nixos-config/system/all/sshd-known-hosts-bootup.nix

{ lib, pkgs, ... }:
with lib;
let

  computers = {
    workhorse = {
      onionId = fileContents <common_secrets/onion/workhorse>;
      publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB+sHmukNa2TmtBDCqN+LVaYblvHztD/ziK2cbKR8dEHztF0YBS60MHMpbGPOII5NVMUY6Z2OHFBQi9X6PG1YBY=";
    };
    porani = {
      onionId = fileContents <common_secrets/onion/porani>;
      publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
    };
  };

in
{

  services.openssh.knownHosts = mapAttrs' (name: { onionId, publicKey, ... }: {
    name = "${name}-init-ssh";
    value = { hostNames = [ onionId ]; inherit publicKey; };
  }) computers;

  environment.systemPackages =
    let

      ssh = mapAttrsToList (name: { onionId, ... }:
      pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
        ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
      '') computers;

      password = mapAttrsToList (name: { onionId, ... }:
      pkgs.writers.writeDashBin "unlock-boot-${name}" ''
      ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
      echo -n "enter password : "
      read password
      echo "$password" > /crypt-ramfs/passphrase
      '
      '') computers;

    in
    ssh ++ password;


}
init 2019-10-24 02:20:38 +02:00			`{ lib, pkgs, ... }:`
			`with lib;`
			`let`

			`computers = {`
			`workhorse = {`
			`onionId = fileContents <common_secrets/onion/workhorse>;`
			`publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBB+sHmukNa2TmtBDCqN+LVaYblvHztD/ziK2cbKR8dEHztF0YBS60MHMpbGPOII5NVMUY6Z2OHFBQi9X6PG1YBY=";`
			`};`
			`porani = {`
			`onionId = fileContents <common_secrets/onion/porani>;`
			`publicKey = "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";`
			`};`
			`};`

			`in`
			`{`

			`services.openssh.knownHosts = mapAttrs' (name: { onionId, publicKey, ... }: {`
			`name = "${name}-init-ssh";`
			`value = { hostNames = [ onionId ]; inherit publicKey; };`
			`}) computers;`

			`environment.systemPackages =`
			`let`

			`ssh = mapAttrsToList (name: { onionId, ... }:`
			`pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''`
			`${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23`
			`'') computers;`

			`password = mapAttrsToList (name: { onionId, ... }:`
			`pkgs.writers.writeDashBin "unlock-boot-${name}" ''`
			`${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '`
			`echo -n "enter password : "`
			`read password`
			`echo "$password" > /crypt-ramfs/passphrase`
			`'`
			`'') computers;`

			`in`
			`ssh ++ password;`



			`}`