2021-09-25 15:17:07 +02:00
|
|
|
{ config, lib, pkgs, ... }:
|
2019-10-24 02:20:38 +02:00
|
|
|
with lib;
|
|
|
|
let
|
|
|
|
|
|
|
|
computers = {
|
2021-11-01 09:20:42 +01:00
|
|
|
#workhorse = {
|
|
|
|
# onionId = fileContents ../../private_assets/onion_id_workhorse;
|
|
|
|
# publicKey =
|
|
|
|
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
|
|
|
|
#};
|
|
|
|
#porani = {
|
|
|
|
# onionId = fileContents ../../private_assets/onion_id_porani;
|
|
|
|
# publicKey =
|
|
|
|
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
|
|
|
|
#};
|
2019-10-24 02:20:38 +02:00
|
|
|
};
|
|
|
|
|
2021-11-01 09:20:42 +01:00
|
|
|
in
|
|
|
|
{
|
|
|
|
|
|
|
|
services.openssh.knownHosts = mapAttrs'
|
|
|
|
(name:
|
|
|
|
{ onionId, publicKey, ... }: {
|
|
|
|
name = "${name}-init-ssh";
|
|
|
|
value = {
|
|
|
|
hostNames = [ onionId ];
|
|
|
|
inherit publicKey;
|
|
|
|
};
|
|
|
|
})
|
|
|
|
computers;
|
|
|
|
|
|
|
|
environment.systemPackages =
|
|
|
|
let
|
|
|
|
|
|
|
|
ssh = mapAttrsToList
|
|
|
|
(name:
|
|
|
|
{ onionId, ... }:
|
|
|
|
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
|
|
|
|
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
|
|
|
|
'')
|
|
|
|
computers;
|
|
|
|
|
|
|
|
password = mapAttrsToList
|
|
|
|
(name:
|
|
|
|
{ onionId, ... }:
|
|
|
|
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
|
|
|
|
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
|
|
|
|
echo -n "enter password : "
|
|
|
|
read password
|
|
|
|
echo "$password" > /crypt-ramfs/passphrase
|
|
|
|
'
|
|
|
|
'')
|
|
|
|
computers;
|
|
|
|
|
|
|
|
in
|
|
|
|
ssh ++ password;
|
2019-10-24 02:20:38 +02:00
|
|
|
|
|
|
|
}
|