Benjamin Bädorf
e8ad662631
This commit changes the file structure around, so that we have the following parts: `/modules` contains reusable logic blocks for hosts. `/hosts` contains host configurations. `/lib` contains nix library functions. `/overlays` contains overlay files. `/public-keys` contains all information regarding public keys. This change reduces the complexity of flake.nix, instead delegating this out to the `default.nix` files in the above directories.
30 lines
970 B
Nix
30 lines
970 B
Nix
{ flake, ... }: {
|
|
# From https://nixos.wiki/wiki/ZFS#Unlock_encrypted_zfs_via_ssh_on_boot
|
|
boot.initrd.network = {
|
|
enable = true;
|
|
ssh = {
|
|
enable = true;
|
|
# To prevent ssh clients from freaking out because a different host key is used,
|
|
# a different port for ssh is useful (assuming the same host has also a regular sshd running)
|
|
port = 2222;
|
|
|
|
# Please create this manually the first time.
|
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
|
authorizedKeys = flake.self.publicKeys.admins;
|
|
};
|
|
# this will automatically load the zfs password prompt on login
|
|
# and kill the other prompt so boot can continue
|
|
postCommands = ''
|
|
cat <<EOF > /root/.profile
|
|
if pgrep -x "zfs" > /dev/null
|
|
then
|
|
zfs load-key -a
|
|
killall zfs
|
|
else
|
|
echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
|
|
fi
|
|
EOF
|
|
'';
|
|
};
|
|
}
|