nixos-config/components/network/sshd/known-hosts-bootup.nix

86 lines
2.4 KiB
Nix
Raw Normal View History

2022-06-22 23:06:16 +02:00
{ config, lib, pkgs, private_assets, ... }:
2019-10-24 02:20:38 +02:00
with lib;
let
computers = {
2022-01-18 20:21:03 +01:00
pepe = {
2022-06-22 23:06:16 +02:00
onionId = fileContents "${private_assets}/onion_id_pepe";
2022-01-18 20:21:03 +01:00
# SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a";
};
2023-05-01 15:46:51 +02:00
chungus = {
onionId = fileContents "${private_assets}/onion_id_chungus";
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu";
};
2019-10-24 02:20:38 +02:00
};
2021-11-01 09:20:42 +01:00
in
{
2023-05-28 21:24:20 +02:00
config = mkIf (config.components.network.sshd.enable) {
services.openssh.knownHosts = {
"robi-init-ssh" = {
hostNames = [
"[robi]:2222"
"[144.76.13.147]:2222"
];
# SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g
publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ";
};
} // (mapAttrs'
(name:
{ onionId, publicKey, ... }: {
name = "${name}-init-ssh";
value = {
hostNames = [ "[${onionId}]:2222" ];
inherit publicKey;
};
})
computers);
2021-11-01 09:20:42 +01:00
2023-05-28 21:24:20 +02:00
environment.systemPackages =
let
2021-11-01 09:20:42 +01:00
2023-05-28 21:24:20 +02:00
sshTor = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "ssh-boot-to-${name}-via-tor" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222
'')
computers;
2021-11-01 09:20:42 +01:00
2023-05-28 21:24:20 +02:00
passwordTor = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "unlock-boot-${name}-via-tor" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '
echo -n "enter password : "
read password
echo "$password" > /crypt-ramfs/passphrase
'
'')
computers;
2021-11-01 09:20:42 +01:00
2024-03-02 12:57:01 +01:00
unlockInit = mapAttrsToList
(name:
{ public_ip, ... }:
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 '
echo -n "enter password : "
read password
2024-03-03 09:59:17 +01:00
echo "$password" | systemctl default
2024-03-02 12:57:01 +01:00
'
'')
{
orbi = {
public_ip = "95.216.66.212";
};
};
2023-05-28 21:24:20 +02:00
in
2024-03-02 12:57:01 +01:00
sshTor ++ passwordTor ++ unlockInit;
2019-10-24 02:20:38 +02:00
2023-05-28 21:24:20 +02:00
};
2019-10-24 02:20:38 +02:00
}