Unify the initrd ssh config
I don't know if it is a smart idea to use the same key for all initrds but I can't be bothered to create one for each device atm.
This commit is contained in:
parent
ac976cf250
commit
acdbd14d8e
|
@ -22,6 +22,10 @@ in {
|
|||
unstable.tagger
|
||||
az-media
|
||||
];
|
||||
shellAliases = {
|
||||
unlock-luks =
|
||||
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
|
|
|
@ -1,12 +1,18 @@
|
|||
{ inputs, pkgs, ... }: {
|
||||
imports = [ "${inputs.self}/home-manager/modules" ];
|
||||
|
||||
home.packages = with pkgs; [
|
||||
docker-compose
|
||||
exercism
|
||||
nodePackages.prettier # formatting files
|
||||
xclip
|
||||
];
|
||||
home = {
|
||||
packages = with pkgs; [
|
||||
docker-compose
|
||||
exercism
|
||||
nodePackages.prettier # formatting files
|
||||
xclip
|
||||
];
|
||||
shellAliases = {
|
||||
unlock-luks =
|
||||
"ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o User=root";
|
||||
};
|
||||
};
|
||||
|
||||
programs = {
|
||||
az-emacs.enable = true;
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
./hardware/nvidia
|
||||
./hardware/raspi4
|
||||
./misc/common
|
||||
./misc/initrd-ssh
|
||||
./misc/username
|
||||
./profiles/desktop
|
||||
./programs/distrobox
|
||||
|
|
|
@ -89,20 +89,6 @@ in {
|
|||
device = "/dev/mmcblk1p2";
|
||||
allowDiscards = true; # required for TRIM
|
||||
};
|
||||
initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 22;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
authorizedKeys =
|
||||
config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
|
||||
hostKeys = [
|
||||
"/etc/secrets/initrd/ssh_host_rsa_key"
|
||||
"/etc/secrets/initrd/ssh_host_ed25519_key"
|
||||
];
|
||||
};
|
||||
};
|
||||
loader = { systemd-boot.enable = true; };
|
||||
};
|
||||
boot.extraModulePackages = [ ];
|
||||
|
|
|
@ -16,8 +16,9 @@ in {
|
|||
};
|
||||
|
||||
config = lib.mkIf cfg.enable {
|
||||
boot.kernelParams =
|
||||
[ "ip=${cfg.ip}::10.7.89.1:255.255.255.0:${cfg.hostname}:eth0" ];
|
||||
boot.kernelParams = [
|
||||
"ip=${cfg.ip}::10.7.89.1:255.255.255.0:${cfg.hostname}:eth0" # required for ssh at initrd
|
||||
];
|
||||
hardware.az-raspi4-base.enable = true;
|
||||
networking = {
|
||||
useDHCP = false;
|
||||
|
|
|
@ -18,8 +18,9 @@ in {
|
|||
config = lib.mkIf cfg.enable {
|
||||
hardware.az-raspi4-base.enable = true;
|
||||
|
||||
boot.kernelParams =
|
||||
[ "ip=10.7.89.159::10.7.89.1:255.255.255.0:mobile:enabcm6e4ei0" ];
|
||||
boot.kernelParams = [
|
||||
"ip=10.7.89.159::10.7.89.1:255.255.255.0:mobile:enabcm6e4ei0" # required for ssh at initrd
|
||||
];
|
||||
boot = {
|
||||
kernelModules = [ "libcomposite" ];
|
||||
loader.raspberryPi.firmwareConfig = "dtoverlay=dwc2";
|
||||
|
|
|
@ -0,0 +1,13 @@
|
|||
{ config, inputs, ... }: {
|
||||
boot.initrd.network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
port = 22;
|
||||
shell = "/bin/cryptsetup-askpass";
|
||||
authorizedKeys =
|
||||
config.users.users.${config.az-username}.openssh.authorizedKeys.keys;
|
||||
hostKeys = [ ./ssh_host_rsa_key ./ssh_host_ed25519_key ];
|
||||
};
|
||||
};
|
||||
}
|
|
@ -0,0 +1,7 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||
QyNTUxOQAAACCHLxzMWIM4QVnpjgDkkqaiy7sNSIsOLYxwvrIPFLrWIgAAAJC+S5DyvkuQ
|
||||
8gAAAAtzc2gtZWQyNTUxOQAAACCHLxzMWIM4QVnpjgDkkqaiy7sNSIsOLYxwvrIPFLrWIg
|
||||
AAAEDouhwxa1VdUpzJY9WqQWoW8WjdqX/7AeSxBiyNdTwA6IcvHMxYgzhBWemOAOSSpqLL
|
||||
uw1Iiw4tjHC+sg8UutYiAAAADGFuZHJlYXNAZ3d5bgE=
|
||||
-----END OPENSSH PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIcvHMxYgzhBWemOAOSSpqLLuw1Iiw4tjHC+sg8UutYi andreas@gwyn
|
|
@ -0,0 +1,38 @@
|
|||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEAyL5M0fLnAgKzG0UisiLQ/MR4PHyE1QSZ0WlFuu+y0ITf5IC08hy8
|
||||
Cl7Sj/eUkG/H4ffgpaqOIUmQ2/59R2wYGMV9rULtKDluVrAARTZ7687CU8E4IMOXb1JwAv
|
||||
n8je57f+TOafHnjEvKxO50X6UJ3dBbOD50VNvh7FKHeWdueXi//T3s6aT8k82FRUyHm9UO
|
||||
sL5iJCVs3ikX530AmnVW2/hxSBZ3JSTnxwKIP/De4CzmjGpLcwgqu7EOtpTs2zcKEwqkHl
|
||||
M3bXRAh9PbVBqsnR2LVXDqneTkTSXBTNj/UNlK1Ynex6LaNnGWaEgi//vZEiaZ56e0ksEi
|
||||
O5IMzNxJnjqhRWnrhrbvrxnT4aWxwbcwewF+GEC18CF+MZlajMLh2eD3tJyu/3xdUmNT2P
|
||||
HBapgHYLB84exP1+5SjZY6Z77EANnNRBb7pSQZilyzSJzULrzXDMhCzB2T0m3uqVDM6FV+
|
||||
NN6l1JzScJLUhT0ZCdZBViz/8CbIvzc1O6f0BUGbAAAFiJLRJVaS0SVWAAAAB3NzaC1yc2
|
||||
EAAAGBAMi+TNHy5wICsxtFIrIi0PzEeDx8hNUEmdFpRbrvstCE3+SAtPIcvApe0o/3lJBv
|
||||
x+H34KWqjiFJkNv+fUdsGBjFfa1C7Sg5blawAEU2e+vOwlPBOCDDl29ScAL5/I3ue3/kzm
|
||||
nx54xLysTudF+lCd3QWzg+dFTb4exSh3lnbnl4v/097Omk/JPNhUVMh5vVDrC+YiQlbN4p
|
||||
F+d9AJp1Vtv4cUgWdyUk58cCiD/w3uAs5oxqS3MIKruxDraU7Ns3ChMKpB5TN210QIfT21
|
||||
QarJ0di1Vw6p3k5E0lwUzY/1DZStWJ3sei2jZxlmhIIv/72RImmeentJLBIjuSDMzcSZ46
|
||||
oUVp64a2768Z0+GlscG3MHsBfhhAtfAhfjGZWozC4dng97Scrv98XVJjU9jxwWqYB2CwfO
|
||||
HsT9fuUo2WOme+xADZzUQW+6UkGYpcs0ic1C681wzIQswdk9Jt7qlQzOhVfjTepdSc0nCS
|
||||
1IU9GQnWQVYs//AmyL83NTun9AVBmwAAAAMBAAEAAAGAK1IeA+TWg3GPs1/dF/I5hYLkq7
|
||||
D3fXzrsOx19tyJi0RRiN9ZrTIURmymJhl4vx7QVOyIV1gSKg7VKxSldodWP+pGr+BUi6yx
|
||||
KhX7SPR0E7Rf7XEyKqfrA0QYFhxaq0p+7l+zR9vDa1xj2tHW3VkhYvP265FWy4VUIQrCX6
|
||||
m5ho9PZ1g4y0cmlsLwcr8MOM3myK+dQE2vS9Y0aWlpeuu9neTklXj7p1Fqj2D1hE732gr2
|
||||
ifDabW2iwzR3h2FmJ/ydVs9RgJH000L+gN7y45ShA+cEqfb0vX0MaMhaPLsxl0k84kusK9
|
||||
OigMm1wZLlft8V6nJMxumAcOZYJhc55dyLN+ffSma4Rm0PWVhde7CrZn6JzX07rDBPssJ+
|
||||
Bg37hN589aZ89XsaIUUgqauSHY5DhVW8qXMYrBR/Evsw4femRBwCEMBguK+99xV67cOV5B
|
||||
zUqGvSjyR02qJa5Lkx0WPiRj1eg06op51e1DxiEu6awa80/C5eJrXOerrg/4oILeaZAAAA
|
||||
wQDJpJhUfS2Xk47b7MHfoWWYc7c9UOe+hZWNNnO+rU8ISIQUwAT6NHYOLeW+w9ahu9Ytll
|
||||
VUNqOke/o4isk3ypN5oYlWajtk5IEpZoJWSqDD+wjHa6KuMMVvDouoa2tDuyLNOmgsXQ0E
|
||||
1SQGIsZTF9iqE5FvEpn8rdlP7rjuTl1OUT5ahpmsgn6QcCzxWHFaSHBYX6lQtmQT6/UFmO
|
||||
uEkZisBYaiW68P7HvdODhfdVHHfJW/oxvxWh7ICcm+Fay2Uz8AAADBAPU5y8biDo/K/kyF
|
||||
KTfTleIN2HcnjdSCto3Fy0v75DfXJSNSYZaQDC5WOtQZAXqJc2ucJTUWaJVDBUhpO0sRzF
|
||||
oZb58G42m/2JS2nKI1xynRUVTjbjA/B08o/g5X3V3p7yneCguaZXAb0EieICc4LFeGcjxC
|
||||
Q1mOKCRqFYylXatfSISgjlp0JuruKIBPOjOod5YMSP0QAYxTtFKV5q+OhHVsqO/HATECYP
|
||||
koneBLEGjbNWwYhDQ+J1vfyx1/7Ds7lwAAAMEA0ZAu63r7MYst7MvCOo0OST4imuLO+grY
|
||||
FFOLHdE1ML3eK438A+ETbC63PH3sLq3YEwiGKTakOXbtGfqbcDBgn1sveQ/rJjDIGo4+nS
|
||||
Rz0BDftaNj0GdEGqi77tXxDJB5svjMiUbuxxY66xpxTqJW58jxq5ymshGtIcOOtTvLoonD
|
||||
QmbMBojhdJY82/VnteTfHfBzghSa+SxnhpNmr8lGp5bghDBQs1m+KrMi1hhSlWWTbaFkaz
|
||||
KozLfObM3NirqdAAAADGFuZHJlYXNAZ3d5bgECAwQFBg==
|
||||
-----END OPENSSH PRIVATE KEY-----
|
|
@ -0,0 +1 @@
|
|||
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIvkzR8ucCArMbRSKyItD8xHg8fITVBJnRaUW677LQhN/kgLTyHLwKXtKP95SQb8fh9+Clqo4hSZDb/n1HbBgYxX2tQu0oOW5WsABFNnvrzsJTwTggw5dvUnAC+fyN7nt/5M5p8eeMS8rE7nRfpQnd0Fs4PnRU2+HsUod5Z255eL/9PezppPyTzYVFTIeb1Q6wvmIkJWzeKRfnfQCadVbb+HFIFnclJOfHAog/8N7gLOaMaktzCCq7sQ62lOzbNwoTCqQeUzdtdECH09tUGqydHYtVcOqd5ORNJcFM2P9Q2UrVid7Hoto2cZZoSCL/+9kSJpnnp7SSwSI7kgzM3EmeOqFFaeuGtu+vGdPhpbHBtzB7AX4YQLXwIX4xmVqMwuHZ4Pe0nK7/fF1SY1PY8cFqmAdgsHzh7E/X7lKNljpnvsQA2c1EFvulJBmKXLNInNQuvNcMyELMHZPSbe6pUMzoVX403qXUnNJwktSFPRkJ1kFWLP/wJsi/NzU7p/QFQZs= andreas@gwyn
|
|
@ -17,10 +17,13 @@
|
|||
"usb_storage"
|
||||
"xhci_pci"
|
||||
];
|
||||
|
||||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" "sg" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [ ];
|
||||
boot.kernelParams = [
|
||||
"ip=dhcp" # required for ssh at initrd
|
||||
];
|
||||
|
||||
boot.initrd.luks.devices."cryptlvm" = {
|
||||
allowDiscards = true;
|
||||
|
|
|
@ -10,7 +10,6 @@
|
|||
boot.initrd.kernelModules = [ "dm-snapshot" ];
|
||||
boot.kernelModules = [ "kvm-intel" ];
|
||||
boot.extraModulePackages = [ ];
|
||||
boot.kernelParams = [ "acpi_osi=" ];
|
||||
boot.initrd.luks.devices."cryptlvm" = {
|
||||
allowDiscards = true;
|
||||
device = "/dev/sda2";
|
||||
|
@ -19,6 +18,10 @@
|
|||
allowDiscards = true;
|
||||
device = "/dev/sda3";
|
||||
};
|
||||
boot.kernelParams = [
|
||||
"acpi_osi=" # required for hardware support
|
||||
"ip=dhcp" # required for ssh at initrd
|
||||
];
|
||||
|
||||
boot.loader.efi.efiSysMountPoint = "/boot/efi";
|
||||
|
||||
|
|
Loading…
Reference in New Issue