nix/nixos/common/modules/ssh-luks.nix

44 lines
2.2 KiB
Nix
Raw Normal View History

2024-06-25 05:23:53 +02:00
{ ... }: {
2023-12-17 12:52:40 +01:00
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
enable = true;
systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent";
2024-11-20 23:09:34 +01:00
availableKernelModules = [
"cdc_ncm" # frameworks
"e1000e" # nuc-server
];
2023-12-17 12:52:40 +01:00
network.enable = true;
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
2023-12-28 12:06:15 +01:00
# (Thu Dec 28 19:30:06 JST 2023) albert@framework-server
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAODamRCvyVOGmMSMXWdUzjcM2GsApizCvXEWKHiKhGk albert@framework-server''
2023-12-17 12:52:40 +01:00
# (Fri Dec 15 09:34:02 AM UTC 2023) albert@piaware-rpi4
2023-12-28 12:06:15 +01:00
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR8PCfKOTArLemqmnHom4vWJ6u8wrlpG6/gSqeYo/qD albert@piaware-rpi4''
2023-12-17 12:52:40 +01:00
# (Fri Dec 15 11:40:53 AM UTC 2023) albert@backups-rpi4
2023-12-28 12:06:15 +01:00
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNkKoS32K487JaFza9TUFwrjwe9P7SNIHbVNxhzmRcI albert@backups-rpi4''
2025-01-04 21:00:57 +01:00
# (Tue Feb 20 09:20:39 PM JST 2024) albert@framework13
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAJLaC+NJQYfrWlerUj8yMkAIofBGMOWQB4mU/ncDpz albert@framework13''
2024-07-08 12:16:28 +02:00
# (Sat Apr 27 05:28:13 PM PDT 2024) albert@bakersfield-rpi4
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJm3bTcalJgoZt7t5FqFrJl7ZYlC09ew2QWUVF6w1Iih albert@bakersfield-rpi4''
# (Sat Jul 27 12:34:43 PM JST 2024) albert@nixos-desktop
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrfwK60FYqUwvUwRuI3pwMnVX28aeuOvRPCMLNOi5IT albert@nixos-desktop''
2025-01-11 00:35:44 +01:00
# (Fri Jan 10 07:17:36 PM UTC 2025) albert@framework16
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINfcao5UIv+g0MC6kY0ftP94xROKRoqqdTy7/2jRIMbS albert@framework16''
2023-12-17 12:52:40 +01:00
];
hostKeys = [
2024-06-25 05:23:53 +02:00
# CAUTION: You WANT to generate a new key. This is stored plaintext in /boot
2024-07-28 02:14:59 +02:00
# Generate new keys with:
2023-12-17 12:52:40 +01:00
# ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key
"/boot/ssh_host_rsa_key"
];
};
};
2024-02-25 05:40:56 +01:00
}