nix/nixos/hosts/framework-server/ssh-luks.nix

17 lines
585 B
Nix
Raw Normal View History

2023-11-25 07:24:22 +01:00
{ username, ... }: {
2023-11-25 07:17:29 +01:00
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
# ssh setup
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
authorizedKeys = [ config.users.users.albert.openssh.authorizedKeys.keyFiles ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
boot.initrd.availableKernelModules = [ "e1000e" ];
boot.kernelParams = [ "ip=dhcp" ];
}