diff --git a/README.md b/README.md index 7547d60..c6b685e 100644 --- a/README.md +++ b/README.md @@ -9,3 +9,42 @@ From another linux system, create the build script Write your disk password to somewhere, like /tmp/secret.key, then build the image calling the result: `./result --build-memory 8192 --pre-format-files /tmp/secret.key secret.key` + + +## VMC + +VMC has a weird mapping for keys (Qwerty-1 * bepo) +To remap, use the following python script + +```Python +a = "abcdefghijklmnopqrsuvx,.'ABCDEFHIJKLMOPQRSUX" +b = "akxipe,cdtsrq'ljbouv.yghmAKXIPECDTSRQLJBOUVY" +d = dict() +for i in range(len(b)): + d[b[i]] = a[i] + +p = "motdepasse" +pp = ''.join([c for c in p if c in b]) +pc = ''.join([d[c] for c in pp]) +print("Mot de passe:",pp) +print("Mot de passe:",pc) +``` + +## Install with nixos-anywhere + + +```Bash +# Write disk encryption password to secret.key +echo "motdepasse" > secret.key +# Connect to ssh, run kexec to nixos install rom, and format disko +nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases kexec,disko + +# Mount persistence directories that nixos will install stuff into +mkdir -p /mnt/persistence/nix +mkdir -p /mnt/persistence/var/lib/nixos +mount --bind -m -o X-fstrim.notrim /mnt/persistence/nix /mnt/nix +mount --bind -m -o X-fstrim.notrim /mnt/persistence/var/lib/nixos /mnt/var/lib/nixos + +# Run the install phase +nix run github:nix-community/nixos-anywhere -- --flake '.#midori' --target-host root@109.94.170.38 --disk-encryption-keys /tmp/secret.key ./secret.key --phases install +``` diff --git a/hardware/DEDellEPYC2/default.nix b/hardware/DEDellEPYC2/default.nix index a37012b..a551a1e 100644 --- a/hardware/DEDellEPYC2/default.nix +++ b/hardware/DEDellEPYC2/default.nix @@ -9,9 +9,16 @@ boot.kernelPackages = pkgs.linuxPackages_latest; - boot.loader.systemd-boot.enable = true; + boot.loader.grub = { + enable = true; + efiSupport = false; + device = "/dev/vda"; + }; boot.initrd.systemd.enable = true; + # Root can't login, so useless + systemd.enableEmergencyMode = false; + # This option defines the first version of NixOS you have installed on this particular machine, # and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions. # diff --git a/hardware/DEDellEPYC2/filesystems.nix b/hardware/DEDellEPYC2/filesystems.nix index 653ed16..7072c50 100644 --- a/hardware/DEDellEPYC2/filesystems.nix +++ b/hardware/DEDellEPYC2/filesystems.nix @@ -6,31 +6,29 @@ disk = { main = { type = "disk"; - device = "/dev/disk/by-path/pci-0000:00:04.0"; + device = "/dev/vda"; content = { - type = "gpt"; - partitions = { - esp = { - size = "512M"; - type = "ef00"; + type = "table"; + format = "msdos"; + partitions = [ + { + name = "ESP"; + start = "1M"; + end = "500M"; + bootable = true; content = { type = "filesystem"; format = "vfat"; mountpoint = "/boot"; - mountOptions = [ - # Do not set the executable bit on files and prevent access from - # non-root users. - "dmask=0077" - "fmask=0177" - - "noatime" - ]; + mountOptions = [ "umask=0077" ]; }; - }; - persistence-encrypted = { - start = "513M"; - size = "100%"; - # type = "8309"; + } + { + name = "Midori-disk"; + start = "500M"; + end = "100%"; + part-type = "primary"; + bootable = true; content = { type = "luks"; name = "persistence"; @@ -59,8 +57,8 @@ }; }; - }; - }; + } + ]; }; }; }; diff --git a/profiles/persistence.nix b/profiles/persistence.nix index 25b87e7..8a76c32 100644 --- a/profiles/persistence.nix +++ b/profiles/persistence.nix @@ -12,6 +12,9 @@ # This is for instance where timers activation times are stored, hence # why it is desirable for this directory to be persistent. "/var/lib/systemd" + + # We want this to be preserved accross reboots, to debug crash cause + "/var/log/journal" ]; files = [