From e4608fb1e41ebc35d62f98e1b6b3729590115fbb Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Tue, 3 Aug 2021 16:48:28 +0200 Subject: vidhar: initrd networking --- hosts/vidhar/default.nix | 21 +++++++++++++++++- hosts/vidhar/initrd-host-keys/private.yaml | 35 ++++++++++++++++++++++++++++++ hosts/vidhar/initrd-host-keys/public.yaml | 4 ++++ 3 files changed, 59 insertions(+), 1 deletion(-) create mode 100644 hosts/vidhar/initrd-host-keys/private.yaml create mode 100644 hosts/vidhar/initrd-host-keys/public.yaml diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index fecbfe9d..d28aeed7 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix @@ -27,7 +27,7 @@ initrd = { supportedFilesystems = [ "zfs" ]; - availableKernelModules = [ "ehci_pci" "ahci" "nvme" "isci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "drbg" "rtsx_pci_sdmmc" "libsas" "scsi_transport_sas" ]; + availableKernelModules = [ "ehci_pci" "ahci" "nvme" "isci" "xhci_pci" "usb_storage" "usbhid" "sd_mod" "sr_mod" "drbg" "rtsx_pci_sdmmc" "libsas" "scsi_transport_sas" "e1000e" ]; kernelModules = [ "dm-raid" "dm-integrity" "dm-snapshot" "dm-thin-pool" ]; luks.devices = { @@ -41,6 +41,14 @@ hdd4.device = "/dev/disk/by-label/${hostName}-hdd4"; hdd5.device = "/dev/disk/by-label/${hostName}-hdd5"; }; + + network = { + enable = true; + ssh = { + enable = true; + hostKeys = with config.sops.secrets; [ initrd_ssh_host_rsa_key.path initrd_ssh_host_ed25519_key.path ]; + }; + }; }; supportedFilesystems = [ "zfs" ]; @@ -49,6 +57,17 @@ }; }; + sops.secrets = { + initrd_ssh_host_rsa_key = { + key = "rsa"; + sopsFile = ./initrd-host-keys/private.yaml; + }; + initrd_ssh_host_ed25519_key = { + key = "ed25519"; + sopsFile = ./initrd-host-keys/private.yaml; + }; + }; + fileSystems = { "/" = { fsType = "tmpfs"; diff --git a/hosts/vidhar/initrd-host-keys/private.yaml b/hosts/vidhar/initrd-host-keys/private.yaml new file mode 100644 index 00000000..ea424974 --- /dev/null +++ b/hosts/vidhar/initrd-host-keys/private.yaml @@ -0,0 +1,35 @@ +rsa: ENC[AES256_GCM,data:u5NbMQLLIHzcH1oUvGbxNRiK0DUX84tQ/sIaUae370jkTdiRTrwTSOX+TielSgwEyLo7KAOVO0olbEheJjP6tLlOExDZZCO09YBqvZksSkT+0irnpA9K3oIPZVAKMgoGMRvr8I1fWn9ZQGpzFBrEOGN9+f5bJ4y44IHUxepvCalQQb4wFNqZv/tPAH8ku18v4U6Nocqfj4PfECzCaslRBY3tCiZ4ipbnBSaLM5KHDZWHYti88kG67xwupJ/v48wLtKwVQIzTvY+oN4ZnwRGzmqHfuz8EET/BrLZ/WLJtf3JuEqTZQIw24qP/8Q2/zEH40IzxeZvP5D1MzPpEVamU1FM9WAtwOQkrpoZL8+lRpcJvQdqbZqz1qLGU0MZmI++MudxebuIZ5g36y7xLAcYS3OuaekG66e6fhp1txqK09HB3wxXJVq7B13ip0MRDl1xfbVkSfDFBSSZ7hCueFS+2ee8d7fha7Y1wINZ5eU9WCjRG3yD/vMvLbJjRDKVhCZmoWUWcrhlzOIRmgYVetZqsHmPjBqOFd4bdc8fJLoJaGtlUFxSpuep8kO48J5Ibuk2GnBaiWinT92rUrkbErlREnDDt20B6ev7A3uJ8kLogiH6OdwVMvw2U1DTSsUZFhzlgXxe9kSThonR8ISpMOafDQOucfHNf96P5I5px0w6+KjZAFp9E7Liw3I5CBkvx+DYPYrq+4l3Q6/NdEAIBJivfxItLCbQn0EdS5bRPjWlygEjWmcUz2ivmTShpHYO4ZGjrgxgF6SVzJFcS66UzL/MrdHwxWuTkjcOQ8S9CaUq4uSniHusnO5RQEbDQSFvH5+D9R/vsaqDx+Hr1VHj782hEMDaRnV6afV1j4zlrJyO6VoUDVH5NAnlGRxDBDjnPhS+769qVlqlGNcrMqHJC0Xp2LPEfxKdRfPFAxSAVGNCj7s2w2t0/XSZ3qPOHOzkQRx0A4wD9r0CtarE1mO1My2mQnCSs/t9MGNiVNWRJXox4R2cpZY773+4XCPIli89ByOl6nVc1kva/ZifpVdLOAd0nPD+flq+H8CdZDWDcZVPrsiNplP3f38b41mIdpP/H4INORFnmOl1NEpwAO2J9n4uWBkXhst4PYJoTwdkr4YkVOgYK1hYlvrXoo36B/akTmVLNXwA7E75Db5LcMNhtnHuaUMmc1a1ztMQzXAKbeC4GR173kT49Yo8o0rkVTUPYYyXpAQyOIkwL1yRI1QvArKmwzb21UcN4t0dd7VGGTyDe3tJ8rdtJp7g225YSrFCOKKcpPCEKrKaqZMknOTzANnKMzwk/bHeGU9vaAOKrPJ8FjPqO6txWumYIXcMUyLERZ8jaC+1NTbGeq+u8q0IkESOTOB8TGEmafa6UBIkn15L5DDM4aA8sxjXL3WHaDRNfeRUjT5QVW3a3AiNMvEugNQIksTBcIpj7xPcf5LkncopP5BhLKFj3n9wGEdI/BBCclR3VnkIVkiGjxcJpdjkRXIYIxo69a/xV31Sw/sFxbg0/QsdEkCzkn553/SQbWKJbQDnSeQPNc5UIfSsn0wqknIOgRjFbHEZDD+PGPFrQzbz+v54ZfpVtCmgkoYvu4M6sfJ8r0VuuEcHCAjyS2CzFR6IYqyR7dZqDBAwdP6EeDbo2tQFwH0myYEkPFSwwWfPzvayyjP85LSVBNVBpCGVeuNSDYiJ0j/hyOYNxwj+rQ8IC+0Fl0EbikZuVZ8LD/tQl08aCh4g89psayM0PBKUrs0FCJoh6uSXKbSuenyllvjc9KRj0uwKYtKO/QhfCf1XgAdcUm3FRWGAohDrPaWkeCn75YerskIcDaVZuk9sQa76vW4djWzJpGPPZ1lYQh1IMojFr/SbRqvH/q5Jj3GHbRaVvkym1VRFQmerb0g7WPcs1tugTUvXSLm8dnfBYNCX6X/LkfyMtW6LeWlasdOTSOzNh+HpqIDMXRwq7l3xfwCuvIVcdF0aS+uWpOeiBuqPVCNqr1qF0IzGI53Uw5bkFY/wxxwIBbRxi1pAy91C4nLjWnhWgNw66h23Cw/cq2aFNdSsw/Amtn/8TztUIpH6QZG/1QyaZBjH+yXUm4OFkb31VVQCnaEPqHVoHpkmGFu2zNMrrVCHLEwOpyyBpRskHA1oGCv0fv5Smn6G+n2liHe0YDPQdH+GvMvJYfuzju0eahFhozRU1X3NPbbHAKcxffeQ+bkXN2QQncJgmPMY6bzbe85S94uk3Y0lSf4/L9kWcoaV+96ChjZ7hV1nFjkD0R9GPsEmLebS7MdnzDQLRMKhwEJgLi6S7PZg/Q9OPuXU7qX2mnmM9S7HLDfeW1oMcGhrhj/bvneBJB+XG4GWnQUVGS4EKACURV9A2nyx3/zfXIdEW1FX3dByWuJf73hPqnWqrGunMb1tHAWenTnw34KT5l077duSvYGpS44AGyZwwpA/7rwAAYlu2G0m+lPWRvJMSQweoKwgZh58E2v9T0b+yAY+YTpTMnh/gALW7wtpJy77IzroZEKx0ysWQ7HywzbXoZc3wpiCvGbxrxQJsLj91JBo7QT6VwCgId6bLgcgMwX6YptRTqTu7nt37VzeT3jsWj5TvXXXa0sToWplUtE5WzwpSx6sx7iPwd63NSDBSfGoOH6ZFgBBVuu1qSYUekp3oipY86V4w+bpPexck/ZgS8fMfYVILlAvt97J7tRTEqo02opEWwO2a4t1lBjaVtvskUIC5ddcSDN0JwY6JpblS2i9CiDB+Dv4oA8oepA/GGnbIK9YUC4uerrfZjPfyf9lIIKYY3EpvMghhOYLkKR/jwDAX7t6c92YrkCtNXRAiGPNMnYiP5S9kK7zlVeb/70Nd3Ew6iOlpklNRlMM6zSOy8vzRGnBoDhtWcPDmyUHh0W9ZuXv2LD+f7qaMqZngKxo3kdThA2bCMRpCiAst/1GmEq/7cw7R6TW+ENcBZfZqZLUcIHAMFsVJ5M8LpUT0Q4kQ6Ha3uiPDdRtC5gXFEWhTq+XPBm5Sn2EMOxqI+j0yknhGXQ4dpr+AAT6B6y5fYR3Fe3ytTMet5Q1fezTuL4bRPRyHpV+R9QigSf+OM47SwbG4E/+ZKuIMWfBsIv+vfuw5XGTXGHtYm2rvAD92BTa8pMrD9G4o6ZTHTUO9DGnYZUhLdWYFH6I8TS5IGKuwvo5DezUmyoC08BR7yAq2zm33cw9WaNfNCDpBSCUuzrgXJHDEJVICc9QugMM3Z17U0oPksGybj02gptC8724cxxA0Spxb1seRsRlMYHYWCI2Tdv9Mjhr5sw5MjwtioALbQ4hsihXgTGlqkrgaW2TAKFt8L4gb2hhp5l+jxnGF3gacFodniRLGI4ue6MgwlHhFVaiGa5dT+tjU6tYDVCaL8DeHj7UZDEs2NJo4+v5lwv6JjZMAZfbPFY150KSlHV2u0ll64pF7sJjKF7pEaSYYmdRhEjCjFpMCmtJ0rxJtgIyuzA==,iv:r/ksbyC44RrP2BCUUdmOHPfIhi9LPCF+fs1/urWz6Ss=,tag:Zk3xJw1tcf+/YQpAYwVt+w==,type:str] +ed25519: ENC[AES256_GCM,data:PE0UKLLThNwkdi2oz38HlgslJD5i9c9cL4ZBSBxSMcz7bXzLMv58Z9vucJ4WPtBxKSvFx5ksl/alRUyh2WTxuGNgut9vcgcNSG2qXzb8jdxb5CbFK1yVglVX7wtQkaOwmlc1Pty64sA0jwucaQQhEMeVXA/kxwe5uagCIupjP6lqnkzAuf4Dc1jIfXdEoEV0jtVUSjgeXHPymSPkg1J95VUMEIfVbncFxvzSQngv5kuE/XoH3adujuKR9fC/Z5u08hSjTzGQzMdgZk5BYvy7AWYN8SmfWcyAkClywj9DCzgaw8KY+MzSxQWrhAt3rqobmtVoJoJ5oc1/l6m5pPsyb/Ex2wwFh/rWm7SNfhW/Ev/ZuIX7llL7HCgXxhiCJIl9X4jkwF6OvslvK1wYgJ6rvGQwyM+/7Q8/rX1KJnq3qA93SfDi/fPLuJxcMYj/mZ/bluG4bsTFaUzDf1l6C251p24JJt3F0o1RTF1zgACrdhKK1BN79sQt4xDnHawCCwEkBbdeE0pmml1i3aUy5thl,iv:6cYTjmJd44Uc+uwnIZI1CUuKhYNGHuWa8wr7CYJY3RY=,tag:+PGy7aVeHyLH+B04Nj8BRQ==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: [] + lastmodified: "2021-08-03T14:47:32Z" + mac: ENC[AES256_GCM,data:gWbmGMZ+/Ts7NP9J1q/kjQmJ7V6lJ5xFpjZNJ+aTOmkz7a6sG8SRvNEW/qrpJfCzEFdQJYhOW3X9FhWpb5U6j4gINrgqUGdusQpw0PmIieC5tCPQPlTPHMReK0xaZ3NViMdHJhGdtehGfPqAtA3Bifn2ZZzOrzTOaPN2fH11fZw=,iv:FhKERfmDPmWn5ZKkuHWMc/vINpmJTr0jZ1iCkSgAUEs=,tag:ibe+m8vz6b+a+as5mz4+eA==,type:str] + pgp: + - created_at: "2021-08-03T14:47:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4DXxoViZlp6dISAQdAFyVws/2vIBK6ohlM93FpgKt6RXI8RPgaJSgHKsSeMB8w + XJqXQ2YGG8X6kHR/SW3A//1hBbLAaT6cRj7PLtkabr/5vgJ1Yk+k2mCFg+fte61o + 0l4Bppl+iqVjECSJlrRp/GtbbyGlSS+pAItDZKAZOnrIYbx27CFfxNDDHv8EAFDP + HoYtgpeVxgRuvIBMHexMiuFExExkddHpHkSDoT1iJOsK+SQEqbxSfZpEJIRLcjb9 + =hvve + -----END PGP MESSAGE----- + fp: 30D3453B8CD02FE2A3E7C78C0FB536FB87AE8F51 + - created_at: "2021-08-03T14:47:02Z" + enc: | + -----BEGIN PGP MESSAGE----- + + hF4DbYDvGI0HDr0SAQdAvLR7Ngh3gqQAnmlCeSwKGwWXBNlBZxxliQBOkhhKcSow + V9mWDn01Iue3qHQwGCd7Om/9EqU7SkFrkxzgAIBRJpAmj0eP1zsgiWepawzQ4glb + 0l4ByB+6R+V2SyGI9HcABJiLcTOIjVLgn1QzK0l4K2ewS2K5FSBGNzVKoT+p4J5a + ja6A7vM0u12ddlqkifBsqN7900gI2ZTUz00rDZqis3sJk9J8dyWsAdkscig7Htlg + =hZHL + -----END PGP MESSAGE----- + fp: A1C7C95E6CAF0A965CB47277BCF50A89C1B1F362 + unencrypted_suffix: _unencrypted + version: 3.7.1 diff --git a/hosts/vidhar/initrd-host-keys/public.yaml b/hosts/vidhar/initrd-host-keys/public.yaml new file mode 100644 index 00000000..af521564 --- /dev/null +++ b/hosts/vidhar/initrd-host-keys/public.yaml @@ -0,0 +1,4 @@ +rsa: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCs0bzHfJBgG5AP0nSUgkGBoxRLRDu9FMfwJN3NFLeUf1axmKPja0mO+ddUQeLobDcl4zU4VyBxdd5qrrSkAufM76GJJFqXGJs98WudELXD5I4/o99Fh7xSf6QtafftTbjUfcTzX9t30Cb109Ppv1sKANcfLOx5EWH4TX3WK0vWTZHlS/OHvojwx7Y8/8dYbA96neMSBK5ceDu/VAG/JHYz5JgtDczSKUnbh026xav8rv9Sd3paC42XNlWSkjvpXxXoJ+ta5SuOXAl+4gPDvjgxK+QJ+yglhJma7LdHt7tqQjy/R0v5+wMzbNCKdQ1E9GiCw+hSE3mbCj/PVFy+J1oadBta+qF5SKCSurFeCRaehTTz6Qynxu0OxLQV/OHX6yC2i9OVJOs0PNGiot9pjxoSKyKrlT7gshP6MRfC1F330oVDSOPAkFLFFkTJtzb0ifJ5s1LyM0LyJAPso+5ytCcSOoQpcKd54VbSTYXBcnWtRFtEzUDIeLDeRWgQ0zJsef8= +ed25519: | + ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBb+RVaConednm1DsYh18ttUEs/FJ7+E3g0YGbZcJthp -- cgit v1.2.3