commit 3a26d09e1542494770ff2f3f571d3b0e94d21218 · pyrox.dev/nixpkgs

+17 -16

nixos/modules/system/boot/initrd-ssh.nix

···

       44
        
             description = ''

     

       45
        
               RSA SSH private key file in the Dropbear format.

     

       46
        
       

     

       47
       -
               WARNING: This key is contained insecurely in the global Nix store. Do NOT

     

       48
       -
               use your regular SSH host private keys for this purpose or you'll expose

     

       49
       -
               them to regular users!

     

       0
        
       
     

       50
        
             '';

     

       51
        
           };

     

       52
        
       

     
···

       56
        
             description = ''

     

       57
        
               DSS SSH private key file in the Dropbear format.

     

       58
        
       

     

       59
       -
               WARNING: This key is contained insecurely in the global Nix store. Do NOT

     

       60
       -
               use your regular SSH host private keys for this purpose or you'll expose

     

       61
       -
               them to regular users!

     

       0
        
       
     

       62
        
             '';

     

       63
        
           };

     

       64
        
       

     
···

       68
        
             description = ''

     

       69
        
               ECDSA SSH private key file in the Dropbear format.

     

       70
        
       

     

       71
       -
               WARNING: This key is contained insecurely in the global Nix store. Do NOT

     

       72
       -
               use your regular SSH host private keys for this purpose or you'll expose

     

       73
       -
               them to regular users!

     

       0
        
       
     

       74
        
             '';

     

       75
        
           };

     

       76
        
       

     
···

       97
        
           boot.initrd.extraUtilsCommands = ''

     

       98
        
             copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear

     

       99
        
             cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib

     

       100
       -
       

     

       101
       -
             ${optionalString (cfg.hostRSAKey != null) "install -D ${cfg.hostRSAKey} $out/etc/dropbear/dropbear_rsa_host_key"}

     

       102
       -
             ${optionalString (cfg.hostDSSKey != null) "install -D ${cfg.hostDSSKey} $out/etc/dropbear/dropbear_dss_host_key"}

     

       103
       -
             ${optionalString (cfg.hostECDSAKey != null) "install -D ${cfg.hostECDSAKey} $out/etc/dropbear/dropbear_ecdsa_host_key"}

     

       104
        
           '';

     

       105
        
       

     

       106
        
           boot.initrd.extraUtilsCommandsTest = ''

     
···

       116
        
             touch /var/log/lastlog

     

       117
        
       

     

       118
        
             mkdir -p /etc/dropbear

     

       119
       -
             ${optionalString (cfg.hostRSAKey != null) "ln -s $extraUtils/etc/dropbear/dropbear_rsa_host_key /etc/dropbear/dropbear_rsa_host_key"}

     

       120
       -
             ${optionalString (cfg.hostDSSKey != null) "ln -s $extraUtils/etc/dropbear/dropbear_dss_host_key /etc/dropbear/dropbear_dss_host_key"}

     

       121
       -
             ${optionalString (cfg.hostECDSAKey != null) "ln -s $extraUtils/etc/dropbear/dropbear_ecdsa_host_key /etc/dropbear/dropbear_ecdsa_host_key"}

     

       122
        
       

     

       123
        
             mkdir -p /root/.ssh

     

       124
        
             ${concatStrings (map (key: ''

     
···

       127
        
       

     

       128
        
             dropbear -s -j -k -E -m -p ${toString cfg.port}

     

       129
        
           '';

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       130
        
       

     

       131
        
         };

     

       132

···

       44
        
             description = ''

     

       45
        
               RSA SSH private key file in the Dropbear format.

     

       46
        
       

     

       47
       +
               WARNING: Unless your bootloader supports initrd secrets, this key is

     

       48
       +
               contained insecurely in the global Nix store. Do NOT use your regular

     

       49
       +
               SSH host private keys for this purpose or you'll expose them to

     

       50
       +
               regular users!

     

       51
        
             '';

     

       52
        
           };

     

       53
        
       

     
···

       57
        
             description = ''

     

       58
        
               DSS SSH private key file in the Dropbear format.

     

       59
        
       

     

       60
       +
               WARNING: Unless your bootloader supports initrd secrets, this key is

     

       61
       +
               contained insecurely in the global Nix store. Do NOT use your regular

     

       62
       +
               SSH host private keys for this purpose or you'll expose them to

     

       63
       +
               regular users!

     

       64
        
             '';

     

       65
        
           };

     

       66
        
       

     
···

       70
        
             description = ''

     

       71
        
               ECDSA SSH private key file in the Dropbear format.

     

       72
        
       

     

       73
       +
               WARNING: Unless your bootloader supports initrd secrets, this key is

     

       74
       +
               contained insecurely in the global Nix store. Do NOT use your regular

     

       75
       +
               SSH host private keys for this purpose or you'll expose them to

     

       76
       +
               regular users!

     

       77
        
             '';

     

       78
        
           };

     

       79
        
       

     
···

       100
        
           boot.initrd.extraUtilsCommands = ''

     

       101
        
             copy_bin_and_libs ${pkgs.dropbear}/bin/dropbear

     

       102
        
             cp -pv ${pkgs.glibc.out}/lib/libnss_files.so.* $out/lib

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       103
        
           '';

     

       104
        
       

     

       105
        
           boot.initrd.extraUtilsCommandsTest = ''

     
···

       115
        
             touch /var/log/lastlog

     

       116
        
       

     

       117
        
             mkdir -p /etc/dropbear

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       118
        
       

     

       119
        
             mkdir -p /root/.ssh

     

       120
        
             ${concatStrings (map (key: ''

     
···

       123
        
       

     

       124
        
             dropbear -s -j -k -E -m -p ${toString cfg.port}

     

       125
        
           '';

     

       126
       +
       

     

       127
       +
           boot.initrd.secrets =

     

       128
       +
            (optionalAttrs (cfg.hostRSAKey != null) { "/etc/dropbear/dropbear_rsa_host_key" = cfg.hostRSAKey; }) //

     

       129
       +
            (optionalAttrs (cfg.hostDSSKey != null) { "/etc/dropbear/dropbear_dss_host_key" = cfg.hostDSSKey; }) //

     

       130
       +
            (optionalAttrs (cfg.hostECDSAKey != null) { "/etc/dropbear/dropbear_ecdsa_host_key" = cfg.hostECDSAKey; });

     

       131
        
       

     

       132
        
         };

     

       133