baremetal: generate initrd host keys if they don't exist and are required
This commit is contained in:
parent
124e74c48a
commit
45d251666e
|
@ -3,15 +3,19 @@
|
||||||
{
|
{
|
||||||
options.c3d2.baremetal = lib.mkEnableOption "baremetal";
|
options.c3d2.baremetal = lib.mkEnableOption "baremetal";
|
||||||
|
|
||||||
config = lib.mkIf config.c3d2.baremetal {
|
config = let
|
||||||
|
initrdEd2219Key = "/etc/ssh/initrd/ssh_host_ed25519_key";
|
||||||
|
initrdRsaKey = "/etc/ssh/initrd/ssh_host_rsa_key";
|
||||||
|
in lib.mkIf config.c3d2.baremetal {
|
||||||
boot.initrd.network = {
|
boot.initrd.network = {
|
||||||
enable = true;
|
enable = true;
|
||||||
ssh = {
|
ssh = {
|
||||||
enable = true;
|
# TODO: enable now per machine
|
||||||
|
# enable = true;
|
||||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
hostKeys = [
|
hostKeys = [
|
||||||
"/etc/ssh/initrd/ssh_host_ed25519_key"
|
initrdEd2219Key
|
||||||
"/etc/ssh/initrd/ssh_host_rsa_key"
|
initrdRsaKey
|
||||||
];
|
];
|
||||||
port = 4748;
|
port = 4748;
|
||||||
};
|
};
|
||||||
|
@ -37,5 +41,14 @@
|
||||||
fstrim.enable = true;
|
fstrim.enable = true;
|
||||||
smartd.enable = true;
|
smartd.enable = true;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
system.activationScripts.generateInitrdOpensshHostKeys = lib.mkIf config.boot.initrd.network.ssh.enable ''
|
||||||
|
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||||
|
echo "Generating initrd OpenSSH hostkeys..."
|
||||||
|
mkdir -m700 -p /etc/ssh/initrd/
|
||||||
|
${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f ${initrdEd2219Key}
|
||||||
|
${pkgs.openssh}/bin/ssh-keygen -t rsa -N "" -f ${initrdRsaKey}
|
||||||
|
fi
|
||||||
|
'';
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue