summaryrefslogtreecommitdiff
path: root/system-profiles
diff options
context:
space:
mode:
authorGregor Kleen <gkleen@yggdrasil.li>2021-08-03 17:12:41 +0200
committerGregor Kleen <gkleen@yggdrasil.li>2021-08-03 17:12:41 +0200
commit02a0b57551a6a5f9ebccff226c12b8f671a7c149 (patch)
tree17aacfdc9a7572b56c0bda2cd2eee6e46e950616 /system-profiles
parentf06a55f31684b546734a4efb761a649225bb61a5 (diff)
downloadnixos-02a0b57551a6a5f9ebccff226c12b8f671a7c149.tar
nixos-02a0b57551a6a5f9ebccff226c12b8f671a7c149.tar.gz
nixos-02a0b57551a6a5f9ebccff226c12b8f671a7c149.tar.bz2
nixos-02a0b57551a6a5f9ebccff226c12b8f671a7c149.tar.xz
nixos-02a0b57551a6a5f9ebccff226c12b8f671a7c149.zip
vidhar: initrd ssh
Diffstat (limited to 'system-profiles')
-rw-r--r--system-profiles/initrd-ssh/default.nix35
-rw-r--r--system-profiles/initrd-ssh/host-keys/vidhar-private.yaml35
-rw-r--r--system-profiles/initrd-ssh/host-keys/vidhar-public.yaml4
3 files changed, 74 insertions, 0 deletions
diff --git a/system-profiles/initrd-ssh/default.nix b/system-profiles/initrd-ssh/default.nix
new file mode 100644
index 00000000..00fa55b6
--- /dev/null
+++ b/system-profiles/initrd-ssh/default.nix
@@ -0,0 +1,35 @@
1{ hostName, config, pkgs, ... }:
2{
3 config = {
4 boot.initrd.network = {
5 enable = true;
6 ssh = {
7 enable = true;
8 hostKeys = with config.sops.secrets; [ initrd_ssh_host_rsa_key.path initrd_ssh_host_ed25519_key.path ];
9 authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys ++ map (kF: builtins.readFile kF) config.users.users.root.openssh.authorizedKeys.keyFiles;
10 };
11 };
12
13 sops.secrets = {
14 initrd_ssh_host_rsa_key = {
15 key = "rsa";
16 path = "/etc/initrd_ssh_host_rsa_key";
17 sopsFile = ./host-keys + "/${hostName}-private.yaml";
18 };
19 initrd_ssh_host_ed25519_key = {
20 key = "ed25519";
21 path = "/etc/initrd_ssh_host_ed25519_key";
22 sopsFile = ./host-keys + "/${hostName}-private.yaml";
23 };
24 };
25 environment.etc =
26 let
27 mkPubkey = typ: pkgs.runCommand "initrd_ssh_host_${typ}_key" { buildInputs = with pkgs; [ yq ]; } ''
28 yq -r '.${typ}' ${./host-keys + "/${hostName}-public.yaml"} > $out
29 '';
30 in {
31 "initrd_ssh_host_rsa_key.pub".source = mkPubkey "rsa";
32 "initrd_ssh_host_ed25519_key.pub".source = mkPubkey "ed25519";
33 };
34 };
35}
diff --git a/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml b/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml
new file mode 100644
index 00000000..ea424974
--- /dev/null
+++ b/system-profiles/initrd-ssh/host-keys/vidhar-private.yaml
@@ -0,0 +1,35 @@
1rsa: ENC[AES256_GCM,data:u5NbMQLLIHzcH1oUvGbxNRiK0DUX84tQ/sIaUae370jkTdiRTrwTSOX+TielSgwEyLo7KAOVO0olbEheJjP6tLlOExDZZCO09YBqvZksSkT+0irnpA9K3oIPZVAKMgoGMRvr8I1fWn9ZQGpzFBrEOGN9+f5bJ4y44IHUxepvCalQQb4wFNqZv/tPAH8ku18v4U6Nocqfj4PfECzCaslRBY3tCiZ4ipbnBSaLM5KHDZWHYti88kG67xwupJ/v48wLtKwVQIzTvY+oN4ZnwRGzmqHfuz8EET/BrLZ/WLJtf3JuEqTZQIw24qP/8Q2/zEH40IzxeZvP5D1MzPpEVamU1FM9WAtwOQkrpoZL8+lRpcJvQdqbZqz1qLGU0MZmI++MudxebuIZ5g36y7xLAcYS3OuaekG66e6fhp1txqK09HB3wxXJVq7B13ip0MRDl1xfbVkSfDFBSSZ7hCueFS+2ee8d7fha7Y1wINZ5eU9WCjRG3yD/vMvLbJjRDKVhCZmoWUWcrhlzOIRmgYVetZqsHmPjBqOFd4bdc8fJLoJaGtlUFxSpuep8kO48J5Ibuk2GnBaiWinT92rUrkbErlREnDDt20B6ev7A3uJ8kLogiH6OdwVMvw2U1DTSsUZFhzlgXxe9kSThonR8ISpMOafDQOucfHNf96P5I5px0w6+KjZAFp9E7Liw3I5CBkvx+DYPYrq+4l3Q6/NdEAIBJivfxItLCbQn0EdS5bRPjWlygEjWmcUz2ivmTShpHYO4ZGjrgxgF6SVzJFcS66UzL/MrdHwxWuTkjcOQ8S9CaUq4uSniHusnO5RQEbDQSFvH5+D9R/vsaqDx+Hr1VHj782hEMDaRnV6afV1j4zlrJyO6VoUDVH5NAnlGRxDBDjnPhS+769qVlqlGNcrMqHJC0Xp2LPEfxKdRfPFAxSAVGNCj7s2w2t0/XSZ3qPOHOzkQRx0A4wD9r0CtarE1mO1My2mQnCSs/t9MGNiVNWRJXox4R2cpZY773+4XCPIli89ByOl6nVc1kva/ZifpVdLOAd0nPD+flq+H8CdZDWDcZVPrsiNplP3f38b41mIdpP/H4INORFnmOl1NEpwAO2J9n4uWBkXhst4PYJoTwdkr4YkVOgYK1hYlvrXoo36B/akTmVLNXwA7E75Db5LcMNhtnHuaUMmc1a1ztMQzXAKbeC4GR173kT49Yo8o0rkVTUPYYyXpAQyOIkwL1yRI1QvArKmwzb21UcN4t0dd7VGGTyDe3tJ8rdtJp7g225YSrFCOKKcpPCEKrKaqZMknOTzANnKMzwk/bHeGU9vaAOKrPJ8FjPqO6txWumYIXcMUyLERZ8jaC+1NTbGeq+u8q0IkESOTOB8TGEmafa6UBIkn15L5DDM4aA8sxjXL3WHaDRNfeRUjT5QVW3a3AiNMvEugNQIksTBcIpj7xPcf5LkncopP5BhLKFj3n9wGEdI/BBCclR3VnkIVkiGjxcJpdjkRXIYIxo69a/xV31Sw/sFxbg0/QsdEkCzkn553/SQbWKJbQDnSeQPNc5UIfSsn0wqknIOgRjFbHEZDD+PGPFrQzbz+v54ZfpVtCmgkoYvu4M6sfJ8r0VuuEcHCAjyS2CzFR6IYqyR7dZqDBAwdP6EeDbo2tQFwH0myYEkPFSwwWfPzvayyjP85LSVBNVBpCGVeuNSDYiJ0j/hyOYNxwj+rQ8IC+0Fl0EbikZuVZ8LD/tQl08aCh4g89psayM0PBKUrs0FCJoh6uSXKbSuenyllvjc9KRj0uwKYtKO/QhfCf1XgAdcUm3FRWGAohDrPaWkeCn75YerskIcDaVZuk9sQa76vW4djWzJpGPPZ1lYQh1IMojFr/SbRqvH/q5Jj3GHbRaVvkym1VRFQmerb0g7WPcs1tugTUvXSLm8dnfBYNCX6X/LkfyMtW6LeWlasdOTSOzNh+HpqIDMXRwq7l3xfwCuvIVcdF0aS+uWpOeiBuqPVCNqr1qF0IzGI53Uw5bkFY/wxxwIBbRxi1pAy91C4nLjWnhWgNw66h23Cw/cq2aFNdSsw/Amtn/8TztUIpH6QZG/1QyaZBjH+yXUm4OFkb31VVQCnaEPqHVoHpkmGFu2zNMrrVCHLEwOpyyBpRskHA1oGCv0fv5Smn6G+n2liHe0YDPQdH+GvMvJYfuzju0eahFhozRU1X3NPbbHAKcxffeQ+bkXN2QQncJgmPMY6bzbe85S94uk3Y0lSf4/L9kWcoaV+96ChjZ7hV1nFjkD0R9GPsEmLebS7MdnzDQLRMKhwEJgLi6S7PZg/Q9OPuXU7qX2mnmM9S7HLDfeW1oMcGhrhj/bvneBJB+XG4GWnQUVGS4EKACURV9A2nyx3/zfXIdEW1FX3dByWuJf73hPqnWqrGunMb1tHAWenTnw34KT5l077duSvYGpS44AGyZwwpA/7rwAAYlu2G0m+lPWRvJMSQweoKwgZh58E2v9T0b+yAY+YTpTMnh/gALW7wtpJy77IzroZEKx0ysWQ7HywzbXoZc3wpiCvGbxrxQJsLj91JBo7QT6VwCgId6bLgcgMwX6YptRTqTu7nt37VzeT3jsWj5TvXXXa0sToWplUtE5WzwpSx6sx7iPwd63NSDBSfGoOH6ZFgBBVuu1qSYUekp3oipY86V4w+bpPexck/ZgS8fMfYVILlAvt97J7tRTEqo02opEWwO2a4t1lBjaVtvskUIC5ddcSDN0JwY6JpblS2i9CiDB+Dv4oA8oepA/GGnbIK9YUC4uerrfZjPfyf9lIIKYY3EpvMghhOYLkKR/jwDAX7t6c92YrkCtNXRAiGPNMnYiP5S9kK7zlVeb/70Nd3Ew6iOlpklNRlMM6zSOy8vzRGnBoDhtWcPDmyUHh0W9ZuXv2LD+f7qaMqZngKxo3kdThA2bCMRpCiAst/1GmEq/7cw7R6TW+ENcBZfZqZLUcIHAMFsVJ5M8LpUT0Q4kQ6Ha3uiPDdRtC5gXFEWhTq+XPBm5Sn2EMOxqI+j0yknhGXQ4dpr+AAT6B6y5fYR3Fe3ytTMet5Q1fezTuL4bRPRyHpV+R9QigSf+OM47SwbG4E/+ZKuIMWfBsIv+vfuw5XGTXGHtYm2rvAD92BTa8pMrD9G4o6ZTHTUO9DGnYZUhLdWYFH6I8TS5IGKuwvo5DezUmyoC08BR7yAq2zm33cw9WaNfNCDpBSCUuzrgXJHDEJVICc9QugMM3Z17U0oPksGybj02gptC8724cxxA0Spxb1seRsRlMYHYWCI2Tdv9Mjhr5sw5MjwtioALbQ4hsihXgTGlqkrgaW2TAKFt8L4gb2hhp5l+jxnGF3gacFodniRLGI4ue6MgwlHhFVaiGa5dT+tjU6tYDVCaL8DeHj7UZDEs2NJo4+v5lwv6JjZMAZfbPFY150KSlHV2u0ll64pF7sJjKF7pEaSYYmdRhEjCjFpMCmtJ0rxJtgIyuzA==,iv:r/ksbyC44RrP2BCUUdmOHPfIhi9LPCF+fs1/urWz6Ss=,tag:Zk3xJw1tcf+/YQpAYwVt+w==,type:str]
2ed25519: ENC[AES256_GCM,data:PE0UKLLThNwkdi2oz38HlgslJD5i9c9cL4ZBSBxSMcz7bXzLMv58Z9vucJ4WPtBxKSvFx5ksl/alRUyh2WTxuGNgut9vcgcNSG2qXzb8jdxb5CbFK1yVglVX7wtQkaOwmlc1Pty64sA0jwucaQQhEMeVXA/kxwe5uagCIupjP6lqnkzAuf4Dc1jIfXdEoEV0jtVUSjgeXHPymSPkg1J95VUMEIfVbncFxvzSQngv5kuE/XoH3adujuKR9fC/Z5u08hSjTzGQzMdgZk5BYvy7AWYN8SmfWcyAkClywj9DCzgaw8KY+MzSxQWrhAt3rqobmtVoJoJ5oc1/l6m5pPsyb/Ex2wwFh/rWm7SNfhW/Ev/ZuIX7llL7HCgXxhiCJIl9X4jkwF6OvslvK1wYgJ6rvGQwyM+/7Q8/rX1KJnq3qA93SfDi/fPLuJxcMYj/mZ/bluG4bsTFaUzDf1l6C251p24JJt3F0o1RTF1zgACrdhKK1BN79sQt4xDnHawCCwEkBbdeE0pmml1i3aUy5thl,iv:6cYTjmJd44Uc+uwnIZI1CUuKhYNGHuWa8wr7CYJY3RY=,tag:+PGy7aVeHyLH+B04Nj8BRQ==,type:str]
3sops:
4 kms: []
5 gcp_kms: []
6 azure_kv: []
7 hc_vault: []
8 age: []
9 lastmodified: "2021-08-03T14:47:32Z"
10 mac: ENC[AES256_GCM,data:gWbmGMZ+/Ts7NP9J1q/kjQmJ7V6lJ5xFpjZNJ+aTOmkz7a6sG8SRvNEW/qrpJfCzEFdQJYhOW3X9FhWpb5U6j4gINrgqUGdusQpw0PmIieC5tCPQPlTPHMReK0xaZ3NViMdHJhGdtehGfPqAtA3Bifn2ZZzOrzTOaPN2fH11fZw=,iv:FhKERfmDPmWn5ZKkuHWMc/vINpmJTr0jZ1iCkSgAUEs=,tag:ibe+m8vz6b+a+as5mz4+eA==,type:str]
11 pgp:
12 - created_at: "2021-08-03T14:47:02Z"
13 enc: |
14 -----BEGIN PGP MESSAGE-----
15
16 hF4DXxoViZlp6dISAQdAFyVws/2vIBK6ohlM93FpgKt6RXI8RPgaJSgHKsSeMB8w
17 XJqXQ2YGG8X6kHR/SW3A//1hBbLAaT6cRj7PLtkabr/5vgJ1Yk+k2mCFg+fte61o
18 0l4Bppl+iqVjECSJlrRp/GtbbyGlSS+pAItDZKAZOnrIYbx27CFfxNDDHv8EAFDP
19 HoYtgpeVxgRuvIBMHexMiuFExExkddHpHkSDoT1iJOsK+SQEqbxSfZpEJIRLcjb9
20 =hvve
21 -----END PGP MESSAGE-----
22 fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51
23 - created_at: "2021-08-03T14:47:02Z"
24 enc: |
25 -----BEGIN PGP MESSAGE-----
26
27 hF4DbYDvGI0HDr0SAQdAvLR7Ngh3gqQAnmlCeSwKGwWXBNlBZxxliQBOkhhKcSow
28 V9mWDn01Iue3qHQwGCd7Om/9EqU7SkFrkxzgAIBRJpAmj0eP1zsgiWepawzQ4glb
29 0l4ByB+6R+V2SyGI9HcABJiLcTOIjVLgn1QzK0l4K2ewS2K5FSBGNzVKoT+p4J5a
30 ja6A7vM0u12ddlqkifBsqN7900gI2ZTUz00rDZqis3sJk9J8dyWsAdkscig7Htlg
31 =hZHL
32 -----END PGP MESSAGE-----
33 fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362
34 unencrypted_suffix: _unencrypted
35 version: 3.7.1
diff --git a/system-profiles/initrd-ssh/host-keys/vidhar-public.yaml b/system-profiles/initrd-ssh/host-keys/vidhar-public.yaml
new file mode 100644
index 00000000..af521564
--- /dev/null
+++ b/system-profiles/initrd-ssh/host-keys/vidhar-public.yaml
@@ -0,0 +1,4 @@
1rsa: |
2 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCs0bzHfJBgG5AP0nSUgkGBoxRLRDu9FMfwJN3NFLeUf1axmKPja0mO+ddUQeLobDcl4zU4VyBxdd5qrrSkAufM76GJJFqXGJs98WudELXD5I4/o99Fh7xSf6QtafftTbjUfcTzX9t30Cb109Ppv1sKANcfLOx5EWH4TX3WK0vWTZHlS/OHvojwx7Y8/8dYbA96neMSBK5ceDu/VAG/JHYz5JgtDczSKUnbh026xav8rv9Sd3paC42XNlWSkjvpXxXoJ+ta5SuOXAl+4gPDvjgxK+QJ+yglhJma7LdHt7tqQjy/R0v5+wMzbNCKdQ1E9GiCw+hSE3mbCj/PVFy+J1oadBta+qF5SKCSurFeCRaehTTz6Qynxu0OxLQV/OHX6yC2i9OVJOs0PNGiot9pjxoSKyKrlT7gshP6MRfC1F330oVDSOPAkFLFFkTJtzb0ifJ5s1LyM0LyJAPso+5ytCcSOoQpcKd54VbSTYXBcnWtRFtEzUDIeLDeRWgQ0zJsef8=
3ed25519: |
4 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBb+RVaConednm1DsYh18ttUEs/FJ7+E3g0YGbZcJthp