felix/nixos
1
0
Fork 0
mirror of https://github.com/Stunkymonkey/nixos.git synced 2025-05-24 09:54:40 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

service/initrd-ssh: init from legacy

Browse source
This commit is contained in:
Felix Buehler 2023-02-15 21:17:09 +01:00
parent 07da2f1b58
commit 460f9b2aa8
5 changed files with 36 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

22
legacy/modules/networkdecrypt.nix
View file

@ -1,22 +0,0 @@
{ pkgs, config, ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
];
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
}

4
machines/newton/configuration.nix
View file

@ -8,7 +8,6 @@
./services.nix ./services.nix
./syncthing.nix ./syncthing.nix
./system.nix ./system.nix
../../legacy/modules/networkdecrypt.nix
]; ];
networking.hostName = "newton"; networking.hostName = "newton";
@ -18,9 +17,6 @@
gnupg.sshKeyPaths = [ ]; gnupg.sshKeyPaths = [ ];
}; };
networking.firewall.allowedTCPPorts = [
];
system = { system = {
stateVersion = "22.11"; stateVersion = "22.11";
autoUpgrade.enable = true; autoUpgrade.enable = true;

3
machines/newton/services.nix
View file

@ -95,6 +95,9 @@ in
ssh-server = { ssh-server = {
enable = true; enable = true;
}; };
initrd-ssh = {
enable = true;
};
# self-hosted recipe manager # self-hosted recipe manager
tandoor-recipes = { tandoor-recipes = {
enable = true; enable = true;

1
modules/services/default.nix
View file

@ -7,6 +7,7 @@
./hedgedoc ./hedgedoc
./homepage ./homepage
./homer ./homer
./initrd-ssh
./jellyfin ./jellyfin
./minecraft-server ./minecraft-server
./mumble-server ./mumble-server

32
modules/services/initrd-ssh/default.nix Normal file
View file

@ -0,0 +1,32 @@
# The Free Software Media System
{ config, lib, pkgs, ... }:
let
cfg = config.my.services.initrd-ssh;
domain = config.networking.domain;
in
{
options.my.services.initrd-ssh = with lib; {
enable = mkEnableOption "Enable initrd-ssh service";
};
config = lib.mkIf cfg.enable {
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
hostKeys = [
"/etc/secrets/initrd/ssh_host_ed25519_key"
];
authorizedKeys = [
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOFx6OLwL9MbkD3mnMsv+xrzZHN/rwCTgVs758SCLG0h felix@thinkman"
];
};
postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
};
};
}