3 networking.nftables.ruleset = ''
6 tcp dport 10022 counter accept comment "SSH (reverse to losurdo)"
12 gatewayPorts = "clientspecified";
15 systemd.services.sshd.serviceConfig.LoadCredentialEncrypted = [
16 "host.key:${ssh/host.key.cred}"
19 boot.initrd.network.ssh = {
21 # To prevent ssh from freaking out because a different host key is used,
22 # a different port for dropbear is useful
23 # (assuming the same host has also a normal sshd running)
25 authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
26 hostKeys = [ "/root/initrd/ssh.key" ];
28 boot.initrd.network = {
30 # This will automatically load the zfs password prompt on login
31 # and kill the other prompt so boot can continue
32 # The pkill zfs kills the zfs load-key from the console
33 # allowing the boot to continue.
35 echo >>/root/.profile "zfs load-key rpool && pkill zfs"