From 174abdf990df4d85aba00b8cf4af9d6a4652a9cb Mon Sep 17 00:00:00 2001
From: niten <niten@fudo.org>
Date: Fri, 15 Oct 2021 13:49:11 -0700
Subject: [PATCH] Corrected sshfp records.

Also, though, is nixops not picking this up?
---
 lib/fudo/initrd-network.nix | 41 ++++++++++++++++++++++---------------
 1 file changed, 25 insertions(+), 16 deletions(-)

diff --git a/lib/fudo/initrd-network.nix b/lib/fudo/initrd-network.nix
index 457b675..657f68e 100644
--- a/lib/fudo/initrd-network.nix
+++ b/lib/fudo/initrd-network.nix
@@ -5,8 +5,12 @@ let
   hostname = config.instance.hostname;
   initrd-cfg = config.fudo.hosts.${hostname}.initrd-network;
 
-  gen-sshfp-records = hostname: pubkey: let
-    pubkey-file = wirteTextFile {
+  read-lines = filename: splitString "\n" (fileContents filename);
+
+  concatLists = lsts: concatMap (i: i) lsts;
+
+  gen-sshfp-records-pkg = hostname: pubkey: let
+    pubkey-file = writeTextFile {
       name = "${hostname}-initrd-ssh-pubkey";
       text = pubkey;
     };
@@ -17,13 +21,17 @@ let
 
     installPhase = ''
       mkdir $out
-      ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/${hostname}-initrd-ssh-pubkey.sshfp
+      ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/initrd-ssh-pubkey.sshfp
     '';
   };
 
+  gen-sshfp-records = hostname: pubkey: let
+    sshfp-record-pkg = gen-sshfp-records-pkg hostname pubkey;
+  in read-lines "${sshfp-record-pkg}/initrd-ssh-pubkey.sshfp";
+
 in {
-  config = mkIf (initrd-cfg != null) {
-    boot = {
+  config = {
+    boot = mkIf (initrd-cfg != null) {
       kernelParams = [
 n        "ip=${initrd-cfg.ip}"
       ];
@@ -61,24 +69,25 @@ n        "ip=${initrd-cfg.ip}"
       #   })
       #   host-keys;
 
-      local-network = {
+      local-network = let
+        initrd-network-hosts =
+          filterAttrs
+            (hostname: hostOpts: hostOpts.initrd-network != null)
+            config.instance.local-hosts;
+      in {
         network-definition.hosts = mapAttrs'
           (hostname: hostOpts: nameValuePair "${hostname}-recovery"
             {
               ipv4-address = hostOpts.initrd-network-config.ip;
               description = "${hostname} initrd host";
             })
-          config.instance.local-hosts;
+          initrd-network-hosts;
 
-        extra-records =
-          mapAttrs
-            (hostname: key-pkg: let
-              sshfp-pkg =
-                gen-sshfp-records
-                  hostname hostOpts.initrd-network-config.keypair.public-key;
-              sshfps = read-lines "${sshfp-pkg}/${hostname}-initrd-ssh-pubkey.sshfp";
-            in map (sshfp: "${hostname} IN SSHFP ${sshfp}") sshfps)
-            host-keys;
+        extra-records = concatLists (mapAttrsToList
+          (hostname: hostOpts: map
+            (sshfp: "${hostname} IN SSHFP ${sshfp}")
+            (gen-sshfp-records hostname hostOpts.initrd-network.keypair.public-key))
+          initrd-network-hosts);
       };
     };
   };