From ea1df1e9f49ead7e7a3627029484eaf0c34d27f3 Mon Sep 17 00:00:00 2001 From: Michael Hoang Date: Mon, 7 Jul 2025 14:07:40 +1000 Subject: [PATCH] treewide: don't generate SSH keys with builder hostname --- clanModules/borgbackup/roles/client.nix | 2 +- clanModules/sshd/roles/server.nix | 4 ++-- clanModules/sshd/shared.nix | 2 +- clanServices/borgbackup/default.nix | 2 +- clanServices/sshd/default.nix | 8 ++++---- docs/site/guides/disk-encryption.md | 4 ++-- 6 files changed, 11 insertions(+), 11 deletions(-) diff --git a/clanModules/borgbackup/roles/client.nix b/clanModules/borgbackup/roles/client.nix index e2cb8e591..1887fb902 100644 --- a/clanModules/borgbackup/roles/client.nix +++ b/clanModules/borgbackup/roles/client.nix @@ -196,7 +196,7 @@ in pkgs.xkcdpass ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/borgbackup.ssh + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/borgbackup.ssh xkcdpass -n 4 -d - > "$out"/borgbackup.repokey ''; }; diff --git a/clanModules/sshd/roles/server.nix b/clanModules/sshd/roles/server.nix index 8aa4d45f8..bfc6b1bb9 100644 --- a/clanModules/sshd/roles/server.nix +++ b/clanModules/sshd/roles/server.nix @@ -54,7 +54,7 @@ in pkgs.openssh ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519 + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/ssh.id_ed25519 ''; }; @@ -74,7 +74,7 @@ in pkgs.openssh ]; script = '' - ssh-keygen -t rsa -b 4096 -N "" -f "$out"/ssh.id_rsa + ssh-keygen -t rsa -b 4096 -N "" -C "" -f "$out"/ssh.id_rsa ''; }; diff --git a/clanModules/sshd/shared.nix b/clanModules/sshd/shared.nix index 298b6f9ab..439495f8f 100644 --- a/clanModules/sshd/shared.nix +++ b/clanModules/sshd/shared.nix @@ -36,7 +36,7 @@ pkgs.openssh ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/id_ed25519 + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/id_ed25519 ''; }; diff --git a/clanServices/borgbackup/default.nix b/clanServices/borgbackup/default.nix index b292a0bdb..41bac47e6 100644 --- a/clanServices/borgbackup/default.nix +++ b/clanServices/borgbackup/default.nix @@ -256,7 +256,7 @@ pkgs.xkcdpass ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/borgbackup.ssh + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/borgbackup.ssh xkcdpass -n 4 -d - > "$out"/borgbackup.repokey ''; }; diff --git a/clanServices/sshd/default.nix b/clanServices/sshd/default.nix index b4799b917..799358969 100644 --- a/clanServices/sshd/default.nix +++ b/clanServices/sshd/default.nix @@ -49,7 +49,7 @@ pkgs.openssh ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/id_ed25519 + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/id_ed25519 ''; }; @@ -109,7 +109,7 @@ pkgs.openssh ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/id_ed25519 + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/id_ed25519 ''; }; @@ -151,7 +151,7 @@ pkgs.openssh ]; script = '' - ssh-keygen -t rsa -b 4096 -N "" -f "$out"/ssh.id_rsa + ssh-keygen -t rsa -b 4096 -N "" -C "" -f "$out"/ssh.id_rsa ''; }; @@ -164,7 +164,7 @@ pkgs.openssh ]; script = '' - ssh-keygen -t ed25519 -N "" -f "$out"/ssh.id_ed25519 + ssh-keygen -t ed25519 -N "" -C "" -f "$out"/ssh.id_ed25519 ''; }; }; diff --git a/docs/site/guides/disk-encryption.md b/docs/site/guides/disk-encryption.md index e38c4ae13..190101fa2 100644 --- a/docs/site/guides/disk-encryption.md +++ b/docs/site/guides/disk-encryption.md @@ -122,8 +122,8 @@ CTRL+D 4. Locally generate ssh host keys. You only need to generate ones for the algorithms you're using in `authorizedKeys`. ```bash -ssh-keygen -q -N "" -t ed25519 -f ./initrd_host_ed25519_key -ssh-keygen -q -N "" -t rsa -b 4096 -f ./initrd_host_rsa_key +ssh-keygen -q -N "" -C "" -t ed25519 -f ./initrd_host_ed25519_key +ssh-keygen -q -N "" -C "" -t rsa -b 4096 -f ./initrd_host_rsa_key ``` 5. Securely copy your local initrd ssh host keys to the installer's `/mnt` directory: