service/initrd-ssh: init from legacy

2025-05-24 09:54:40 +02:00 · 2023-02-15 21:17:09 +01:00 · 2023-02-15 21:17:09 +01:00 · 460f9b2aa8
commit 460f9b2aa8
parent 07da2f1b58
5 changed files with 36 additions and 26 deletions
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@ -7,6 +7,7 @@
    ./hedgedoc
    ./homepage
    ./homer
+    ./initrd-ssh
    ./jellyfin
    ./minecraft-server
    ./mumble-server
--- a/modules/services/initrd-ssh/default.nix
+++ b/modules/services/initrd-ssh/default.nix
@ -0,0 +1,32 @@
+# The Free Software Media System
+{ config, lib, pkgs, ... }:
+let
+  cfg = config.my.services.initrd-ssh;
+  domain = config.networking.domain;
+in
+{
+  options.my.services.initrd-ssh = with lib; {
+    enable = mkEnableOption "Enable initrd-ssh service";
+  };
+
+  config = lib.mkIf cfg.enable {
+    boot.initrd.network = {
+      enable = true;
+
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          "/etc/secrets/initrd/ssh_host_ed25519_key"
+        ];
+        authorizedKeys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
+        ];
+      };
+
+      postCommands = ''
+        echo 'cryptsetup-askpass' >> /root/.profile
+      '';
+    };
+  };
+}