ctucx.git: nixfiles

ctucx' nixfiles

commit a5ca6747b4b9418bf5f429c8ad265b29211a02bd
parent adfdacfaa71798388c93180c2b915dc39cac55fc
Author: Leah (ctucx) <leah@ctu.cx>
Date: Mon, 13 Jun 2022 00:16:09 +0200

machines/stasicontainer: add luks-unlocking via ssh

1 file changed, 19 insertions(+), 0 deletions(-)
M
machines/stasicontainer/configuration.nix
|
19
+++++++++++++++++++
diff --git a/machines/stasicontainer/configuration.nix b/machines/stasicontainer/configuration.nix
@@ -49,6 +49,25 @@
     ];
 
     initrd.availableKernelModules = [ "i915" ];
+
+    initrd.network = {
+      enable = true;
+      ssh    = {
+        enable         = true;
+        port           = 22;
+        hostKeys       = [ /etc/ssh/ssh_host_rsa_key ];
+        authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
+      };
+
+      postCommands = ''
+        ip link set dev ens3 up
+
+        ip addr add 195.39.246.42/28 dev ens3
+        ip route add default via 195.39.246.41 dev ens3 onlink
+        echo 'cryptsetup-askpass' >> /root/.profile
+      '';
+    };
+
   };
 
   networking = {