diff options
Diffstat (limited to 'hosts')
| -rw-r--r-- | hosts/carmel/default.nix | 20 | ||||
| -rw-r--r-- | hosts/common/system/boot-ssh.nix | 21 | ||||
| -rw-r--r-- | hosts/common/system/users.nix | 6 |
3 files changed, 28 insertions, 19 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index d728d6b..1413f1f 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -5,6 +5,8 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ../common/desktop + # In order to unlock the root disk remotely + ../common/system/boot-ssh.nix ]; # Use the systemd-boot EFI boot loader. @@ -13,25 +15,11 @@ boot.initrd = { luks.devices."system".allowDiscards = true; - network = { - enable = true; - postCommands = '' - echo "cryptsetup-askpass; exit" > /root/.profile - ''; - ssh = { - enable = true; - port = 2222; - hostKeys = [ - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_rsa_key - ]; - }; - }; }; - time.timeZone = "America/Los_Angeles"; + boot.kernelParams = [ "ip=dhcp" ]; - services.xserver.dpi = 168; + time.timeZone = "America/Los_Angeles"; hardware.opengl.driSupport = true; diff --git a/hosts/common/system/boot-ssh.nix b/hosts/common/system/boot-ssh.nix new file mode 100644 index 0000000..2b865d5 --- /dev/null +++ b/hosts/common/system/boot-ssh.nix @@ -0,0 +1,21 @@ +{ config, lib, pkgs, ... }: + +{ + boot.initrd = { + network = { + enable = true; + postCommands = '' + echo "cryptsetup-askpass; exit" > /root/.profile + ''; + ssh = { + enable = true; + port = 2222; + hostKeys = [ + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + ]; + authorizedKeys = config.users.users.fcuny.openssh.authorizedKeys.keys; + }; + }; + }; +} diff --git a/hosts/common/system/users.nix b/hosts/common/system/users.nix index 2b769c4..25844c2 100644 --- a/hosts/common/system/users.nix +++ b/hosts/common/system/users.nix @@ -1,6 +1,6 @@ -{ lib, pkgs, ... }: +{ config, lib, pkgs, ... }: -rec { +{ users.mutableUsers = false; users.groups.fcuny = { gid = 1000; }; @@ -20,6 +20,6 @@ rec { users.users.root = { hashedPassword = null; - openssh.authorizedKeys.keys = users.users.fcuny.openssh.authorizedKeys.keys; + openssh.authorizedKeys.keys = config.users.users.fcuny.openssh.authorizedKeys.keys; }; } |