sivizius/nixfiles
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
nixfiles/profiles/hetznerCloudServer/hardware/network.nix
Sebastian Walz 860d31cee1
Tohu vaBohu
2023-04-21 00:22:52 +02:00

54 lines
1.5 KiB
Nix
Raw Blame History

{ core, network, users, ... }:
let
inherit(core) set;
in
{
boot.initrd.network
= {
enable = true;
postCommands
= ''
echo 'cryptsetup-askpass' >> /root/.profile
'';
ssh
= {
# TODO: We might not trust every user.
authorizedKeys
= set.foldValues
(
authorizedKeys:
{ trusted, user, ... }:
if trusted
then
authorizedKeys ++ (user.keys.${network.hostName} or [])
else
authorizedKeys
)
[]
users;
enable = true;
# List of Paths to Private Keys as Strings.
hostKeys = [ "/etc/initrdSecret.ssh" ];
port = network.tcp.ports.initrd.ssh;
};
};
networking
= {
defaultGateway6
= {
address = "fe80::1";
interface = "ens3";
};
};
security.acme
= {
acceptTerms = true;
defaults
= {
email = "cert@${network.domain}";
};
};
}
Reference in New Issue View Git Blame Copy Permalink