Clean up dropbear role

role/dropbear/default.nix

@@ -1,15 +1,24 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 
-{
 # Note: This implementation currently only allows eno1 (first interface) with dhcp.
+let
+  ip = "10.1.2.2";
+  gateway = "10.1.2.1";
+  netmask = "255.255.255.0";
+  hostname = config.networking.hostName;
+  primaryInterface = "eno1";
+in {
   boot.initrd.network = {
     enable = true;
     ssh = {
       enable = true;
       port = 2222;
-      # this includes the ssh keys of all users in the wheel group,
-      # but you can just specify some keys manually
-      #authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
+      authorizedKeys = with lib;
+        concatLists (mapAttrsToList (name: user:
+          if elem "wheel" user.extraGroups then
+            user.openssh.authorizedKeys.keys
+          else
+            [ ]) config.users.users);
       hostRSAKey = /boot/dropbear_rsa_host_key;
       hostECDSAKey = /boot/dropbear_ecdsa_host_key;
       # Key generation with dropbearkey -t <type> -f <output-keyfile>
@@ -18,11 +27,12 @@
       echo 'cryptsetup-askpass' >> /root/.profile
     '';
   };
+
   boot.kernelParams = [
-    "ip=10.1.2.2::10.1.2.1:255.255.255.0:montalin:eno1:none"
+    "ip=${ip}::${gateway}:${netmask}:${hostname}:${primaryInterface}:none"
   ]; # see https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt
 
   boot.initrd.postMountCommands = ''
-    ip link set eno1 down
+    ip link set ${primaryInterface} down
   '';
 }