1 { pkgs, lib, config, machines, ... }:
3 inherit (config.security) gnupg;
4 inherit (config.users) users;
5 initrdKey = "initrd/ssh.key";
8 systemd.services.ssh-mermet-reverse = {
9 after = [ "network-online.target" ];
10 wantedBy = [ "multi-user.target" ];
13 ExecStart = ''${pkgs.openssh}/bin/ssh -v -g -N -T \
14 -o ServerAliveInterval=10 \
15 -o ExitOnForwardFailure=yes \
16 -R *:10022:localhost:22 \
17 ${machines.mermet.extraArgs.ipv4}
24 installer.ssh-nixos.script = lib.mkBefore ''
25 # Send the SSH key of the initrd
26 gpg --decrypt '${gnupg.store}/${initrdKey}.gpg' |
27 ssh '${config.installer.ssh-nixos.target}' \
28 install -D -m 400 -o root -g root /dev/stdin /root/${initrdKey}
31 boot.initrd.network.ssh = {
33 # To prevent ssh from freaking out because a different host key is used,
34 # a different port for dropbear is useful
35 # (assuming the same host has also a normal sshd running)
37 authorizedKeys = users.root.openssh.authorizedKeys.keys;
38 hostKeys = [ "/root/${initrdKey}" ];