From dadc992c620f75ac2fa9d152fb4b4eeed06e51a2 Mon Sep 17 00:00:00 2001 From: Fabian Date: Tue, 27 Oct 2020 13:37:43 +0000 Subject: [PATCH] Clean up dropbear role --- role/dropbear/default.nix | 26 ++++++++++++++++++-------- 1 file changed, 18 insertions(+), 8 deletions(-) diff --git a/role/dropbear/default.nix b/role/dropbear/default.nix index 3699674..a24c463 100644 --- a/role/dropbear/default.nix +++ b/role/dropbear/default.nix @@ -1,15 +1,24 @@ -{ config, pkgs, ... }: +{ config, pkgs, lib, ... }: -{ - # Note: This implementation currently only allows eno1 (first interface) with dhcp. +# Note: This implementation currently only allows eno1 (first interface) with dhcp. +let + ip = "10.1.2.2"; + gateway = "10.1.2.1"; + netmask = "255.255.255.0"; + hostname = config.networking.hostName; + primaryInterface = "eno1"; +in { boot.initrd.network = { enable = true; ssh = { enable = true; port = 2222; - # this includes the ssh keys of all users in the wheel group, - # but you can just specify some keys manually - #authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users); + authorizedKeys = with lib; + concatLists (mapAttrsToList (name: user: + if elem "wheel" user.extraGroups then + user.openssh.authorizedKeys.keys + else + [ ]) config.users.users); hostRSAKey = /boot/dropbear_rsa_host_key; hostECDSAKey = /boot/dropbear_ecdsa_host_key; # Key generation with dropbearkey -t -f @@ -18,11 +27,12 @@ echo 'cryptsetup-askpass' >> /root/.profile ''; }; + boot.kernelParams = [ - "ip=10.1.2.2::10.1.2.1:255.255.255.0:montalin:eno1:none" + "ip=${ip}::${gateway}:${netmask}:${hostname}:${primaryInterface}:none" ]; # see https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt boot.initrd.postMountCommands = '' - ip link set eno1 down + ip link set ${primaryInterface} down ''; }