getty-for-esp: init

this module provides a serial port which is exposed via an esp8266 to the network via wifi.
it essentially creates a backdoor to the serial console when the network config is b0rked again
This commit is contained in:
makefu 2020-11-24 22:13:32 +01:00
parent 41865fe25f
commit 3ed2d7d370
No known key found for this signature in database
GPG Key ID: 36F7711F3FC0F225
2 changed files with 21 additions and 2 deletions

View File

@ -1,5 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
imports = [ imports = [
./net.nix ./net.nix
@ -8,6 +7,10 @@
<stockholm/krebs/2configs/secret-passwords.nix> <stockholm/krebs/2configs/secret-passwords.nix>
<stockholm/krebs/2configs/hw/x220.nix> <stockholm/krebs/2configs/hw/x220.nix>
# see documentation in included getty-for-esp.nix:
# brain hosts/puyak/root
<stockholm/krebs/2configs/hw/getty-for-esp.nix>
## initrd unlocking ## initrd unlocking
# (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase' # (brain hosts/puyak/luks-ssd;echo) | ssh root@$(brain krebs-secrets/puyak/initrd/hostname) 'cat > /crypt-ramfs/passphrase'
@ -119,7 +122,6 @@
krebs.build.host = config.krebs.hosts.puyak; krebs.build.host = config.krebs.hosts.puyak;
sound.enable = false; sound.enable = false;
boot = { boot = {
loader.systemd-boot.enable = true; loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true; loader.efi.canTouchEfiVariables = true;

View File

@ -0,0 +1,17 @@
{
# 1. Program an esp8266 devboard (esp8266+usb-ttl) with # https://github.com/jeelabs/esp-link
# tested vesion: esp-link v3.2.47-g9c6530d
# Pin Preset: esp-bridge
# tx-enable: false
# uart-pins: normal
# 2. connect directly with usb-cable to device, check that vendorID and ProductID match
# 3. nc <esp-link-ip> 23
# Info: for puyak the root pw is `brain hosts/puyak/root`
services.udev.extraRules = ''
SUBSYSTEM=="tty", ATTRS{idVendor}=="1a86", ATTRS{idProduct}=="7523", SYMLINK+="ilo", MODE="0660"
'';
systemd.services."serial-getty@ilo".enable = true;
systemd.services."serial-getty@ilo".wantedBy = [ "multi-user.target" ];
systemd.services."serial-getty@ilo".serviceConfig.Restart = "always";
}