-tq0dXKVtW1R+Yenv7HG4Qqc1P49OzcJgICpoZLkA/K4=";`

			`url = "https://github.com/koverstreet/bcachefs/archive/${ref}.tar.gz";`
			`hash = "sha256-kwPeZEpwIOPoLIEBQydyJqzHGpLoJdGqvHqkKaq03oU=";`
			`};`
			`modDirVersion = lib.versions.pad 3 version;`
			`kernelPatches = [`
			`kernelPatches.bridge_stp_helper`
			`kernelPatches.request_key_helper`
			`];`
			`extraMeta.branch = "master";`
			`};`
			`linuxMainlinePkg = pkgs.callPackage linux_mainline { };`
			`linuxMainlinePkgs = pkgs.recurseIntoAttrs (pkgs.linuxPackagesFor linuxMainlinePkg);`
			`in`
			`{`
			`kernelPackages = lib.mkForce linuxMainlinePkgs;`
			`supportedFilesystems = lib.mkForce [ "bcachefs" "btrfs" "vfat" "f2fs" "xfs" "ntfs" "cifs" ];`
			`};`

			`users.users.root.openssh.authorizedKeys.keys = [`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIO4xz3EgIRiRb/gmnCSq17kHd4MLilf05zYOFZrwOIrA tristand@nixos-fw16"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGDS/4JFRaAPoUaDiwDRbbNoaJqsBzaE+DEdaQH9OezM root@nixos-fw16"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHowJtKj3ohrYjyeWwQ8Lj6UMSPI390SwLRuVIlojcGM tristand@nixos-desk"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDP8ztBIgQsYh7LefSKtuDRYDWNheZWbmIr51T/Np/jc tristand@nixos-pulse"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ/tkVxnPZB+C6sK9A12pUsB38OhXieMNaij6pC3foSH admin@vault81.de"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMuH8L7mQDg86uJME6jndOu4niwLMASuJKpdbJU8Hfet tristan+desktop@vault81.de"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKokTPK/Gm30kqFAd+u5AT0BL7bG/eNt6pmGf40U8j03 arch-h1"`
			`"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKJ6wPntg8+kVLU4M+ykRuBb37SQd1csUtO3ZIStoW+4 root@he2.vault82.de"`
			`];`

			`users.extraUsers.root.hashedPassword = "$y$j9T$6eIwRNXAtlsVCP4x8GrQi1$PDbhjsbOGyIArOYtxtgc6u.w7I.M4iZbfk3pc7a4b93"; # nixos`
			`users.extraUsers.root.initialPassword = lib.mkForce null;`
			`users.extraUsers.root.initialHashedPassword = lib.mkForce null;`

			`systemd = {`
			`services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];`
			`targets = {`
			`sleep.enable = false;`
			`suspend.enable = false;`
			`hibernate.enable = false;`
			`hybrid-sleep.enable = false;`
			`};`
			`};`

			`networking = {`
			`hostName = "rescue-kexec";`
			`};`
			`}`