Corrected sshfp records.

Also, though, is nixops not picking this up?
2021-10-15 13:49:11 -07:00 · 2021-10-15 13:49:11 -07:00 · 174abdf990
commit 174abdf990
parent 51546ec7fd
1 changed files with 25 additions and 16 deletions
--- a/lib/fudo/initrd-network.nix
+++ b/lib/fudo/initrd-network.nix
@ -5,8 +5,12 @@ let
  hostname = config.instance.hostname;
  initrd-cfg = config.fudo.hosts.${hostname}.initrd-network;

-  gen-sshfp-records = hostname: pubkey: let
-    pubkey-file = wirteTextFile {
+  read-lines = filename: splitString "\n" (fileContents filename);
+
+  concatLists = lsts: concatMap (i: i) lsts;
+
+  gen-sshfp-records-pkg = hostname: pubkey: let
+    pubkey-file = writeTextFile {
      name = "${hostname}-initrd-ssh-pubkey";
      text = pubkey;
    };
@ -17,13 +21,17 @@ let

    installPhase = ''
      mkdir $out
-      ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/${hostname}-initrd-ssh-pubkey.sshfp
+      ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/initrd-ssh-pubkey.sshfp
    '';
  };

+  gen-sshfp-records = hostname: pubkey: let
+    sshfp-record-pkg = gen-sshfp-records-pkg hostname pubkey;
+  in read-lines "${sshfp-record-pkg}/initrd-ssh-pubkey.sshfp";
+
 in {
-  config = mkIf (initrd-cfg != null) {
-    boot = {
+  config = {
+    boot = mkIf (initrd-cfg != null) {
      kernelParams = [
 n        "ip=${initrd-cfg.ip}"
      ];
@ -61,24 +69,25 @@ n        "ip=${initrd-cfg.ip}"
      #   })
      #   host-keys;

-      local-network = {
+      local-network = let
+        initrd-network-hosts =
+          filterAttrs
+            (hostname: hostOpts: hostOpts.initrd-network != null)
+            config.instance.local-hosts;
+      in {
        network-definition.hosts = mapAttrs'
          (hostname: hostOpts: nameValuePair "${hostname}-recovery"
            {
              ipv4-address = hostOpts.initrd-network-config.ip;
              description = "${hostname} initrd host";
            })
-          config.instance.local-hosts;
+          initrd-network-hosts;

-        extra-records =
-          mapAttrs
-            (hostname: key-pkg: let
-              sshfp-pkg =
-                gen-sshfp-records
-                  hostname hostOpts.initrd-network-config.keypair.public-key;
-              sshfps = read-lines "${sshfp-pkg}/${hostname}-initrd-ssh-pubkey.sshfp";
-            in map (sshfp: "${hostname} IN SSHFP ${sshfp}") sshfps)
-            host-keys;
+        extra-records = concatLists (mapAttrsToList
+          (hostname: hostOpts: map
+            (sshfp: "${hostname} IN SSHFP ${sshfp}")
+            (gen-sshfp-records hostname hostOpts.initrd-network.keypair.public-key))
+          initrd-network-hosts);
      };
    };
  };