mediabox: add ssh service to initrd
This commit is contained in:
parent
4e83712fc0
commit
7024f0e216
GPG Key ID:
020C42B7A9ABA3E2
@ -30,6 +30,10 @@
|
|||||||
sopsFile = ../common/secrets/wg_preshared.yaml;
|
sopsFile = ../common/secrets/wg_preshared.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."ssh_dummy_ed25519_key" = {
|
||||||
|
sopsFile = ./secrets/dummy_ssh_key.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
nix = {
|
nix = {
|
||||||
optimise.automatic = true;
|
optimise.automatic = true;
|
||||||
gc.automatic = true;
|
gc.automatic = true;
|
||||||
@ -41,7 +45,20 @@
|
|||||||
};
|
};
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
initrd.compressor = "zstd";
|
initrd = {
|
||||||
|
compressor = "zstd";
|
||||||
|
availableKernelModules = ["e1000e"];
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
udhcpc.enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
hostKeys = [config.sops.secrets."ssh_dummy_ed25519_key".path];
|
||||||
|
authorizedKeys = [(builtins.readFile ../nixy/ssh_pubkey)];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
kernelModules = ["acpi_call"];
|
kernelModules = ["acpi_call"];
|
||||||
kernelPackages = pkgs.linuxPackages_latest;
|
kernelPackages = pkgs.linuxPackages_latest;
|
||||||
kernelParams = ["msr.allow_writes=on"];
|
kernelParams = ["msr.allow_writes=on"];
|
||||||
|
|||||||
30
mediabox/secrets/dummy_ssh_key.yaml
Normal file
30
mediabox/secrets/dummy_ssh_key.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
dummy_ssh_key: ENC[AES256_GCM,data:tI28E8IPF9sBP7QmLSigVPrNY4bdF5INSouYJ3n3PelDS64KUWis2JsKTT6da4Q0S4zf1QGMHd1L0QpyHft497AH/r1Akf4/+gwiHVV8O4dI3cZxqfm1aEIrmP4Gy6S+0gJtOkm4bRRTFAINtr4iIz+max5/TTZbcJs6Nfee4uy2bRRp2t6ZJGpkSqHVAuVbCfcj7UPtLFMle6fgpJwxKUZgeSaRiDNRgP2k8E+JWLx3k/9TZen9vYidptdxu3SQ7pOpyiyQkzMJfwc3skyDsjfqj05H/hVMs49J8Gv3JglajTTuwg+Pgtz7nAgiFI7JDvJAbvY48+3oE5ZWf0BIcoEBorOKzzIO8qV/Yy5wDBIVr5YC09MikZ4dupH4PtwgegH5dWT0vi0EDCl4opX/qOrG0tc4DgFiaqRIwxMGnINxNQ+sHUsEzom9m0hvJt0pTH0b2fRh+43roqmaBMZjhwMU/bnXB5EIdVzTxBnwOXcS+0R+a4om0ziZQku+IZCF/u23DtF/vY6I75dfaRrT,iv:y8XWPaxLC/14wtzgNMtdehZ8H/ye5P8YXCUvTWBa570=,tag:gvIAbkuZpBHuoxiLQ5bQhw==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age19yrl6pr73cv067ksfz0txp3zm2au25jfyjeerw23ml55ps5cyyfqtm3kmt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBXMUhaMDg5K0c2RUVoY3BT
|
||||||
|
b3ZRajRFWHg0eFduUFpZb2l0NzAyNFBDbkFJCjNHRUNxT1duWEdySFppNU5rblZU
|
||||||
|
bmgveE5rM0JIYno0bGdGbnZJRTgvdnMKLS0tIG5iaTRCQWN4V3QrdmhBdURDQ084
|
||||||
|
cHhTV2Z5bzV2ckVLVkMrL2tNSUpqNWMKW2rEBB8mUlejxRnHmHyGtAAnPUuLyAM6
|
||||||
|
4BBvBS3zMs3mzLEXUgcH1f8LsJiLm+DQVGEPNiKUn6H6SlnCh7ZSmg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSL2Y4Mzc1YWs5cjNSc29k
|
||||||
|
QnhlRHJqbWdDK2JqZHVQYk9MSTdOTWw2WVM4ClozWHNMWmhCUmU3ZXdZaGJTS3d4
|
||||||
|
Z0xLbnlsOCt4NitTMCtoSE9VY2hueFUKLS0tIEhVbTc0TWU2NzluVksvQ2xDZkMy
|
||||||
|
M0ZtaFJzOS9lYTFvL2dKNnRaWk5QMG8KwyQseKKVk4qQKH6goHLGsvAdyQtLmjmR
|
||||||
|
XtKPMOzHZ4aFG8h/bFHH3xxVHADh0qmfOlUMa/nG6I8IcPjXXCwyTQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-21T11:04:43Z"
|
||||||
|
mac: ENC[AES256_GCM,data:5QMf6xp8hltgDcL6TLe16zbvAEovClabzefG6on8MSW9uW4IvAJuzzSR6pL0H+WHLtzc0IwdHten/ic3jkMZDJMRBkL/vOZx5iPaZcU1GdnFyFYKcDZrEefy1i9tgiigsU3vx5qqXYOERAXgYCRIX9BO9EXZ+jamuXCONTGuWJI=,iv:5q742vstvWULdPVAAw1MKoVjdYisyxlWaSc0b0Id82w=,tag:Uph/eWCSyLrlJSUq17M8/w==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
Loading…
Reference in New Issue
Block a user