magpie: add ssh service to initrd
This commit is contained in:
parent
e1cfb9032c
commit
a418ea4145
GPG Key ID:
020C42B7A9ABA3E2
@ -23,6 +23,20 @@
|
|||||||
"net.ipv4.tcp_congestion_control" = "bbr";
|
"net.ipv4.tcp_congestion_control" = "bbr";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
boot.initrd = {
|
||||||
|
compressor = "zstd";
|
||||||
|
availableKernelModules = ["virtio-pci"];
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
udhcpc.enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
hostKeys = [config.sops.secrets."ssh_tmp_key".path];
|
||||||
|
authorizedKeyFiles = [../nixy/ssh_pubkey];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
# Set your time zone.
|
# Set your time zone.
|
||||||
time.timeZone = "Europe/Berlin";
|
time.timeZone = "Europe/Berlin";
|
||||||
|
|
||||||
@ -316,6 +330,10 @@
|
|||||||
sopsFile = ./secrets/borgbase_ssh_key.yaml;
|
sopsFile = ./secrets/borgbase_ssh_key.yaml;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
sops.secrets."ssh_tmp_key" = {
|
||||||
|
sopsFile = ./secrets/ssh_tmp_key.yaml;
|
||||||
|
};
|
||||||
|
|
||||||
networking.hostName = "magpie";
|
networking.hostName = "magpie";
|
||||||
|
|
||||||
networking.firewall.enable = true;
|
networking.firewall.enable = true;
|
||||||
|
|||||||
30
magpie/secrets/ssh_tmp_key.yaml
Normal file
30
magpie/secrets/ssh_tmp_key.yaml
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
ssh_tmp_key: ENC[AES256_GCM,data:0Nhokwe27gGeGB2ScDPzKvw4QLyveGaQJpCPf8PG/0Pan5W31NAw1suNa3QYeD7AVzhDZzE0g2eCovtNQ3ne1add4FBp670rditi0D2aKgxXL9WAX+Xl+1fsUA5x764oHt58yY9Om3ByJZK3JgDH1JkVauw6+hcURWIx0WjOrO0I75ofdfUy+wEO3Br9mLgtOcUuaXaqc3nUYn5Oo7nk2hK746YRDpq+sA0KZxf49OwPPUz8HgeNOxHWdgp0WHZPk3dDHBBiEQXokdCCWwo+j1L+e9EvrHqjiJ+Yl+02yd1KwcbPnnGyBGrli0JcNpofsCnDQGnrkhHGxJHFZpdIkp1LQWVITpp/BU63sYDIIUXo6AcHOofmqeXZo9rmeHTrA6TpRrMs/aoEQGE+6L3OQTrnTvkdfXvaCJmZ8sWhV5mDzw9x2y6JsWyo65lTRRX+YAvCbkoi7IyCKu1ESrzpFLCUpf4+YBcVrv+RWyQhxVeFMtW6RjpnYYtsAa4WBwdtnxn941zkTLh7rvDhsTy/,iv:UYMgZBIl9HGjFXQskPs5fb64mVlY2PJI8hl80m0tQqU=,tag:O4O6oxtvOR+jiGDlhFk1vg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age153y8mz6gqy5t54q4fnrdvjj4v5ls9cgp3hhpd2hzf5tvkcnncf6q4xns0j
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBVWVdrd0xkTk5rUDg0alk2
|
||||||
|
Y1NaaFYxSjBqeG9peW1OQ2VpcEpFVS95SjBFCmFRTk9Ia1RKNzF6eEVCaUxCalVP
|
||||||
|
Qmo1WnNQcEhjZE1USDkxVXo1b2NldXMKLS0tIFRjZlRsOGdGSWxIUlBFQ2xNdEJG
|
||||||
|
RkN1SXJiSlRkQUdSblBlcmV6dEFoSVEKAb+zyJvpBqsBUUu5y7QBIenceTlq5T9k
|
||||||
|
/C2jDZJ7yuKBSYxo3gxyIeyS6Sy+mDcXMcykzVx1NpArhjQVAk7Igw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1geqqmsnng2e9sja6uxxmtlwlm4c6e5v6ch3l3yjenstq6tjq4fusr0305s
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGbERkSE94MFYrUmV3WXMx
|
||||||
|
TDlDVWZGejhyaEpwY2prQmI4WnhFZk5nZVZVCnY5c1JjNmRYNzRCUFhDQ1NUck1j
|
||||||
|
Q3B6eEFqWGk2a0o0RXZYdXBDRHZrckkKLS0tIFpWdFg5dDQ2djhKWEIxTVQxS1pO
|
||||||
|
UjhBR3liczFmYW5OSERxa240ZzhmRzgKuHazL76dOSmBFvRimkskoO1C95sUVfFf
|
||||||
|
xrTl76N9as5R897gqyX8s6oXYMjHPYYE3ko1VNOT84bTaVwXVu/oaw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2024-04-21T11:49:14Z"
|
||||||
|
mac: ENC[AES256_GCM,data:EYwpISkIeYnfQp5EbdUKLlyK9OpwmbYOgtzY1jaTPouNk+Snp+yW9t3G+EdOeKxrn1LV7C9Sjd2Qfu/DvFGjfkKS4W7KD3FB+SsBHVefrTl0cRZK0QOhdwqe/A7542x1FWyDMuean28Q4EO72zJU9tn/MvRT+QIiHXtmqu9spIg=,iv:UUXxiBEENjs2vdxzP1QJRU5ZhDyqkqn6Yqft846HIXg=,tag:L+MGa3ORQ7MIqfjdc3VFSg==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.8.1
|
||||||
Loading…
Reference in New Issue
Block a user