Simon Bruder
b595aceb7c
This also removes the explicit passing of the public key fingerprint to the unlock script, since the host key is no longer available in pass. Unlocking still works, since the keys are configured in modules/ssh.nix.
20 lines
683 B
Nix
20 lines
683 B
Nix
# For network to work in initrd, either pass the `ip=` kernel parameter or
|
|
# enable networking.useDHCP. You also have to add the required kernel modules
|
|
# for the network card to boot.initrd.availableKernelModules. Also see the
|
|
# instructions on how to add a host key to password-store.
|
|
{ config, lib, ... }:
|
|
{
|
|
boot.initrd.network = {
|
|
#enable = true;
|
|
ssh = {
|
|
enable = lib.mkDefault config.boot.initrd.network.enable;
|
|
port = 2222;
|
|
# ssh-keygen -t ed25519 -N "" -f ssh_host_ed25519_key_initrd -C HOSTNAME
|
|
# scp ssh_host_ed25519_key_initrd root@machine:/etc/ssh/
|
|
hostKeys = [
|
|
"/etc/ssh/ssh_host_ed25519_key_initrd"
|
|
];
|
|
};
|
|
};
|
|
}
|