diff options
| author | Alex <alex@adnab.me> | 2023-05-16 13:19:33 +0000 |
|---|---|---|
| committer | Alex <alex@adnab.me> | 2023-05-16 13:19:33 +0000 |
| commit | aee3a0947112f3eb37f662dd97831954075184fd (patch) | |
| tree | 9c3a8eebb53dd16d500b2e54341a8a9e50af5225 /nix/remote-unlock.nix | |
| parent | 2488ad0ac296732eb7c3c9c3bc28e1e73f5b06bc (diff) | |
| parent | 76b7f86d228ae0bb236050e6381723136de2250e (diff) | |
| download | nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.tar.gz nixcfg-aee3a0947112f3eb37f662dd97831954075184fd.zip | |
Merge pull request 'Simplify network configuration' (#11) from simplify-network-config into main
Reviewed-on: https://git.deuxfleurs.fr/Deuxfleurs/nixcfg/pulls/11
Diffstat (limited to 'nix/remote-unlock.nix')
| -rw-r--r-- | nix/remote-unlock.nix | 29 |
1 files changed, 24 insertions, 5 deletions
diff --git a/nix/remote-unlock.nix b/nix/remote-unlock.nix index 2975a94..3c3e4c8 100644 --- a/nix/remote-unlock.nix +++ b/nix/remote-unlock.nix @@ -1,24 +1,43 @@ { config, pkgs, ... }: + +let + cfg = config.deuxfleurs.remoteUnlock; +in with builtins; with pkgs.lib; { + options.deuxfleurs.remoteUnlock = { + networkInterface = mkOption { + description = "Network interface to configure with static IP"; + type = types.str; + }; + staticIP = mkOption { + description = "IP address (with prefix length) of this node on the local network interface"; + type = types.str; + }; + defaultGateway = mkOption { + description = "IP address of default gateway"; + type = types.str; + }; + }; + config = { boot.initrd.availableKernelModules = [ "pps_core" "ptp" "e1000e" ]; boot.initrd.network.enable = true; boot.initrd.network.ssh = { enable = true; port = 222; - authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.admin_accounts); + authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.adminAccounts); hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ]; }; boot.initrd.network.postCommands = '' - ip addr add ${config.deuxfleurs.lan_ip}/${toString config.deuxfleurs.lan_ip_prefix_length} dev ${config.deuxfleurs.network_interface} - ip link set dev ${config.deuxfleurs.network_interface} up - ip route add default via ${config.deuxfleurs.lan_default_gateway} dev ${config.deuxfleurs.network_interface} + ip addr add ${cfg.staticIP} dev ${cfg.networkInterface} + ip link set dev ${cfg.networkInterface} up + ip route add default via ${cfg.defaultGateway} dev ${cfg.networkInterface} ip a ip route - ping -c 4 ${config.deuxfleurs.lan_default_gateway} + ping -c 4 ${cfg.defaultGateway} echo 'echo run cryptsetup-askpass to unlock drives' >> /root/.profile ''; }; |