From e471c24d93787f18306892d1b3e499d19b371265 Mon Sep 17 00:00:00 2001 From: Ingolf Wagner Date: Thu, 8 Aug 2024 17:05:09 +0200 Subject: [PATCH] cleanup --- modules/default.nix | 1 - modules/init-ssh.nix | 105 ------------------------------------------- 2 files changed, 106 deletions(-) delete mode 100644 modules/init-ssh.nix diff --git a/modules/default.nix b/modules/default.nix index 7cbfb82..2ddd115 100644 --- a/modules/default.nix +++ b/modules/default.nix @@ -3,7 +3,6 @@ imports = [ ./browser.nix ./castget.nix - #./init-ssh.nix ./rbackup.nix ./samba-share.nix ./taskwarrior-autotag.nix diff --git a/modules/init-ssh.nix b/modules/init-ssh.nix deleted file mode 100644 index 59b6667..0000000 --- a/modules/init-ssh.nix +++ /dev/null @@ -1,105 +0,0 @@ -{ config, lib, pkgs, ... }: -with lib; -let - cfg = config.configuration.init-ssh; -in -{ - - # todo : this is kinda deprecated. It should be replaced some day with something more simple, and put in a module. - options.configuration.init-ssh = { - - enable = mkOption { - default = "disable"; - type = with types; enum [ "disable" "prepare" "enabled" ]; - }; - - kernelModules = mkOption { - type = with types; listOf str; - description = - "lspci -v will tell you which kernel module is used for the ethernet interface"; - }; - - port = mkOption { - default = 2222; - type = with types; int; - }; - - authorizedKeys = mkOption { - type = with types; listOf str; - default = config.users.users.root.openssh.authorizedKeys.keys - ++ (map (keyFile: lib.fileContents keyFile) - config.users.users.root.openssh.authorizedKeys.keyFiles); - }; - hostKey = mkOption { - default = "/etc/secrets/initrd/ssh_host_ed25519_key"; - type = with types; path; - description = '' - To generate keys, use ssh-keygen(1): - # ssh-keygen -t rsa -N "" -f /etc/secrets/initrd/ssh_host_rsa_key - # ssh-keygen -t ed25519 -N "" -f /etc/secrets/initrd/ssh_host_ed25519_key - ''; - }; - - }; - - config = mkMerge [ - - (mkIf (cfg.enable != "disable") { - services.tor = { - enable = true; - client.enable = true; - relay.onionServices.bootup.map = [{ port = 22; }]; - }; - }) - - (mkIf (cfg.enable == "enabled") { - - # tor setup - boot.initrd.secrets = { - "/etc/tor/onion/bootup" = /var/lib/tor/onion/bootup; - }; - - boot.initrd.extraUtilsCommands = '' - copy_bin_and_libs ${pkgs.tor}/bin/tor - ''; - - boot.initrd.network.postCommands = - let - torRc = (pkgs.writeText "tor.rc" '' - DataDirectory /etc/tor - SOCKSPort 127.0.0.1:9050 IsolateDestAddr - SOCKSPort 127.0.0.1:9063 - HiddenServiceDir /etc/tor/onion/bootup - HiddenServicePort ${toString cfg.port} 127.0.0.1:${toString cfg.port} - ''); - in - '' - echo "tor: preparing onion folder" - # have to do this otherwise tor does not want to start - chmod -R 700 /etc/tor - - echo "make sure localhost is up" - ip a a 127.0.0.1/8 dev lo - # ifconfig lo up - ip link set lo up - - echo "tor: starting tor" - tor -f ${torRc} --verify-config - tor -f ${torRc} & - ''; - - # ssh setup - # todo add the ssh host fingerprint to your trusted stuff - # todo set ssh host key here - boot.initrd.network.enable = true; - boot.initrd.network.ssh = { - enable = true; - authorizedKeys = cfg.authorizedKeys; - port = cfg.port; - hostKeys = [ cfg.hostKey ]; - }; - boot.initrd.availableKernelModules = cfg.kernelModules; - }) - ]; -} -