2024-08-07 15:51:41 +02:00
{ config , lib , pkgs , factsGenerator , clanLib , . . . }:
with lib ;
with types ;
{
options . components . nixos . boot . ssh = {
enable = lib . mkOption {
type = lib . types . bool ;
default = config . components . nixos . boot . enable ;
} ;
kernelModules = mkOption {
type = listOf str ;
default = [ ] ;
description =
" l s p c i - v w i l l t e l l y o u w h i c h k e r n e l m o d u l e i s u s e d f o r t h e e t h e r n e t i n t e r f a c e " ;
} ;
} ;
config = mkIf ( config . components . nixos . boot . ssh . enable ) {
# root password
2024-08-07 20:33:07 +02:00
#clan.core.facts.services.rootPassword = factsGenerator.password { name = "root"; };
2024-08-07 15:51:41 +02:00
#users.users.root.hashedPasswordFile = config.clan.core.facts.services.rootPassword.secret."password.root.pam".path; # fixme not working for some reason
#users.users.root.initalPassword = "admin";
# ssh host key
clan . core . facts . services . " b o o t . s s h " = factsGenerator . ssh { name = " b o o t " ; } ;
# boot
boot . initrd . systemd . enable = true ;
boot . initrd . systemd . contents . " / e t c / h o s t n a m e " . text = " u n l o c k . ${ config . networking . hostName } " ;
# network
boot . initrd . systemd . network . enable = true ;
boot . initrd . availableKernelModules = config . components . nixos . boot . ssh . kernelModules ;
# ssh
boot . initrd . network . enable = true ;
boot . initrd . network . ssh = {
enable = true ;
authorizedKeys = config . users . users . root . openssh . authorizedKeys . keys ;
port = 2222 ;
hostKeys = [ config . clan . core . facts . services . " b o o t . s s h " . secret . " s s h . b o o t . i d _ e d 2 5 5 1 9 " . path ] ;
} ;
} ;
}
