nixos-config/nixos/components/network/sshd/known-hosts-bootup.nix

{ config, lib, pkgs, private_assets, ... }:
with lib;
let

  computers = {
    pepe = {
      onionId = fileContents "${private_assets}/onion_id_pepe";
      # SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";
    };

  };

in
{

  services.openssh.knownHosts = {
    "robi-init-ssh" = {
      hostNames = [
        "[robi]:2222"
        "[144.76.13.147]:2222"
      ];
      # SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
      publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
    };
  } // (mapAttrs'
    (name:
      { onionId, publicKey, ... }: {
        name = "${name}-init-ssh";
        value = {
          hostNames = [ "[${onionId}]:2222" ];
          inherit publicKey;
        };
      })
    computers);

  environment.systemPackages =
    let

      ssh = mapAttrsToList
        (name:
          { onionId, ... }:
          pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
            ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
          '')
        computers;

      password = mapAttrsToList
        (name:
          { onionId, ... }:
          pkgs.writers.writeDashBin "unlock-boot-${name}" ''
            ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
            echo -n "enter password : "
            read password
            echo "$password" > /crypt-ramfs/passphrase
            '
          '')
        computers;

    in
    ssh ++ password;

}
sterni compiles and works 2022-06-22 23:06:16 +02:00			`{ config, lib, pkgs, private_assets, ... }:`
init 2019-10-24 02:20:38 +02:00			`with lib;`
			`let`

			`computers = {`
fixing init ssh 2022-01-18 20:21:03 +01:00			`pepe = {`
sterni compiles and works 2022-06-22 23:06:16 +02:00			`onionId = fileContents "${private_assets}/onion_id_pepe";`
fixing init ssh 2022-01-18 20:21:03 +01:00			`# SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI`
			`publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";`
			`};`

init 2019-10-24 02:20:38 +02:00			`};`

workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`in`
			`{`

fixing init ssh 2022-01-18 20:21:03 +01:00			`services.openssh.knownHosts = {`
			`"robi-init-ssh" = {`
			`hostNames = [`
			`"[robi]:2222"`
			`"[144.76.13.147]:2222"`
			`];`
			`# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g`
			`publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";`
			`};`
			`} // (mapAttrs'`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`(name:`
			`{ onionId, publicKey, ... }: {`
			`name = "${name}-init-ssh";`
			`value = {`
fixing init ssh 2022-01-18 20:21:03 +01:00			`hostNames = [ "[${onionId}]:2222" ];`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`inherit publicKey;`
			`};`
			`})`
fixing init ssh 2022-01-18 20:21:03 +01:00			`computers);`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00
			`environment.systemPackages =`
			`let`

			`ssh = mapAttrsToList`
			`(name:`
			`{ onionId, ... }:`
			`pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''`
fixing init ssh 2022-01-18 20:21:03 +01:00			`${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`'')`
			`computers;`

			`password = mapAttrsToList`
			`(name:`
			`{ onionId, ... }:`
			`pkgs.writers.writeDashBin "unlock-boot-${name}" ''`
fixing init ssh 2022-01-18 20:21:03 +01:00			`${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '`
workhorse done and nixpkgs-fmt 2021-11-01 09:20:42 +01:00			`echo -n "enter password : "`
			`read password`
			`echo "$password" > /crypt-ramfs/passphrase`
			`'`
			`'')`
			`computers;`

			`in`
			`ssh ++ password;`
init 2019-10-24 02:20:38 +02:00
			`}`