mauville: reorg and document initrd ssh key generator

2024-11-22 02:13:55 -05:00 · 2024-07-17 00:09:41 -04:00 · 2024-07-17 00:09:41 -04:00 · 1467fd3a8f
parent 5ff89ab016
commit 1467fd3a8f
1 changed files with 20 additions and 16 deletions
--- a/hosts/mauville/default.nix
+++ b/hosts/mauville/default.nix
@ -48,21 +48,6 @@ in {
    syncthingKey.file = ../../secrets/syncthing/mauville/key.age;
  };

-  system.activationScripts.gen-initrd-ssh.text = ''
-    KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key"
-
-    mkdir -p /etc/secrets/initrd
-
-    # Check if the file already exists
-    if [ -f "$KEY_PATH" ]; then
-      echo "Key already exists at $KEY_PATH. Skipping ssh-keygen."
-    else
-      # Generate the SSH key if it doesn't exist
-      ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH"
-      echo "SSH key generated at $KEY_PATH."
-    fi
-  '';
-
  boot = {
    initrd = {
      availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"];
@ -134,7 +119,26 @@ in {
  };

  environment.variables.GDK_SCALE = "1.25";
-  system.stateVersion = "24.05";
+
+  system = {
+    activationScripts.gen-initrd-ssh.text = ''
+      KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key"
+
+      mkdir -p /etc/secrets/initrd
+
+      # Check if the file already exists
+      if [ -f "$KEY_PATH" ]; then
+        echo "[initrd] ssh key exists at $KEY_PATH."
+      else
+        # Generate the SSH key if it doesn't exist
+        ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH"
+        echo "[initrd] ssh key generated at $KEY_PATH."
+      fi
+    '';
+
+    stateVersion = "24.05";
+  };
+
  zramSwap.memoryPercent = 100;

  ar = {