modules/nixos/common: add initrd ssh #1383
Conversation
modules/nixos/common/security.nix
Outdated
|
|
||
| boot.initrd.network.ssh = { | ||
| enable = true; | ||
| authorizedKeyFiles = pkgs.lib.filesystem.listFilesRecursive "${toString inputs.self}/users/keys"; |
There was a problem hiding this comment.
Since we use systemd in the initrd, I believe we need to also configure networkd here:
boot.initrd.systemd.network.networks."10-uplink" = config.systemd.network.networks."10-uplink";
There was a problem hiding this comment.
I forgot that we'll need to set host keys for initrd as well.
There was a problem hiding this comment.
I'll merge emergency access for now and I'll do ssh later. #1401
There was a problem hiding this comment.
I believe we need to also configure networkd here
Looks like this is configured by default?
zowoq
changed the title
zowoq
changed the title
| }; | ||
|
|
||
| system.activationScripts.initrd-ssh-host-key = '' | ||
| [[ -f ${initrd_host_key} ]] || ${config.programs.ssh.package}/bin/ssh-keygen -q -t ed25519 -N "" -f ${initrd_host_key} |
There was a problem hiding this comment.
That will fail on the first deployment, but than work on the second one. So probably fine?
There was a problem hiding this comment.
That will fail on the first deployment
Could you explain please?
There was a problem hiding this comment.
activation phase is run after the boot loader is installed in nixos-rebuild. So on the first deployment this will fail.
No description provided.