1
1
mirror of https://github.com/NixOS/mobile-nixos.git synced 2024-12-15 02:43:24 +03:00
mobile-nixos/modules/initrd-ssh.nix

64 lines
1.7 KiB
Nix
Raw Normal View History

{ config, lib, pkgs, ... }:
with lib;
let
device_name = config.mobile.device.name;
cfg = config.mobile.boot.stage-1.ssh;
2020-01-13 08:46:58 +03:00
banner = pkgs.writeText "${device_name}-banner" ''
From a mobile-nixos device ${device_name}
'';
in
{
options.mobile.boot.stage-1.ssh = {
enable = mkOption {
type = types.bool;
2018-07-08 03:22:39 +03:00
default = false;
description = ''
Enables ssh during stage-1.
**CURRENT CONFIGURATION ALSO OPENS ACCESS TO ALL WITHOUT A PASSWORD NOR SSH KEY.**
'';
};
};
config.mobile.boot.stage-1 = lib.mkIf cfg.enable {
2020-01-13 08:46:58 +03:00
tasks = [
# Oh boy, that's insecure! (As documented.)
(pkgs.writeText "insecure-root-password-task.rb" ''
class Tasks::InsecureRootPassword < SingletonTask
def initialize()
add_dependency(:Target, :Environment)
end
def run()
# Puts a blank password for the root user.
System.run("passwd", "-d", "root")
end
end
'')
(pkgs.writeText "dropbear-sshd-task.rb" ''
class Tasks::DropbearSSHD < SingletonTask
def initialize()
add_dependency(:Target, :Networking)
Targets[:SwitchRoot].add_dependency(:Task, self)
end
def run()
FileUtils.mkdir_p("/etc/dropbear")
# THIS IS HIGHLY INSECURE
# This allows blank login passwords.
System.spawn("dropbear", "-ERB", "-b", "/etc/banner")
end
end
'')
];
contents = [
{ object = banner; symlink = "/etc/banner"; }
];
extraUtils = with pkgs; [
2018-07-08 03:22:39 +03:00
{ package = dropbear; extraCommand = "cp -fpv ${glibc.out}/lib/libnss_files.so.* $out/lib"; }
];
};
}