hosts/mermet/networking/ssh.nix

   1 { pkgs, lib, config, ... }:
   2 {
   3 networking.nftables.ruleset = ''
   4   add rule inet filter net2fw tcp dport 10022 counter accept comment "SSH (reverse to losurdo)"
   5 '';
   6 services.openssh.gatewayPorts = "clientspecified";
   7 boot.initrd.network.ssh = {
   8   enable = true;
   9   # To prevent ssh from freaking out because a different host key is used,
  10   # a different port for dropbear is useful
  11   # (assuming the same host has also a normal sshd running)
  12   port = 2222;
  13   authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
  14   hostKeys = [ "/root/initrd/ssh.key" ];
  15 };
  16 boot.initrd.network = {
  17   enable = true;
  18   # This will automatically load the zfs password prompt on login
  19   # and kill the other prompt so boot can continue
  20   # The pkill zfs kills the zfs load-key from the console
  21   # allowing the boot to continue.
  22   postCommands = ''
  23     echo >>/root/.profile "zfs load-key rpool && pkill zfs"
  24   '';
  25 };
  26 }