diff options
-rwxr-xr-x | deploy_nixos | 1 | ||||
-rw-r--r-- | nix/remote-unlock.nix | 45 |
2 files changed, 0 insertions, 46 deletions
diff --git a/deploy_nixos b/deploy_nixos index b716993..c6cc89b 100755 --- a/deploy_nixos +++ b/deploy_nixos @@ -2,7 +2,6 @@ copy nix/configuration.nix /etc/nixos/configuration.nix copy nix/deuxfleurs.nix /etc/nixos/deuxfleurs.nix -copy nix/remote-unlock.nix /etc/nixos/remote-unlock.nix copy cluster/$CLUSTER/cluster.nix /etc/nixos/cluster.nix copy cluster/$CLUSTER/node/$NIXHOST.nix /etc/nixos/node.nix copy cluster/$CLUSTER/node/$NIXHOST.site.nix /etc/nixos/site.nix diff --git a/nix/remote-unlock.nix b/nix/remote-unlock.nix deleted file mode 100644 index 3c3e4c8..0000000 --- a/nix/remote-unlock.nix +++ /dev/null @@ -1,45 +0,0 @@ -{ config, pkgs, ... }: - - -let - cfg = config.deuxfleurs.remoteUnlock; -in - with builtins; - with pkgs.lib; -{ - options.deuxfleurs.remoteUnlock = { - networkInterface = mkOption { - description = "Network interface to configure with static IP"; - type = types.str; - }; - staticIP = mkOption { - description = "IP address (with prefix length) of this node on the local network interface"; - type = types.str; - }; - defaultGateway = mkOption { - description = "IP address of default gateway"; - type = types.str; - }; - }; - - config = { - boot.initrd.availableKernelModules = [ "pps_core" "ptp" "e1000e" ]; - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - port = 222; - authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.adminAccounts); - hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ]; - }; - boot.initrd.network.postCommands = '' - ip addr add ${cfg.staticIP} dev ${cfg.networkInterface} - ip link set dev ${cfg.networkInterface} up - ip route add default via ${cfg.defaultGateway} dev ${cfg.networkInterface} - ip a - ip route - ping -c 4 ${cfg.defaultGateway} - echo 'echo run cryptsetup-askpass to unlock drives' >> /root/.profile - ''; - }; -} - |