hosts/mermet/networking/ssh.nix

   1 { pkgs, lib, config, ... }:
   2 {
   3 networking.nftables.ruleset = ''
   4   add rule inet filter net2fw tcp dport 10022 counter accept comment "SSH (reverse to losurdo)"
   5 '';
   6 services.openssh = {
   7   gatewayPorts = "clientspecified";
   8   openFirewall = true;
   9 };
  10 boot.initrd.network.ssh = {
  11   enable = true;
  12   # To prevent ssh from freaking out because a different host key is used,
  13   # a different port for dropbear is useful
  14   # (assuming the same host has also a normal sshd running)
  15   port = 2222;
  16   authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
  17   hostKeys = [ "/root/initrd/ssh.key" ];
  18 };
  19 boot.initrd.network = {
  20   enable = true;
  21   # This will automatically load the zfs password prompt on login
  22   # and kill the other prompt so boot can continue
  23   # The pkill zfs kills the zfs load-key from the console
  24   # allowing the boot to continue.
  25   postCommands = ''
  26     echo >>/root/.profile "zfs load-key rpool && pkill zfs"
  27   '';
  28 };
  29 }