fix: enable sudo password - proxmox

ryan4yin · Mar 7, 2024 · c5c8fbf · c5c8fbf
1 parent 13c71b8
commit c5c8fbf
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 29 deletions.
diff --git a/hosts/12kingdoms_rakushun/hardware-configuration.nix b/hosts/12kingdoms_rakushun/hardware-configuration.nix
@@ -9,11 +9,16 @@
     (modulesPath + "/installer/scan/not-detected.nix")
   ];
 
-  # Use the EFI boot loader.
-  boot.loader.efi.canTouchEfiVariables = true;
-  # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
-  boot.loader.efi.efiSysMountPoint = "/boot";
-  boot.loader.systemd-boot.enable = true;
+  boot.loader = {
+    # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
+    efi.efiSysMountPoint = "/boot/";
+    efi.canTouchEfiVariables = true;
+    # do not use systemd-boot here, it has problems when running `nixos-install`
+    grub = {
+      device = "nodev";
+      efiSupport = true;
+    };
+  };
   # clear /tmp on boot to get a stateless /tmp directory.
   boot.tmp.cleanOnBoot = true;
 

diff --git a/hosts/12kingdoms_suzu/default.nix b/hosts/12kingdoms_suzu/default.nix
@@ -18,6 +18,7 @@ in {
     nixos-rk3588.nixosModules.orangepi5plus.core
     disko.nixosModules.default
     ./disko-fs.nix
+    ./hardware-configuration.nix
   ];
 
   networking = {

diff --git a/hosts/12kingdoms_suzu/disko-fs.nix b/hosts/12kingdoms_suzu/disko-fs.nix
@@ -15,7 +15,7 @@
               content = {
                 type = "filesystem";
                 format = "vfat";
-                mountpoint = "/boot/efi";
+                mountpoint = "/boot";
                 mountOptions = [
                   "defaults"
                 ];
@@ -28,7 +28,7 @@
                 type = "luks";
                 name = "crypted";
                 settings = {
-                  keyFile = "/dev/disk/by-label/OPI5P_DSC"; # The keyfile is stored on a USB stick
+                  keyFile = "/dev/disk/by-label/OPI5_DSC"; # The keyfile is stored on a USB stick
                   # The maxium size of the keyfile is 8192 bytes
                   keyFileSize = 512 * 64; # match the `bs * count` of the `dd` command
                   keyFileOffset = 512 * 128; # match the `bs * skip` of the `dd` command
@@ -84,7 +84,7 @@
                     };
                     "@swap" = {
                       mountpoint = "/swap";
-                      swap.swapfile.size = "16384M";
+                      swap.swapfile.size = "8192M";
                     };
                   };
                 };

diff --git a/hosts/12kingdoms_suzu/hardware-configuration.nix b/hosts/12kingdoms_suzu/hardware-configuration.nix
@@ -0,0 +1,39 @@
+{
+  config,
+  lib,
+  pkgs,
+  modulesPath,
+  ...
+}: {
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.loader = {
+    # depending on how you configured your disk mounts, change this to /boot or /boot/efi.
+    efi.efiSysMountPoint = "/boot/";
+    efi.canTouchEfiVariables = true;
+    # do not use systemd-boot here, it has problems when running `nixos-install`
+    grub = {
+      device = "nodev";
+      efiSupport = true;
+    };
+  };
+  # clear /tmp on boot to get a stateless /tmp directory.
+  boot.tmp.cleanOnBoot = true;
+
+  boot.initrd.availableKernelModules = ["nvme" "usbhid" "usb_storage"];
+  boot.initrd.kernelModules = [];
+  boot.kernelModules = [];
+  boot.extraModulePackages = [];
+
+  # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
+  # (the default) this is the recommended approach. When using systemd-networkd it's
+  # still possible to use this option, but it's recommended to use it in conjunction
+  # with explicit per-interface declarations with `networking.interfaces.<interface>.useDHCP`.
+  networking.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enP3p49s0.useDHCP = lib.mkDefault true;
+  # networking.interfaces.enP4p65s0.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "aarch64-linux";
+}
diff --git a/modules/nixos/server/proxmox-hardware-configuration.nix b/modules/nixos/server/proxmox-hardware-configuration.nix
@@ -1,9 +1,4 @@
-{
-  config,
-  lib,
-  username,
-  ...
-}:
+{lib, ...}:
 ##############################################################################
 #
 #  Template for Proxmox's VM, mainly based on:
@@ -13,21 +8,6 @@
 #
 ##############################################################################
 {
-  # DO NOT promote ryan to input password for sudo.
-  # this is a workaround for the issue of remote deploy:
-  #   https://github.com/NixOS/nixpkgs/issues/118655
-  security.sudo.extraRules = [
-    {
-      users = [username];
-      commands = [
-        {
-          command = "ALL";
-          options = ["NOPASSWD"];
-        }
-      ];
-    }
-  ];
-
   boot = {
     # after resize the disk, it will grow partition automatically.
     growPartition = true;