Explicitly enable initrd network, ssh to avoid initrd secrets
This commit is contained in:
parent
943deed7d1
commit
ce85b0839a
|
@ -100,9 +100,6 @@ in
|
|||
useTmpfs = true;
|
||||
tmpfsSize = "80%";
|
||||
};
|
||||
|
||||
# HACK
|
||||
initrd.secrets = lib.mkForce {};
|
||||
};
|
||||
# hardware.raspberry-pi."4" = {
|
||||
# fkms-3d.enable = true;
|
||||
|
|
|
@ -13,7 +13,13 @@
|
|||
};
|
||||
|
||||
boot = {
|
||||
initrd.availableKernelModules = [ "e1000e" ];
|
||||
initrd = {
|
||||
availableKernelModules = [ "e1000e" ];
|
||||
network = {
|
||||
enable = true;
|
||||
ssh.enable = true;
|
||||
};
|
||||
};
|
||||
loader.grub = lib.mkIf (!options?isoImage) {
|
||||
enable = true;
|
||||
device = "/dev/sda";
|
||||
|
|
|
@ -20,9 +20,7 @@
|
|||
# the module can be found in a booted system by running `dmesg | rg "Link"` and looking at the first word after the date
|
||||
availableKernelModules = [ "bridge" "bonding" "8021q" ];
|
||||
network = {
|
||||
enable = true;
|
||||
ssh = {
|
||||
enable = true;
|
||||
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||||
hostKeys = [
|
||||
initrdEd2219Key
|
||||
|
@ -80,7 +78,7 @@
|
|||
# this needs to be unconditional because the keys need to be inplace when activating the feature
|
||||
system.activationScripts.generateInitrdOpensshHostKeys = let
|
||||
sshKeygen = "${config.programs.ssh.package}/bin/ssh-keygen";
|
||||
in ''
|
||||
in lib.mkIf config.boot.initrd.network.enable ''
|
||||
if [[ ! -e ${initrdEd2219Key} || ! -e ${initrdRsaKey} ]]; then
|
||||
echo "Generating initrd OpenSSH hostkeys..."
|
||||
mkdir -m700 -p /etc/ssh/initrd/
|
||||
|
|
Loading…
Reference in New Issue