emily/nixos-images
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

rewrite activation script with a systemd-initrd compatible version

Browse source
This commit is contained in:
Jörg Thalheim 2024-05-18 15:01:38 +02:00 committed by mergify[bot]
parent d1758754aa
commit f35cc93d09
1 changed files with 43 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

57
nix/restore-remote-access.nix
View file

@ -1,17 +1,46 @@
{ lib, ... }:
let
is2405 = lib.traceVal (lib.versionAtLeast lib.version "24.05pre");
in
{ {
# Restore ssh host and user keys if they are available. # We have a bug in 23.11 in combination with netboot.
# This avoids warnings of unknown ssh keys. boot.initrd.systemd.enable = is2405;
boot.initrd.postMountCommands = '' boot.initrd.systemd.services.restore-state-from-initrd = {
mkdir -m 700 -p /mnt-root/root/.ssh unitConfig = {
mkdir -m 755 -p /mnt-root/etc/ssh DefaultDependencies = false;
mkdir -m 755 -p /mnt-root/root/network RequiresMountsFor = "/sysroot /dev";
if [[ -f ssh/authorized_keys ]]; then };
install -m 400 ssh/authorized_keys /mnt-root/root/.ssh wantedBy = [ "initrd.target" ];
fi requiredBy = [ "rw-etc.service" ];
install -m 400 ssh/ssh_host_* /mnt-root/etc/ssh before = [ "rw-etc.service" ];
cp *.json /mnt-root/root/network/ serviceConfig.Type = "oneshot";
if [[ -f machine-id ]]; then # Restore ssh host and user keys if they are available.
cp machine-id /mnt-root/etc/machine-id # This avoids warnings of unknown ssh keys.
fi script = ''
mkdir -m 700 -p /sysroot/root/.ssh
mkdir -m 755 -p /sysroot/etc/ssh
mkdir -m 755 -p /sysroot/root/network
if [[ -f ssh/authorized_keys ]]; then
install -m 400 ssh/authorized_keys /sysroot/root/.ssh
fi
install -m 400 ssh/ssh_host_* /sysroot/etc/ssh
cp *.json /sysroot/root/network/
if [[ -f machine-id ]]; then
cp machine-id /sysroot/etc/machine-id
fi
'';
};
boot.initrd.postMountCommands = lib.mkIf (!is2405) ''
mkdir -m 700 -p /mnt-root/root/.ssh
mkdir -m 755 -p /mnt-root/etc/ssh
mkdir -m 755 -p /mnt-root/root/network
if [[ -f ssh/authorized_keys ]]; then
install -m 400 ssh/authorized_keys /mnt-root/root/.ssh
fi
install -m 400 ssh/ssh_host_* /mnt-root/etc/ssh
cp *.json /mnt-root/root/network/
if [[ -f machine-id ]]; then
cp machine-id /mnt-root/etc/machine-id
fi
''; '';
} }