wurzel/fruitbasket
9
1
Fork 0
Code Issues 5 Pull requests Packages Projects Releases Wiki Activity

quitte: enable ssh in initrd #81

Merged
fugidev merged 1 commit from initrd-ssh into main 2024-01-29 16:11:00 +01:00
Conversation 2 Commits 1 Files changed 2 +20
2 changed files with 20 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
flake.nix
View file

@ -69,6 +69,7 @@
./modules/manual.nix ./modules/manual.nix
./modules/sharepic.nix ./modules/sharepic.nix
./modules/zammad.nix ./modules/zammad.nix
./modules/initrd-ssh.nix
{ {
nixpkgs.overlays = [ self.overlays.default ]; nixpkgs.overlays = [ self.overlays.default ];
sops.defaultSopsFile = ./secrets/quitte.yaml; sops.defaultSopsFile = ./secrets/quitte.yaml;

19
modules/initrd-ssh.nix Normal file
View file

@ -0,0 +1,19 @@
# Find the required kernel module for the network adapter using `lspci -v` and add it to `boot.initrd.availableKernelModules`.
# Enable `networking.useDHCP` or set a static ip using the `ip=` kernel parameter.
# Generate another SSH host key for the machine:
# $ ssh-keygen -t ed25519 -N "" -f /etc/ssh/ssh_host_ed25519_key_initrd -C HOSTNAME-initrd
# Add the public key to your known_hosts and create an ssh config entry.
{ ... }:
{
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 222;
shell = "/bin/cryptsetup-askpass";
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key_initrd" ];
# authorizedKeys option inherits root's authorizedKeys.keys, but not keyFiles
};
};
}