From 1467fd3a8f46d985eb7df0c52de006b7461a0bf4 Mon Sep 17 00:00:00 2001 From: Aly Raffauf Date: Wed, 17 Jul 2024 00:09:41 -0400 Subject: [PATCH] mauville: reorg and document initrd ssh key generator --- hosts/mauville/default.nix | 36 ++++++++++++++++++++---------------- 1 file changed, 20 insertions(+), 16 deletions(-) diff --git a/hosts/mauville/default.nix b/hosts/mauville/default.nix index fd36bdeb..7afdc3c5 100644 --- a/hosts/mauville/default.nix +++ b/hosts/mauville/default.nix @@ -48,21 +48,6 @@ in { syncthingKey.file = ../../secrets/syncthing/mauville/key.age; }; - system.activationScripts.gen-initrd-ssh.text = '' - KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key" - - mkdir -p /etc/secrets/initrd - - # Check if the file already exists - if [ -f "$KEY_PATH" ]; then - echo "Key already exists at $KEY_PATH. Skipping ssh-keygen." - else - # Generate the SSH key if it doesn't exist - ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH" - echo "SSH key generated at $KEY_PATH." - fi - ''; - boot = { initrd = { availableKernelModules = ["xhci_pci" "ahci" "nvme" "usbhid" "sd_mod" "r8169"]; @@ -134,7 +119,26 @@ in { }; environment.variables.GDK_SCALE = "1.25"; - system.stateVersion = "24.05"; + + system = { + activationScripts.gen-initrd-ssh.text = '' + KEY_PATH="/etc/secrets/initrd/ssh_host_ed25519_key" + + mkdir -p /etc/secrets/initrd + + # Check if the file already exists + if [ -f "$KEY_PATH" ]; then + echo "[initrd] ssh key exists at $KEY_PATH." + else + # Generate the SSH key if it doesn't exist + ${pkgs.openssh}/bin/ssh-keygen -t ed25519 -N "" -f "$KEY_PATH" + echo "[initrd] ssh key generated at $KEY_PATH." + fi + ''; + + stateVersion = "24.05"; + }; + zramSwap.memoryPercent = 100; ar = {