{ config, lib, pkgs, private_assets, ... }: with lib; let computers = { pepe = { onionId = fileContents "${private_assets}/onion_id_pepe"; # SHA256:aOZbqpgc5CcTNtRAzjuG/0BQZ9MF5c9u/N+UC88y8kI publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB5K4UHD8cIcXB33UiOj5vyXJj+4CyyiLFDMwcyad92a"; }; chungus = { onionId = fileContents "${private_assets}/onion_id_chungus"; publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHJpPfGAiARWgZbID+2IIT9dbo/PqgG/pkFsBaBUKGiu"; }; }; in { config = mkIf (config.components.network.sshd.enable) { services.openssh.knownHosts = { "robi-init-ssh" = { hostNames = [ "[robi]:2222" "[144.76.13.147]:2222" ]; # SHA256:rhvbJ84cPXXezaoJiY7tFsG8CJxI2F/lLKz8q+xUW+g publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMKQ7XB6Cs9FJmHkuZ9ihbj76WsK0uJBh882ceyKaaKJ"; }; } // (mapAttrs' (name: { onionId, publicKey, ... }: { name = "${name}-init-ssh"; value = { hostNames = [ "[${onionId}]:2222" ]; inherit publicKey; }; }) computers); environment.systemPackages = let sshTor = mapAttrsToList (name: { onionId, ... }: pkgs.writers.writeDashBin "ssh-boot-to-${name}-via-tor" '' ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 '') computers; passwordTor = mapAttrsToList (name: { onionId, ... }: pkgs.writers.writeDashBin "unlock-boot-${name}-via-tor" '' ${pkgs.tor}/bin/torify ${pkgs.openssh}/bin/ssh root@${onionId} -p 2222 ' echo -n "enter password : " read password echo "$password" > /crypt-ramfs/passphrase ' '') computers; unlockInit = mapAttrsToList (name: { public_ip, ... }: pkgs.writers.writeDashBin "unlock-boot-${name}" '' ${pkgs.openssh}/bin/ssh root@${public_ip} -p 2222 ' echo -n "enter password : " read password echo "$password" | systemctl default ' '') { orbi = { public_ip = "95.216.66.212"; }; }; in sshTor ++ passwordTor ++ unlockInit; }; }