chore: remove openssh for now

2024-11-17 20:45:09 +01:00 · 2024-11-17 20:45:09 +01:00 · fa55edf0de
commit fa55edf0de
parent 902c3eddf3
9 changed files with 0 additions and 111 deletions
--- a/modules/image/builder.nix
+++ b/modules/image/builder.nix
@ -76,9 +76,6 @@ let
      contents = {
        "/EFI/BOOT/BOOT${lib.toUpper efiArch}.EFI".source = "${pkgs.systemdUkify}/lib/systemd/boot/efi/systemd-boot${efiArch}.efi";
        "/EFI/Linux/${config.system.boot.loader.ukiFile}".source = "${config.system.build.uki}/${config.system.boot.loader.ukiFile}";
-        "/default-ssh-authorized-keys.txt" = lib.mkIf config.system.image.sshKeys.enable {
-          source = pkgs.writeText "ssh-keys" (lib.concatStringsSep "\n" config.system.image.sshKeys.keys);
-        };
      };
      repartConfig = {
        Type = "esp";
--- a/modules/image/default.nix
+++ b/modules/image/default.nix
@ -8,7 +8,6 @@

  imports = [
    ./updater.nix
-    ./ssh.nix
    ./builder.nix
    ./veritysetup.nix
  ];
@ -127,14 +126,6 @@
    "nls_iso8859-1"
  ];

-  # Store SSH host keys on /var/lib/ssh since /etc is read-only
-  services.openssh.hostKeys = [
-    {
-      path = "/var/lib/ssh/ssh_host_ed25519_key";
-      type = "ed25519";
-    }
-  ];
-
  environment.etc."machine-id" = {
    text = "";
    mode = "0755";
--- a/modules/image/ssh.nix
+++ b/modules/image/ssh.nix
@ -1,40 +0,0 @@
-{ config, lib, ... }:
-{
-  options.system.image.sshKeys = {
-    enable = lib.mkEnableOption "provisioning of default SSH keys from ESP";
-    keys = lib.mkOption {
-      type = lib.types.listOf lib.types.singleLineStr;
-      default = [ ];
-    };
-  };
-
-  config = lib.mkIf config.system.image.sshKeys.enable {
-
-    assertions = [
-      {
-        assertion = config.services.openssh.enable;
-        message = "OpenSSH must be enabled to preseed authorized keys";
-      }
-    ];
-
-    systemd.services."default-ssh-keys" = {
-      script = ''
-        mkdir -p /var/home/admin/.ssh/
-        cat /efi/default-ssh-authorized-keys.txt >> /var/home/admin/.ssh/authorized_keys
-      '';
-      wantedBy = [
-        "sshd.service"
-        "sshd.socket"
-      ];
-      unitConfig = {
-        ConditionPathExists = [
-          "/var/home/admin"
-          "!/var/home/admin/.ssh/authorized_keys"
-          "/efi/default-ssh-authorized-keys.txt"
-        ];
-      };
-    };
-
-  };
-
-}