summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorlassulus <lassulus@lassul.us>2019-04-17 18:12:47 +0200
committerlassulus <lassulus@lassul.us>2019-04-17 18:12:47 +0200
commitff86e4a137ff28b0a3ef2279d7397aa81cea1c03 (patch)
tree7b7aad4d7e52cda9a99e9a284d773ef1b75b1916
parent631bc1c48068a3649762074178f85e3024bd1736 (diff)
l shodan.r & icarus.r: decrypt via ssh
-rw-r--r--lass/1systems/icarus/config.nix1
-rw-r--r--lass/1systems/shodan/config.nix1
-rw-r--r--lass/2configs/ssh-cryptsetup.nix17
3 files changed, 19 insertions, 0 deletions
diff --git a/lass/1systems/icarus/config.nix b/lass/1systems/icarus/config.nix
index 06b1e7366..d8c8699ae 100644
--- a/lass/1systems/icarus/config.nix
+++ b/lass/1systems/icarus/config.nix
@@ -20,6 +20,7 @@
<stockholm/lass/2configs/syncthing.nix>
<stockholm/lass/2configs/nfs-dl.nix>
<stockholm/lass/2configs/prism-share.nix>
+ <stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.icarus;
diff --git a/lass/1systems/shodan/config.nix b/lass/1systems/shodan/config.nix
index 7236d5e9f..5de87d790 100644
--- a/lass/1systems/shodan/config.nix
+++ b/lass/1systems/shodan/config.nix
@@ -16,6 +16,7 @@ with import <stockholm/lib>;
<stockholm/lass/2configs/backup.nix>
<stockholm/lass/2configs/blue-host.nix>
<stockholm/lass/2configs/green-host.nix>
+ <stockholm/lass/2configs/ssh-cryptsetup.nix>
];
krebs.build.host = config.krebs.hosts.shodan;
diff --git a/lass/2configs/ssh-cryptsetup.nix b/lass/2configs/ssh-cryptsetup.nix
new file mode 100644
index 000000000..c5e1c5928
--- /dev/null
+++ b/lass/2configs/ssh-cryptsetup.nix
@@ -0,0 +1,17 @@
+{ config, ... }:
+{
+ boot.initrd = {
+ network = {
+ enable = true;
+ ssh = {
+ enable = true;
+ authorizedKeys = with config.krebs.users; [
+ config.krebs.users.lass-mors.pubkey
+ config.krebs.users.lass-blue.pubkey
+ config.krebs.users.lass-shodan.pubkey
+ config.krebs.users.lass-icarus.pubkey
+ ];
+ };
+ };
+ };
+}