mirror of
https://github.com/Gerg-L/nixos.git
synced 2025-12-10 00:43:56 -05:00
systemd initrd ssh zfs native encryption unlock
This commit is contained in:
parent
27fd18e3a2
commit
c102d3c782
SSH key fingerprint:
SHA256:FPYDHIkvMocr4wdmZXpgpJjsb2Tw6rASs2ISPbOb0KI
3 changed files with 32 additions and 6 deletions
|
|
@ -18,6 +18,37 @@ in
|
||||||
environment.systemPackages = [ pkgs.sbctl ];
|
environment.systemPackages = [ pkgs.sbctl ];
|
||||||
|
|
||||||
boot = {
|
boot = {
|
||||||
|
initrd = {
|
||||||
|
kernelModules = [ "igc" ];
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
port = 22;
|
||||||
|
hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
|
||||||
|
authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
systemd = {
|
||||||
|
network = {
|
||||||
|
enable = true;
|
||||||
|
networks.enp11s0 = {
|
||||||
|
name = "enp11s0";
|
||||||
|
address = [ "192.168.1.4/24" ];
|
||||||
|
gateway = [ "192.168.1.1" ];
|
||||||
|
dns = [ "192.168.1.1" ];
|
||||||
|
DHCP = "no";
|
||||||
|
linkConfig = {
|
||||||
|
MACAddress = "D8:5E:D3:E5:47:90";
|
||||||
|
RequiredForOnline = "routable";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
wait-online.enable = false;
|
||||||
|
};
|
||||||
|
users.root.shell = "/bin/systemd-tty-ask-password-agent";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
lanzaboote = {
|
lanzaboote = {
|
||||||
enable = true;
|
enable = true;
|
||||||
pkiBundle = "/etc/secureboot";
|
pkiBundle = "/etc/secureboot";
|
||||||
|
|
@ -86,6 +117,5 @@ in
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
);
|
);
|
||||||
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -47,10 +47,7 @@
|
||||||
|
|
||||||
(
|
(
|
||||||
let
|
let
|
||||||
keys = [
|
keys = [ config.local.keys.root_media-laptop ];
|
||||||
config.local.keys.root_media-laptop
|
|
||||||
config.local.keys.root_game-desktop
|
|
||||||
];
|
|
||||||
in
|
in
|
||||||
lib.mkIf config.local.remoteBuild.isBuilder {
|
lib.mkIf config.local.remoteBuild.isBuilder {
|
||||||
sops.secrets.store_key = { };
|
sops.secrets.store_key = { };
|
||||||
|
|
|
||||||
|
|
@ -6,7 +6,6 @@
|
||||||
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";
|
gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";
|
||||||
gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc";
|
gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc";
|
||||||
root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD";
|
root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD";
|
||||||
root_game-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I";
|
|
||||||
root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
|
root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
|
||||||
gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
|
gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
|
||||||
gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8";
|
gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8";
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue