forked from M-Labs/nix-servo
enable host key generation on first boot
This commit is contained in:
parent
dad71891b6
commit
bd4885c597
@ -17,6 +17,7 @@
|
|||||||
./network.patch
|
./network.patch
|
||||||
./pr-28.patch
|
./pr-28.patch
|
||||||
./pr-29.patch
|
./pr-29.patch
|
||||||
|
./pr-30.patch
|
||||||
];
|
];
|
||||||
};
|
};
|
||||||
|
|
||||||
|
135
pr-30.patch
Normal file
135
pr-30.patch
Normal file
@ -0,0 +1,135 @@
|
|||||||
|
diff --git a/base.nix b/base.nix
|
||||||
|
index 7eaee32..622cbf1 100644
|
||||||
|
--- a/base.nix
|
||||||
|
+++ b/base.nix
|
||||||
|
@@ -120,10 +120,6 @@ with lib;
|
||||||
|
root:x:0:
|
||||||
|
nixbld:x:30000:nixbld1,nixbld10,nixbld2,nixbld3,nixbld4,nixbld5,nixbld6,nixbld7,nixbld8,nixbld9
|
||||||
|
'';
|
||||||
|
- "ssh/ssh_host_rsa_key.pub".source = ./ssh/ssh_host_rsa_key.pub;
|
||||||
|
- "ssh/ssh_host_rsa_key" = { mode = "0600"; source = ./ssh/ssh_host_rsa_key; };
|
||||||
|
- "ssh/ssh_host_ed25519_key.pub".source = ./ssh/ssh_host_ed25519_key.pub;
|
||||||
|
- "ssh/ssh_host_ed25519_key" = { mode = "0600"; source = ./ssh/ssh_host_ed25519_key; };
|
||||||
|
};
|
||||||
|
boot.kernelParams = [ "systemConfig=${config.system.build.toplevel}" ];
|
||||||
|
boot.kernelPackages = lib.mkDefault (if pkgs.system == "armv7l-linux" then pkgs.linuxPackages_rpi1 else pkgs.linuxPackages);
|
||||||
|
diff --git a/gen_keys b/gen_keys
|
||||||
|
deleted file mode 100755
|
||||||
|
index ee586a2..0000000
|
||||||
|
--- a/gen_keys
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,4 +0,0 @@
|
||||||
|
-#!/bin/sh
|
||||||
|
-mkdir ssh
|
||||||
|
-ssh-keygen -t rsa -b 4096 -f ssh/ssh_host_rsa_key -N ""
|
||||||
|
-ssh-keygen -t ed25519 -f ssh/ssh_host_ed25519_key -N ""
|
||||||
|
diff --git a/runit.nix b/runit.nix
|
||||||
|
index d7b0bf3..6d602b6 100644
|
||||||
|
--- a/runit.nix
|
||||||
|
+++ b/runit.nix
|
||||||
|
@@ -2,7 +2,6 @@
|
||||||
|
|
||||||
|
let
|
||||||
|
sshd_config = pkgs.writeText "sshd_config" ''
|
||||||
|
- HostKey /etc/ssh/ssh_host_rsa_key
|
||||||
|
HostKey /etc/ssh/ssh_host_ed25519_key
|
||||||
|
Port 22
|
||||||
|
PidFile /run/sshd.pid
|
||||||
|
@@ -30,6 +29,13 @@ in
|
||||||
|
{
|
||||||
|
"runit/1".source = pkgs.writeScript "1" ''
|
||||||
|
#!${pkgs.runtimeShell}
|
||||||
|
+
|
||||||
|
+ ED25519_KEY="/etc/ssh/ssh_host_ed25519_key"
|
||||||
|
+
|
||||||
|
+ if [ ! -f $ED25519_KEY ]; then
|
||||||
|
+ ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -f $ED25519_KEY -N ""
|
||||||
|
+ fi
|
||||||
|
+
|
||||||
|
${lib.optionalString config.not-os.simpleStaticIp ''
|
||||||
|
ip addr add 10.0.2.15 dev eth0
|
||||||
|
ip link set eth0 up
|
||||||
|
diff --git a/ssh/ssh_host_ed25519_key b/ssh/ssh_host_ed25519_key
|
||||||
|
deleted file mode 100644
|
||||||
|
index 62f3b04..0000000
|
||||||
|
--- a/ssh/ssh_host_ed25519_key
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,7 +0,0 @@
|
||||||
|
------BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
-b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
|
||||||
|
-QyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7wAAAJhmBZVCZgWV
|
||||||
|
-QgAAAAtzc2gtZWQyNTUxOQAAACCyu5b2+49W47G9KYQj+7xz1YuY3w3Iz1kb/eIgNWPF7w
|
||||||
|
-AAAEBALOVU4aPZln0n7z7AR5jOoVnT7OhWAJiROqTw9ecEILK7lvb7j1bjsb0phCP7vHPV
|
||||||
|
-i5jfDcjPWRv94iA1Y8XvAAAAEGNsZXZlckBhbWQtbml4b3MBAgMEBQ==
|
||||||
|
------END OPENSSH PRIVATE KEY-----
|
||||||
|
diff --git a/ssh/ssh_host_ed25519_key.pub b/ssh/ssh_host_ed25519_key.pub
|
||||||
|
deleted file mode 100644
|
||||||
|
index c636ae4..0000000
|
||||||
|
--- a/ssh/ssh_host_ed25519_key.pub
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1 +0,0 @@
|
||||||
|
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILK7lvb7j1bjsb0phCP7vHPVi5jfDcjPWRv94iA1Y8Xv clever@amd-nixos
|
||||||
|
diff --git a/ssh/ssh_host_rsa_key b/ssh/ssh_host_rsa_key
|
||||||
|
deleted file mode 100644
|
||||||
|
index d9c3b46..0000000
|
||||||
|
--- a/ssh/ssh_host_rsa_key
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1,51 +0,0 @@
|
||||||
|
------BEGIN RSA PRIVATE KEY-----
|
||||||
|
-MIIJKAIBAAKCAgEAxTB2amEQdRnxKKoTpm81Eydd0gSgiotd0Ujeg+eEkArLwlWv
|
||||||
|
-6gjoeNEzcNH8tZ0g3sjk1SVheZNxdHWCXqJnL/EIpoGn8VNW7pgRP1ZgW48wPjJ7
|
||||||
|
-dN8eve/28d2QCDYEkZNDTjHzDEHP/TxngjA6lli0KX6SfJbKUmqR/kdn8A5NpsjM
|
||||||
|
-BmjQ/UkMTAH/KG3HhSHRoljHFsyfKw917a3uO9ahLiEnFih36/V9anjljboEZAux
|
||||||
|
-XKNFUJFWkn+QPGLnPQtrP85ZUtSEFiwjOCcjCctps+miRJwZsNHE2erqelJbJb7v
|
||||||
|
-Cq+paoffxc27U7dhvLoz2f9XalW4Sj8mL45kyysrN4WBSDxi1znPjxD6PuNsabCe
|
||||||
|
-TBisHj2M09Zv7hZIoR53Jv6cjwZoML5MN6VA2yc/OAoYvDAJET/ZRPkl8tzzvMXo
|
||||||
|
-Y+bfyUitYA3FJjBInFm+mmVkHTqi/V7SwFKWGXRhAO2JU0cUXUrDyI7OKnNS4Vue
|
||||||
|
-h5O7UHGhtBvoFLDpkr9GJwNJNZXtNdK77eQXPDkv0k2qQcLZQLGRR4hBTIL9GAgE
|
||||||
|
-3nlCGs6bNw+OgaiWMqcLwoe8IBeq0WDrjRDEuyoIOREAQYZ0twYrhvT5rLXhz9IJ
|
||||||
|
-nUyn7P7uX4/i2tDWy3iPHJHNtFSD2lLA+xuXA6xoW1REfL3lCpIHZtpopP8CAwEA
|
||||||
|
-AQKCAgEAjbNYtPNRd0UQJq+pdUWe90enxP8sOsMRxQ4/ULxzZ2tKpzkaM+z42bFD
|
||||||
|
-7QQJPJ1QfKgSwRSeqlYJBq5W5BiCXFIybCzp+aJw6v3+DuzMS59nBJsUWpTnq4gg
|
||||||
|
-hgg4s53VxKL1j+CXDqzQgOMCYuyzfUz7EoJxU/SsKXOJvBemGjy9EmhjLQvvesQe
|
||||||
|
-gRRCPtQ8t2/pDGgNkVWz36a5kPYXJ4sBwntychrcqoR7/qIoG6Ob+iTo7HArpEz8
|
||||||
|
-0EO465wLHbPx+yUWzU4IKULIgFaneCdjqzTuNa2TTJxBgHOu0f4Sn9pIPv6imPpR
|
||||||
|
-FPzVa8BxDMUl87bpI3G8ACbHEw+ZX52wxC5/149ofu9jxBiGxODsmCGullIsGnEH
|
||||||
|
-F0PhA2kJzzb/MPcfZRGTvp0kbP9i3DM1yTa2vLSWT2hCi94zpRRiWMgN4azwvQeA
|
||||||
|
-o/KLlQ78hRu8wdJ5lwn5/iDpDr13TN5cHc7uhf/bVdwOcS9uSMAZvdIqazThQhgy
|
||||||
|
-G3AF5oIg/8MYz/pGwZg4aUmLTXB8O/Xgqtj5yUduMxR/vChZiKWHNt6EWT1VMHKs
|
||||||
|
-ktVBiLUZvp8kfWqSNVcLjt7tI2+Dwy2hNIPpRXZOu7cSf0A0YsZlcB/MLWBKKtMk
|
||||||
|
-mnYL1+rFTuR9TB6YkmDWwRqTHTEtyaXPADRX9j8Y0kF0Qd0JATECggEBAPp1+P5m
|
||||||
|
-wWMn2xOuBb+Znv036O+NOnQ+OPP04lFXwSHUsR6BMPJDaA2B3n+15vGCxzMLNQsl
|
||||||
|
-qn44WiUm2hv8BwO9DkFm/VpB9yj+30gnP6RXThPUsO6msN1XTa+F6GnnoJ8vRfnO
|
||||||
|
-9+iRU97Owwi8IGoHeVlsXRKhbi6cIJ0Y711b6uN97mBnOB+ig0F7L2lHrRRVYO3R
|
||||||
|
-SPpvZunsksZEoxdNGM4qTbhVjFve1gXWHNzzqDGzCqwnPWynVE8jEjM3jEp5GRKo
|
||||||
|
-jIEEN4k1SBI5Ovou07qogLgtsZnudxlJCDSgLITlJbCMwluZ+sjpxu6GIZrbNtYt
|
||||||
|
-yaCS+wwMvZYuWbcCggEBAMmM4kv2Na9Y272/oRIh5J14op4qMBWOqjXTdAX0WhrD
|
||||||
|
-ay/+s77t6Gq/oMgmulqQLLgZcGkrz7Z8DWfdNoSxZvQQcftr3CHrgRiZvyFzvhRN
|
||||||
|
-bnk3vTAT1Ay1nRFOmHsciOGVI8EijRVIunFJu2r4aIfQ6RUpBV16RwMk9CYjYcA1
|
||||||
|
-DAYc+IEDfH9SFmWAkO2/X9Gv7616fvAQsIjT+lSTkM6SPpvvwW7g/X3sM138ATJm
|
||||||
|
-8EcBbT7NvTmGbVSDYhzSyPc/DfZXnNhSMXPZrbwRJQNhUzL26TsOJUCzzD9yhwAC
|
||||||
|
-JTOON3VBqE3IRlKVlts5bghDcCxxFVK87U2pR6BvrvkCggEAWmTboc2qPEQ1MEwd
|
||||||
|
-bQJfvFpCarrY/v06Buo6CEuYu8IMzsqnxLgJRN67U/Jt0Hp3tHd2BHjqqLVj64az
|
||||||
|
-L2hti67fB0HJbJrkPlqGcX8g3ApadpPL68YjjS8mLZQxxo8/jFQ+eCN3m+tfjsmm
|
||||||
|
-4G8tb7cU1+5hRQkYQCA/MRO/yD0VcFeSAh8exWQc5TQ1b1TcJbuOySZApYoxZXnp
|
||||||
|
-mz9IcW905WulM0NE7h9ltSOKtUAHUzCgSHO9Gorlxc4NkoiYzIQaRX6pfyLrfEzL
|
||||||
|
-nzAilgryhaqtEkwDjl/fgjO2j2/DwY8GZErZFsBjH8In9wxX8pDtoK1T2O1TSA0N
|
||||||
|
-G7fMzwKCAQA1omgWDs76eor/U59pU9uijBe6Pz/MfMqOyFZ3vy67MIW1n/H1PRo8
|
||||||
|
-TgJbQPMWZod/9kUTt7TuutRWb2eyqALdsAKlBW7vF9yiz0ctf791Z6WeXFbcFGq5
|
||||||
|
-dxr1IBUzrcQ/Q5DgNHGW2GPFAfn93Vzzx4Q/PUtQNNnw3EScYY4BuBwbBFqc+nCG
|
||||||
|
-8TFEkZH/so2tH0SIxbBB8i8IOmDDYQGH9yLyHDs9ZmIOwGxq9kTbRMlsG9UWgWl5
|
||||||
|
-hWxSsSPKx8zy/rSYeXgjmLvQOH0jLuzKmXuqdEpcjMcdELupprCGMAv2TEI10eMX
|
||||||
|
-z9Pm5ife7sl5KXkQWodyHRSJNiL5br8BAoIBADu7tRChFC5oplnjQ2LYNbS58pv3
|
||||||
|
-+44RLBe6pZjiHTo9lSRmS+ymRrVoGyJWHEsS1eWjYZseuLjgQ0GuegF7fpeqqIST
|
||||||
|
-gXRaJ3OkjBWXtSNt48zsaWUMUO6qI8V7viMmxnzWskELaoHJTmOQSUXS9/L0/MFz
|
||||||
|
-1vhe6VN+xxlb0+x2if326RGJBIrDwInnTcMoIT0kPo1t9HWvs1pO29Qkg3Zellmg
|
||||||
|
-iEarmJVdr9WO26j72e1IYBauorVQHG9rqdv6YOdtvqKSqqh/Axm3G2HAXKJd7s9T
|
||||||
|
-FZYTE/OZsUWzEbRv73ZbzDFhva3BbHAHV71y4Uyllk85/PQ5qXISkf84gM4=
|
||||||
|
------END RSA PRIVATE KEY-----
|
||||||
|
diff --git a/ssh/ssh_host_rsa_key.pub b/ssh/ssh_host_rsa_key.pub
|
||||||
|
deleted file mode 100644
|
||||||
|
index 63dbd02..0000000
|
||||||
|
--- a/ssh/ssh_host_rsa_key.pub
|
||||||
|
+++ /dev/null
|
||||||
|
@@ -1 +0,0 @@
|
||||||
|
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDFMHZqYRB1GfEoqhOmbzUTJ13SBKCKi13RSN6D54SQCsvCVa/qCOh40TNw0fy1nSDeyOTVJWF5k3F0dYJeomcv8QimgafxU1bumBE/VmBbjzA+Mnt03x697/bx3ZAINgSRk0NOMfMMQc/9PGeCMDqWWLQpfpJ8lspSapH+R2fwDk2myMwGaND9SQxMAf8obceFIdGiWMcWzJ8rD3Xtre471qEuIScWKHfr9X1qeOWNugRkC7Fco0VQkVaSf5A8Yuc9C2s/zllS1IQWLCM4JyMJy2mz6aJEnBmw0cTZ6up6Ulslvu8Kr6lqh9/FzbtTt2G8ujPZ/1dqVbhKPyYvjmTLKys3hYFIPGLXOc+PEPo+42xpsJ5MGKwePYzT1m/uFkihHncm/pyPBmgwvkw3pUDbJz84Chi8MAkRP9lE+SXy3PO8xehj5t/JSK1gDcUmMEicWb6aZWQdOqL9XtLAUpYZdGEA7YlTRxRdSsPIjs4qc1LhW56Hk7tQcaG0G+gUsOmSv0YnA0k1le010rvt5Bc8OS/STapBwtlAsZFHiEFMgv0YCATeeUIazps3D46BqJYypwvCh7wgF6rRYOuNEMS7Kgg5EQBBhnS3BiuG9PmsteHP0gmdTKfs/u5fj+La0NbLeI8ckc20VIPaUsD7G5cDrGhbVER8veUKkgdm2mik/w== clever@amd-nixos
|
Loading…
Reference in New Issue
Block a user