asmir/nixos_flake_config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

mediabox: add ssh service to initrd

Browse Source
This commit is contained in:
Asmir A 2024-04-21 13:10:33 +02:00
parent 4e83712fc0
commit 7024f0e216
Signed by: asmir
GPG Key ID: 020C42B7A9ABA3E2
2 changed files with 48 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
mediabox/configuration.nix
View File

@ -30,6 +30,10 @@
sopsFile = ../common/secrets/wg_preshared.yaml; sopsFile = ../common/secrets/wg_preshared.yaml;
}; };
sops.secrets."ssh_dummy_ed25519_key" = {
sopsFile = ./secrets/dummy_ssh_key.yaml;
};
nix = { nix = {
optimise.automatic = true; optimise.automatic = true;
gc.automatic = true; gc.automatic = true;
@ -41,7 +45,20 @@
}; };
boot = { boot = {
initrd.compressor = "zstd"; initrd = {
compressor = "zstd";
availableKernelModules = ["e1000e"];
network = {
enable = true;
udhcpc.enable = true;
ssh = {
enable = true;
hostKeys = [config.sops.secrets."ssh_dummy_ed25519_key".path];
authorizedKeys = [(builtins.readFile ../nixy/ssh_pubkey)];
};
};
};
kernelModules = ["acpi_call"]; kernelModules = ["acpi_call"];
kernelPackages = pkgs.linuxPackages_latest; kernelPackages = pkgs.linuxPackages_latest;
kernelParams = ["msr.allow_writes=on"]; kernelParams = ["msr.allow_writes=on"];

30
mediabox/secrets/dummy_ssh_key.yaml Normal file
View File

@ -0,0 +1,30 @@
dummy_ssh_key: ENC[AES256_GCM,data:tI28E8IPF9sBP7QmLSigVPrNY4bdF5INSouYJ3n3PelDS64KUWis2JsKTT6da4Q0S4zf1QGMHd1L0QpyHft497AH/r1Akf4/+gwiHVV8O4dI3cZxqfm1aEIrmP4Gy6S+0gJtOkm4bRRTFAINtr4iIz+max5/TTZbcJs6Nfee4uy2bRRp2t6ZJGpkSqHVAuVbCfcj7UPtLFMle6fgpJwxKUZgeSaRiDNRgP2k8E+JWLx3k/9TZen9vYidptdxu3SQ7pOpyiyQkzMJfwc3skyDsjfqj05H/hVMs49J8Gv3JglajTTuwg+Pgtz7nAgiFI7JDvJAbvY48+3oE5ZWf0BIcoEBorOKzzIO8qV/Yy5wDBIVr5YC09MikZ4dupH4PtwgegH5dWT0vi0EDCl4opX/qOrG0tc4DgFiaqRIwxMGnINxNQ+sHUsEzom9m0hvJt0pTH0b2fRh+43roqmaBMZjhwMU/bnXB5EIdVzTxBnwOXcS+0R+a4om0ziZQku+IZCF/u23DtF/vY6I75dfaRrT,iv:y8XWPaxLC/14wtzgNMtdehZ8H/ye5P8YXCUvTWBa570=,tag:gvIAbkuZpBHuoxiLQ5bQhw==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMUhaMDg5K0c2RUVoY3BT
b3ZRajRFWHg0eFduUFpZb2l0NzAyNFBDbkFJCjNHRUNxT1duWEdySFppNU5rblZU
bmgveE5rM0JIYno0bGdGbnZJRTgvdnMKLS0tIG5iaTRCQWN4V3QrdmhBdURDQ084
cHhTV2Z5bzV2ckVLVkMrL2tNSUpqNWMKW2rEBB8mUlejxRnHmHyGtAAnPUuLyAM6
4BBvBS3zMs3mzLEXUgcH1f8LsJiLm+DQVGEPNiKUn6H6SlnCh7ZSmg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSL2Y4Mzc1YWs5cjNSc29k
QnhlRHJqbWdDK2JqZHVQYk9MSTdOTWw2WVM4ClozWHNMWmhCUmU3ZXdZaGJTS3d4
Z0xLbnlsOCt4NitTMCtoSE9VY2hueFUKLS0tIEhVbTc0TWU2NzluVksvQ2xDZkMy
M0ZtaFJzOS9lYTFvL2dKNnRaWk5QMG8KwyQseKKVk4qQKH6goHLGsvAdyQtLmjmR
XtKPMOzHZ4aFG8h/bFHH3xxVHADh0qmfOlUMa/nG6I8IcPjXXCwyTQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-21T11:04:43Z"
mac: ENC[AES256_GCM,data:5QMf6xp8hltgDcL6TLe16zbvAEovClabzefG6on8MSW9uW4IvAJuzzSR6pL0H+WHLtzc0IwdHten/ic3jkMZDJMRBkL/vOZx5iPaZcU1GdnFyFYKcDZrEefy1i9tgiigsU3vx5qqXYOERAXgYCRIX9BO9EXZ+jamuXCONTGuWJI=,iv:5q742vstvWULdPVAAw1MKoVjdYisyxlWaSc0b0Id82w=,tag:Uph/eWCSyLrlJSUq17M8/w==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1