nixos-config/nixos/system/all/sshd-known-hosts-bootup.nix

59 lines
1.5 KiB
Nix
Raw Normal View History

{ config, lib, pkgs, ... }:
2019-10-24 02:20:38 +02:00
with lib;
let
computers = {
2021-11-01 09:20:42 +01:00
#workhorse = {
# onionId = fileContents ../../private_assets/onion_id_workhorse;
# publicKey =
# "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII/I4JBA1HHTH2xsrEM7xtxkhRDE42lZcBrdBvN46WTx";
#};
#porani = {
# onionId = fileContents ../../private_assets/onion_id_porani;
# publicKey =
# "ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGFaTRGqMd/rKpyMUP6wVbgiWFOUvUV2qS/B5Xe02UUch/wxR4fTCY+vnzku5K0V/qqJpjYLgHotwZFqO/8lFu4=";
#};
2019-10-24 02:20:38 +02:00
};
2021-11-01 09:20:42 +01:00
in
{
services.openssh.knownHosts = mapAttrs'
(name:
{ onionId, publicKey, ... }: {
name = "${name}-init-ssh";
value = {
hostNames = [ onionId ];
inherit publicKey;
};
})
computers;
environment.systemPackages =
let
ssh = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "ssh-boot-to-${name}" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23
'')
computers;
password = mapAttrsToList
(name:
{ onionId, ... }:
pkgs.writers.writeDashBin "unlock-boot-${name}" ''
${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 23 '
echo -n "enter password : "
read password
echo "$password" > /crypt-ramfs/passphrase
'
'')
computers;
in
ssh ++ password;
2019-10-24 02:20:38 +02:00
}