From d486e79e48be85a906500e82baaa82b0e281f5e0 Mon Sep 17 00:00:00 2001 From: zowoq <59103226+zowoq@users.noreply.github.com> Date: Thu, 25 Jul 2024 20:37:35 +1000 Subject: [PATCH] modules/nixos/common: add initrd emergencyAccess --- flake.nix | 1 - hosts/build02/configuration.nix | 1 - modules/nixos/common/security.nix | 3 +++ modules/nixos/emergency-access.nix | 4 ---- 4 files changed, 3 insertions(+), 6 deletions(-) delete mode 100644 modules/nixos/emergency-access.nix diff --git a/flake.nix b/flake.nix index d687498..1934b22 100644 --- a/flake.nix +++ b/flake.nix @@ -182,7 +182,6 @@ github-org-backup = ./modules/nixos/github-org-backup.nix; hercules-ci = ./modules/nixos/hercules-ci.nix; hydra = ./modules/nixos/hydra.nix; - emergency-access = ./modules/nixos/emergency-access.nix; monitoring = ./modules/nixos/monitoring; nur-update = ./modules/nixos/nur-update.nix; remote-builder = ./modules/nixos/remote-builder.nix; diff --git a/hosts/build02/configuration.nix b/hosts/build02/configuration.nix index f5a691e..5b3bf40 100644 --- a/hosts/build02/configuration.nix +++ b/hosts/build02/configuration.nix @@ -9,7 +9,6 @@ inputs.self.nixosModules.common inputs.self.nixosModules.builder inputs.self.nixosModules.disko-zfs - inputs.self.nixosModules.emergency-access ]; # set in srvos, remove when reinstalling diff --git a/modules/nixos/common/security.nix b/modules/nixos/common/security.nix index a4729ac..809e834 100644 --- a/modules/nixos/common/security.nix +++ b/modules/nixos/common/security.nix @@ -2,6 +2,9 @@ # Make sure that the firewall is enabled, even if it's the default. networking.firewall.enable = true; + # allow to access emergency shell with a password + boot.initrd.systemd.emergencyAccess = "$6$he2fblfl/H7I.kvz$WbSCMXu8ztmqfj5jG4czqvu/rkMHxufxqHgy1urzXFSN.jZB4QiW5lOjR08vk8pZTyim3TT1wFkMaNE9zZ3sc1"; + services.openssh = { hostKeys = [ { diff --git a/modules/nixos/emergency-access.nix b/modules/nixos/emergency-access.nix deleted file mode 100644 index e26e305..0000000 --- a/modules/nixos/emergency-access.nix +++ /dev/null @@ -1,4 +0,0 @@ -{ - # allow to access emergency shell with a password - boot.initrd.systemd.emergencyAccess = "$6$he2fblfl/H7I.kvz$WbSCMXu8ztmqfj5jG4czqvu/rkMHxufxqHgy1urzXFSN.jZB4QiW5lOjR08vk8pZTyim3TT1wFkMaNE9zZ3sc1"; -}