From 4002f3802a751aaad24d6f49f797d86795b3b48f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Sandro=20J=C3=A4ckel?= <sandro.jaeckel@gmail.com>
Date: Sun, 7 Jan 2024 03:41:31 +0100
Subject: [PATCH] baremetal: enable initrd ssh by default, fix bootstrapping

---
 modules/baremetal.nix | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/modules/baremetal.nix b/modules/baremetal.nix
index 98557bc3..ccf950b5 100644
--- a/modules/baremetal.nix
+++ b/modules/baremetal.nix
@@ -18,8 +18,7 @@
       initrd.network = {
         enable = true;
         ssh = {
-          # TODO: enable now per machine
-          # enable = true;
+          enable = true;
           authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
           hostKeys = [
             initrdEd2219Key
@@ -58,9 +57,10 @@
       smartd.enable = true;
     };
 
+    # this needs to be unconditional because the keys need to be inplace when activating the feature
     system.activationScripts.generateInitrdOpensshHostKeys = let
       sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
-    in lib.mkIf config.boot.initrd.network.ssh.enable ''
+    in ''
       if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
         echo "Generating initrd OpenSSH hostkeys..."
         mkdir -m700 -p /etc/ssh/initrd/