Merge pull request #81 from fsr/initrd-ssh

quitte: enable ssh in initrd
This commit is contained in:
Rouven Seifert 2024-01-29 16:11:00 +01:00 committed by GitHub
commit ccd6290fb7
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 20 additions and 0 deletions

View file

@ -84,6 +84,7 @@
./modules/manual.nix ./modules/manual.nix
./modules/sharepic.nix ./modules/sharepic.nix
./modules/zammad.nix ./modules/zammad.nix
./modules/initrd-ssh.nix
{ {
nixpkgs.overlays = [ self.overlays.default ]; nixpkgs.overlays = [ self.overlays.default ];
sops.defaultSopsFile = ./secrets/quitte.yaml; sops.defaultSopsFile = ./secrets/quitte.yaml;

19
modules/initrd-ssh.nix Normal file
View file

@ -0,0 +1,19 @@
# Find the required kernel module for the network adapter using `lspci -v` and add it to `boot.initrd.availableKernelModules`.
# Enable `networking.useDHCP` or set a static ip using the `ip=` kernel parameter.
# Generate another SSH host key for the machine:
# $ ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key_initrd -C HOSTNAME-initrd
# Add the public key to your known_hosts and create an ssh config entry.
{ ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 222;
shell = "/bin/cryptsetup-askpass";
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ];
# authorizedKeys option inherits root's authorizedKeys.keys, but not keyFiles
};
};
}