nix/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Corrected sshfp records.

Browse Source 
Also, though, is nixops not picking this up?
This commit is contained in:
niten 2021-10-15 13:49:11 -07:00
parent 51546ec7fd
commit 174abdf990
1 changed files with 25 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
lib/fudo/initrd-network.nix
View File

@ -5,8 +5,12 @@ let
hostname = config.instance.hostname; hostname = config.instance.hostname;
initrd-cfg = config.fudo.hosts.${hostname}.initrd-network; initrd-cfg = config.fudo.hosts.${hostname}.initrd-network;
gen-sshfp-records = hostname: pubkey: let read-lines = filename: splitString "\n" (fileContents filename);
pubkey-file = wirteTextFile {
concatLists = lsts: concatMap (i: i) lsts;
gen-sshfp-records-pkg = hostname: pubkey: let
pubkey-file = writeTextFile {
name = "${hostname}-initrd-ssh-pubkey"; name = "${hostname}-initrd-ssh-pubkey";
text = pubkey; text = pubkey;
}; };
@ -17,13 +21,17 @@ let
installPhase = '' installPhase = ''
mkdir $out mkdir $out
ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/${hostname}-initrd-ssh-pubkey.sshfp ssh-keygen -r REMOVEME -f "${pubkey-file}" | sed 's/^REMOVEME IN SSHFP //' >> $out/initrd-ssh-pubkey.sshfp
''; '';
}; };
gen-sshfp-records = hostname: pubkey: let
sshfp-record-pkg = gen-sshfp-records-pkg hostname pubkey;
in read-lines "${sshfp-record-pkg}/initrd-ssh-pubkey.sshfp";
in { in {
config = mkIf (initrd-cfg != null) { config = {
boot = { boot = mkIf (initrd-cfg != null) {
kernelParams = [ kernelParams = [
n "ip=${initrd-cfg.ip}" n "ip=${initrd-cfg.ip}"
]; ];
@ -61,24 +69,25 @@ n "ip=${initrd-cfg.ip}"
# }) # })
# host-keys; # host-keys;
local-network = { local-network = let
initrd-network-hosts =
filterAttrs
(hostname: hostOpts: hostOpts.initrd-network != null)
config.instance.local-hosts;
in {
network-definition.hosts = mapAttrs' network-definition.hosts = mapAttrs'
(hostname: hostOpts: nameValuePair "${hostname}-recovery" (hostname: hostOpts: nameValuePair "${hostname}-recovery"
{ {
ipv4-address = hostOpts.initrd-network-config.ip; ipv4-address = hostOpts.initrd-network-config.ip;
description = "${hostname} initrd host"; description = "${hostname} initrd host";
}) })
config.instance.local-hosts; initrd-network-hosts;
extra-records = extra-records = concatLists (mapAttrsToList
mapAttrs (hostname: hostOpts: map
(hostname: key-pkg: let (sshfp: "${hostname} IN SSHFP ${sshfp}")
sshfp-pkg = (gen-sshfp-records hostname hostOpts.initrd-network.keypair.public-key))
gen-sshfp-records initrd-network-hosts);
hostname hostOpts.initrd-network-config.keypair.public-key;
sshfps = read-lines "${sshfp-pkg}/${hostname}-initrd-ssh-pubkey.sshfp";
in map (sshfp: "${hostname} IN SSHFP ${sshfp}") sshfps)
host-keys;
}; };
}; };
}; };