Explicitly enable initrd network, ssh to avoid initrd secrets
This commit is contained in:
parent
943deed7d1
commit
ce85b0839a
|
@ -100,9 +100,6 @@ in
|
||||||
useTmpfs = true;
|
useTmpfs = true;
|
||||||
tmpfsSize = "80%";
|
tmpfsSize = "80%";
|
||||||
};
|
};
|
||||||
|
|
||||||
# HACK
|
|
||||||
initrd.secrets = lib.mkForce {};
|
|
||||||
};
|
};
|
||||||
# hardware.raspberry-pi."4" = {
|
# hardware.raspberry-pi."4" = {
|
||||||
# fkms-3d.enable = true;
|
# fkms-3d.enable = true;
|
||||||
|
|
|
@ -13,7 +13,13 @@
|
||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.availableKernelModules = [ "e1000e" ];
|
initrd = {
|
||||||
|
availableKernelModules = [ "e1000e" ];
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
ssh.enable = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
loader.grub = lib.mkIf (!options?isoImage) {
|
loader.grub = lib.mkIf (!options?isoImage) {
|
||||||
enable = true;
|
enable = true;
|
||||||
device = "/dev/sda";
|
device = "/dev/sda";
|
||||||
|
|
|
@ -20,9 +20,7 @@
|
||||||
# the module can be found in a booted system by running `dmesg | rg "Link"` and looking at the first word after the date
|
# the module can be found in a booted system by running `dmesg | rg "Link"` and looking at the first word after the date
|
||||||
availableKernelModules = [ "bridge" "bonding" "8021q" ];
|
availableKernelModules = [ "bridge" "bonding" "8021q" ];
|
||||||
network = {
|
network = {
|
||||||
enable = true;
|
|
||||||
ssh = {
|
ssh = {
|
||||||
enable = true;
|
|
||||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||||
hostKeys = [
|
hostKeys = [
|
||||||
initrdEd2219Key
|
initrdEd2219Key
|
||||||
|
@ -80,7 +78,7 @@
|
||||||
# this needs to be unconditional because the keys need to be inplace when activating the feature
|
# this needs to be unconditional because the keys need to be inplace when activating the feature
|
||||||
system.activationScripts.generateInitrdOpensshHostKeys = let
|
system.activationScripts.generateInitrdOpensshHostKeys = let
|
||||||
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
||||||
in ''
|
in lib.mkIf config.boot.initrd.network.enable ''
|
||||||
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||||
echo "Generating initrd OpenSSH hostkeys..."
|
echo "Generating initrd OpenSSH hostkeys..."
|
||||||
mkdir -m700 -p /etc/ssh/initrd/
|
mkdir -m700 -p /etc/ssh/initrd/
|
||||||
|
|
Loading…
Reference in New Issue