server-configs/shared/modules/ssh-luks-zfs-on-boot.nix

97 lines
2.2 KiB
Nix
Raw Permalink Normal View History

{ config, lib, ... }:
with lib;
let
cfg = config.mine.ssh-on-boot;
in {
options.mine.ssh-on-boot = {
enable = mkOption {
type = types.bool;
default = false;
};
network = {
address = mkOption {
type = types.str;
example = "192.168.1.11";
};
gateway = mkOption {
type = types.str;
example = "192.168.1.1";
};
netmask = mkOption {
type = types.str;
example = "255.255.255.0";
};
hostname = mkOption {
type = types.str;
default = "${config.networking.hostName}-boot";
};
interface = mkOption {
type = types.str;
example = "eno3";
};
};
kernelModules = mkOption {
type = types.listOf types.str;
default = [
"ixgbe"
"igb"
];
};
sshPort = mkOption {
type = types.int;
default = 2222;
};
sshKeyLocation = mkOption {
type = types.str;
default = "/state/root/ssh-on-boot";
};
};
config = mkIf cfg.enable {
boot = {
kernelParams = [
"ip=${cfg.network.address}::${cfg.network.gateway}:${cfg.network.netmask}:${cfg.network.hostname}:${cfg.network.interface}"
];
initrd.availableKernelModules = cfg.kernelModules;
initrd.network = {
enable = true;
ssh = {
enable = true;
port = cfg.sshPort;
hostKeys = [
"${cfg.sshKeyLocation}/ssh_host_ed25519_key"
"${cfg.sshKeyLocation}/ssh_host_rsa_key"
];
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
};
postCommands = let
luksCmd = builtins.concatStringsSep "; " (
lib.mapAttrsToList (n: v:
"echo Opening ${n}; cryptsetup-askpass open ${v.device} ${n}"
) config.boot.initrd.luks.devices);
in ''
ip route add ${cfg.network.gateway} dev ${cfg.network.interface}
ip route add default via ${cfg.network.gateway} dev ${cfg.network.interface}
ip link set ${cfg.network.interface} up
echo "${luksCmd}; zpool import -a; zfs load-key -a; killall zfs" >> /root/.profile
'';
};
};
};
}