diff options
| author | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-21 23:00:43 +0200 |
|---|---|---|
| committer | Quentin Dufour <quentin@deuxfleurs.fr> | 2022-04-21 23:00:43 +0200 |
| commit | a9a665e437a12e8a3231bf537f7f8ef10a9b9cf4 (patch) | |
| tree | 97dd5ceed3c43aac748bdd8c66c06e913862e986 /os/modules/remote-unlock.nix | |
| parent | c430d8eaf1d091ad27e842c0000b77d87d791da6 (diff) | |
| download | nixcfg-a9a665e437a12e8a3231bf537f7f8ef10a9b9cf4.tar.gz nixcfg-a9a665e437a12e8a3231bf537f7f8ef10a9b9cf4.zip | |
Move files againrefactor
Diffstat (limited to 'os/modules/remote-unlock.nix')
| -rw-r--r-- | os/modules/remote-unlock.nix | 26 |
1 files changed, 26 insertions, 0 deletions
diff --git a/os/modules/remote-unlock.nix b/os/modules/remote-unlock.nix new file mode 100644 index 0000000..2975a94 --- /dev/null +++ b/os/modules/remote-unlock.nix @@ -0,0 +1,26 @@ +{ config, pkgs, ... }: + + with builtins; + with pkgs.lib; +{ + config = { + boot.initrd.availableKernelModules = [ "pps_core" "ptp" "e1000e" ]; + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 222; + authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.admin_accounts); + hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ]; + }; + boot.initrd.network.postCommands = '' + ip addr add ${config.deuxfleurs.lan_ip}/${toString config.deuxfleurs.lan_ip_prefix_length} dev ${config.deuxfleurs.network_interface} + ip link set dev ${config.deuxfleurs.network_interface} up + ip route add default via ${config.deuxfleurs.lan_default_gateway} dev ${config.deuxfleurs.network_interface} + ip a + ip route + ping -c 4 ${config.deuxfleurs.lan_default_gateway} + echo 'echo run cryptsetup-askpass to unlock drives' >> /root/.profile + ''; + }; +} + |