diff --git a/kyra/boot/initrd.nix b/kyra/boot/initrd.nix new file mode 100644 index 0000000..1d213f0 --- /dev/null +++ b/kyra/boot/initrd.nix @@ -0,0 +1,228 @@ +{ + lib, + name, + pkgs, + ... +}: { + boot = { + initrd = { + availableKernelModules = [ + "virtio_rng" + "virtio_pci" + "virtio_net" + "virtio_scsi" + "virtio_blk" + "sd_mod" + "sr_mod" + "dm_crypt" + ]; + + luks = { + mitigateDMAAttacks = true; + cryptoModules = [ + "aesni_intel" + "cryptd" + ]; + }; + + systemd = { + enable = true; + emergencyAccess = false; + + extraBin = { + "pw" = "${lib.getExe' pkgs.systemd "systemd-tty-ask-password-agent"}"; + }; + + network = { + networks = lib.mkMerge [ + ( + lib.mkIf ( + name == "ivy" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + addresses = [ + { + Address = "93.115.203.92/24"; + } + + { + Address = "2001:67c:263c::8fa/64"; + } + ]; + + routes = [ + { + Gateway = "93.115.203.1"; + } + + { + Gateway = "2001:67c:263c::1"; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "mel" + ) + { + "10-eth0" = { + matchConfig = { + Name = "eth0"; + }; + + addresses = [ + { + Address = "45.11.229.245/24"; + } + + { + Address = "2a0e:97c0:3e3:20a::1/64"; + } + ]; + + networkConfig = { + IPv6AcceptRA = false; + }; + + routes = [ + { + Gateway = "45.11.229.1"; + } + + { + Gateway = "fe80::1"; + GatewayOnLink = true; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "yara" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + addresses = [ + { + Address = "138.124.240.75/32"; + } + + { + Address = "2a0d:d940:1a:1500::2/56"; + } + ]; + + networkConfig = { + IPv6AcceptRA = false; + }; + + routes = [ + { + Gateway = "10.0.0.1"; + GatewayOnLink = true; + } + + { + Gateway = "2a0d:d940:1a:1500::1"; + GatewayOnLink = true; + } + ]; + }; + } + ) + + ( + lib.mkIf ( + name == "hazel" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + addresses = [ + { + Address = "90.156.226.152"; + } + + { + Address = "2a03:6f01:1:2::cb1e"; + } + ]; + + routes = [ + { + Gateway = "90.156.226.1"; + } + + { + Gateway = "2a03:6f01:1:2::1"; + GatewayOnLink = true; + } + ]; + + networkConfig = { + IPv6AcceptRA = false; + }; + }; + } + ) + + ( + lib.mkIf ( + name == "lynn" + ) + { + "10-ens3" = { + matchConfig = { + Name = "ens3"; + }; + + addresses = [ + { + Address = "138.124.72.244"; + } + ]; + + routes = [ + { + Gateway = "138.124.72.1"; + } + ]; + }; + } + ) + ]; + }; + }; + + network = { + enable = true; + + ssh = { + enable = true; + port = 27485; + + hostKeys = [ + "/etc/ssh/initrd_ssh_host_ed25519_key" + ]; + }; + }; + }; + }; +}