Support installing host keys in the installer

2024-11-08 17:03:07 +01:00 · 2024-11-08 17:03:07 +01:00 · 2d522f51f5
parent f04b71047c
commit 2d522f51f5
1 changed files with 21 additions and 3 deletions
--- a/installer.nix
+++ b/installer.nix
@ -4,10 +4,14 @@
  WARNING: Running this installer will format the target disk!
 */

-{ nixpkgs, ... }:
+{ nixpkgs,
+  hostKeys ? {}
+}:
 machine:

 let
+  inherit (builtins) concatStringsSep attrValues mapAttrs;
+
  installer = { config, pkgs, lib, ... }:
    let
      bootstrap = pkgs.writeShellApplication {
@ -15,8 +19,22 @@ let
        runtimeInputs = with pkgs; [ nixos-install-tools ];
        text = ''
          ${machine.config.system.build.diskoScript}
-          nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel} \
-            && poweroff
+          nixos-install --no-root-password --no-channel-copy --system ${machine.config.system.build.toplevel}
+          ${
+            concatStringsSep "\n" (
+              attrValues (
+              mapAttrs
+                (kind: keys: ''
+                   cp ${keys.private} /mnt/etc/ssh/ssh_host_${kind}_key
+                   chmod 600 /mnt/etc/ssh/ssh_host_${kind}_key
+                   cp ${keys.public} /mnt/etc/ssh/ssh_host_${kind}_key.pub
+                   chmod 644 /mnt/etc/ssh/ssh_host_${kind}_key.pub
+                 '')
+                hostKeys
+              )
+            )
+          }
+          poweroff
        '';
      };
    in