baremetal: enable initrd ssh by default, fix bootstrapping
This commit is contained in:
parent
2b8571c784
commit
4002f3802a
|
@ -18,8 +18,7 @@
|
||||||
initrd.network = {
|
initrd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ssh = {
|
ssh = {
|
||||||
# TODO: enable now per machine
|
enable = true;
|
||||||
# enable = true;
|
|
||||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
hostKeys = [
|
hostKeys = [
|
||||||
initrdEd2219Key
|
initrdEd2219Key
|
||||||
|
@ -58,9 +57,10 @@
|
||||||
smartd.enable = true;
|
smartd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
# this needs to be unconditional because the keys need to be inplace when activating the feature
|
||||||
system.activationScripts.generateInitrdOpensshHostKeys = let
|
system.activationScripts.generateInitrdOpensshHostKeys = let
|
||||||
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
||||||
in lib.mkIf config.boot.initrd.network.ssh.enable ''
|
in ''
|
||||||
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||||
echo "Generating initrd OpenSSH hostkeys..."
|
echo "Generating initrd OpenSSH hostkeys..."
|
||||||
mkdir -m700 -p /etc/ssh/initrd/
|
mkdir -m700 -p /etc/ssh/initrd/
|
||||||
|
|
Loading…
Reference in New Issue
Block a user