29 lines
1.1 KiB
Nix
29 lines
1.1 KiB
Nix
|
{ config, lib, pkgs, ... }:
|
||
|
|
|
||
|
|
{
|
||
|
|
boot.initrd.kernelModules = [ "r8169" ]; # add network card driver
|
||
|
|
boot.kernelParams = ["ip=:::::enp6s0:dhcp"]; # enable dhcp on primary network interface
|
||
|
|
boot.initrd.network = {
|
||
|
|
enable = true;
|
||
|
|
ssh = {
|
||
|
|
enable = true;
|
||
|
|
port = 2222;
|
||
|
|
# TODO: Modify system config so that this works
|
||
|
|
# authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
|
||
|
|
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
|
||
|
|
hostKeys = [ /run/keys/ecdsa_host ];
|
||
|
|
};
|
||
|
|
# TODO: curl some webhook here to alert?
|
||
|
|
# possibly quite hard to do, we only have limited wget or netcat available
|
||
|
|
# how this all works:
|
||
|
|
# when someone logs in via ssh, they are prompted to unlock the zfs volume
|
||
|
|
# afterwards zfs is killed in order for the boot to progress
|
||
|
|
# timeout of 120s still applies afaik
|
||
|
|
postCommands = ''
|
||
|
|
zpool import zroot
|
||
|
|
zpool import dpool
|
||
|
|
echo "zfs load-key -a; killall zfs && exit" >> /root/.profile
|
||
|
|
'';
|
||
|
|
};
|
||
|
|
}
|