the-distro/infra
9
0
Fork 5
Code Issues 39 Pull requests 8 Packages Projects 1 Releases Wiki Activity

builders: move provisioning of ssh hostkeys to a systemd service

Browse source 
at first activation it does not yet have a working network setup
This commit is contained in:
Yureka 2024-08-05 07:17:45 +02:00
parent bce44930b1
commit 20fc4c8f96
1 changed files with 14 additions and 15 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

23
services/baremetal-builder/netboot.nix
View file

@ -5,22 +5,21 @@ in
{ {
config = lib.mkIf (cfg.enable && cfg.netboot) { config = lib.mkIf (cfg.enable && cfg.netboot) {
system.activationScripts.agenixInstall.deps = ["provisionSshHostKey"]; systemd.services.openssh.after = [ "provision-ssh-hostkey" ];
system.activationScripts.provisionSshHostKey = { systemd.services.provision-ssh-hostkey = {
text = '' wantedBy = [ "multi-user.target" ];
echo provisioning ssh hostkey serviceConfig = {
if [ ! -f /etc/ssh/ssh_host_ed25519_key ] Type = "oneshot";
then RemainAfterExit = true;
};
script = ''
mkdir -p /etc/ssh mkdir -p /etc/ssh
(
umask 0077 umask 0077
until ${pkgs.iputils}/bin/ping -c 1 vpn-gw.wob01.infra.forkos.org; do sleep 1; done
curl --local-port 25-1024 https://vpn-gw.wob01.infra.forkos.org/${config.networking.hostName}/ssh_host_ed25519_key > /etc/ssh/ssh_host_ed25519_key curl --local-port 25-1024 https://vpn-gw.wob01.infra.forkos.org/${config.networking.hostName}/ssh_host_ed25519_key > /etc/ssh/ssh_host_ed25519_key
) # Run the activation script again to trigger agenix decryption
fi /run/current-system/activate
''; '';
deps = [
"specialfs"
];
}; };
system.build = { system.build = {