{ ... }: { # https://nixos.wiki/wiki/Remote_LUKS_Unlocking # Unlock command: # ssh root@ "Password" boot.kernelParams = [ "ip=dhcp" ]; boot.initrd = { enable = true; systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent"; availableKernelModules = [ "cdc_ncm" ]; network.enable = true; network.ssh = { enable = true; port = 22; authorizedKeys = [ # (Thu Dec 28 19:30:06 JST 2023) albert@framework-server ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAODamRCvyVOGmMSMXWdUzjcM2GsApizCvXEWKHiKhGk albert@framework-server'' # (Fri Dec 15 09:34:02 AM UTC 2023) albert@piaware-rpi4 ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR8PCfKOTArLemqmnHom4vWJ6u8wrlpG6/gSqeYo/qD albert@piaware-rpi4'' # (Fri Dec 15 11:40:53 AM UTC 2023) albert@backups-rpi4 ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNkKoS32K487JaFza9TUFwrjwe9P7SNIHbVNxhzmRcI albert@backups-rpi4'' # (Tue Feb 20 09:20:39 PM JST 2024) albert@nixos-framework ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAJLaC+NJQYfrWlerUj8yMkAIofBGMOWQB4mU/ncDpz albert@nixos-framework'' # (Sat Apr 27 05:28:13 PM PDT 2024) albert@bakersfield-rpi4 ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJm3bTcalJgoZt7t5FqFrJl7ZYlC09ew2QWUVF6w1Iih albert@bakersfield-rpi4'' # (Sat Jul 27 12:34:43 PM JST 2024) albert@nixos-desktop ''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMrfwK60FYqUwvUwRuI3pwMnVX28aeuOvRPCMLNOi5IT albert@nixos-desktop'' ]; hostKeys = [ # CAUTION: You WANT to generate a new key. This is stored plaintext in /boot # Generate new keys with: # ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key "/boot/ssh_host_rsa_key" ]; }; }; }