From 33bc06ee109b9798676f0c6e192f5000ff7fffe3 Mon Sep 17 00:00:00 2001
From: Tim Schubert <dadada@dadada.li>
Date: Sat, 17 May 2025 14:01:36 +0200
Subject: [PATCH] fix(surgat): ssh initrd unlock

---
 nixos/modules/profiles/cloud.nix               |   4 ++--
 secrets/secrets.nix                            |   1 +
 secrets/surgat-initrd-ssh_host_ed25519_key.age | Bin 0 -> 820 bytes
 3 files changed, 3 insertions(+), 2 deletions(-)
 create mode 100644 secrets/surgat-initrd-ssh_host_ed25519_key.age

diff --git a/nixos/modules/profiles/cloud.nix b/nixos/modules/profiles/cloud.nix
index 98314c7..86e2c74 100644
--- a/nixos/modules/profiles/cloud.nix
+++ b/nixos/modules/profiles/cloud.nix
@@ -1,7 +1,7 @@
 { config, lib, ... }:
 let
   secretsPath = config.dadada.secrets.path;
-  initrdHostKey = "${config.networking.hostName}-ssh_host_ed25519_key";
+  initrdHostKey = "${config.networking.hostName}-initrd-ssh_host_ed25519_key";
 in
 {
   boot.initrd.availableKernelModules = [ "virtio-pci" ];
@@ -9,7 +9,7 @@ in
     enable = true;
     ssh = {
       enable = true;
-      port = 22;
+      port = 2223;
       hostKeys = [
         config.age.secrets."${initrdHostKey}".path
       ];
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 7da57e3..d1a5265 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -21,6 +21,7 @@ in
   "miniflux-admin-credentials.age".publicKeys = [ systems.surgat dadada ];
   "gorgon-backup-passphrase-gs.age".publicKeys = [ systems.gorgon dadada ];
   "paperless.age".publicKeys = [ systems.gorgon dadada ];
+  "surgat-initrd-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
   "surgat-ssh_host_ed25519_key.age".publicKeys = [ systems.surgat dadada ];
   "ninurta-initrd-ssh-key.age".publicKeys = [ systems.ninurta dadada ];
   "ddns-credentials.age".publicKeys = [ systems.agares systems.ninurta dadada ];
diff --git a/secrets/surgat-initrd-ssh_host_ed25519_key.age b/secrets/surgat-initrd-ssh_host_ed25519_key.age
new file mode 100644
index 0000000000000000000000000000000000000000..32dbcbf2ce1b0961f179ad26bb2a5577f8e340cc
GIT binary patch
literal 820
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73iZz_C|4+tGRfCZ
z&d5sgGR!W_3CeS>Dl|^bjxsE-axG0RjLa=_3OB3DF3?X8jN~#X4lm3t^e)eL^GHt%
z@isRt&#H*hFUTq`3~<(t(zb{QGRexy^RsYvE=RY`za%>+yIjFFE!W4nFd$evIVZB%
zE4#=z(%3E2J0#U3IUuvrE3nu!Afz(I$IQgfJ(;V*JS5fMH6Xy>Fgz^F+a=e}O*_Ri
zDLmB3IbFLdBiC2IA}}H^*wMKnDjj5-j&6EUYGQG!LVk^RY!+9cW0Y}rhL1t2g=2U|
zdX#f<L3p59j!BBXk6F03Wual9ziE<wPN{xqsz+6nTbX6KsiS_RUsg$`Z&-#=zLOzW
zWmal|o3>MdPiB~zkGUt8uCA^^sG(y?QfYZensa1UWm=YgK&8HMVs@a9si8}iUx`O}
zmVvWDa8ZF_aYZE813kM3k1ORHde^><Uum*G)XzpM(q~u7)rle%r>FMMQs`M%E25m8
zrf<$7t1UjO@xAcLnVW2u?cfU+**y21(FLiW-|v39@qB*&kLfqhSh1E1Gs%Bz`t>Tr
zBP3UyThds-|5-%9#B2+F?yXNJueQsZ-Mr6&^Obhkl_gHQEJL<*MQDnse_Wr_7RS%a
z{_yj>dv|V3pD=fdd*xpqcbjvb>%V-MTE1qt!ZUfXA1i)ueREBJZlGyprG)>wX!%=W
zJGyng-?=lXOYi5d<LUy_-#CgX%~)x5K8|}4Kg-_FYw9>F9ZO&NU2D_HH3{TdTKKN5
zXun#`e);h59lSp{KE9|6e=4~7vQOC0@3U{}mj7RHOLY3bEzyZw=6l|A8wHB3nsQ0$
z#e4_e_%COpJC|6rI~>hyTxXW4737q0n5UmvcS<z-Q)a#cJA*!WDIVIjTx)5eL&nKx
zW(V$GRD6Cq*1+!1|LJ-6J}h!_d*)^RYr)ga`HrfG@3%TvPFgzstHwc*lW7*2O#!v*
zj_tX~QCO?t_TWNcS>j&j^OB~_+z$Mn$L}z(6)!BRj@;_6pb~8|)hvRk+-ikQ<q-f$
C5Kg!N

literal 0
HcmV?d00001