nix/nixos/hosts/framework-server/ssh-luks.nix
2023-11-26 21:28:17 +09:00

20 lines
No EOL
1.2 KiB
Nix

{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
# ssh setup
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
secrets = { "/boot/ssh_host_rsa_key" = "/boot/ssh_host_rsa_key"; };
availableKernelModules = [ "cdc_ncm" ];
systemd.users.root.shell = "/bin/cryptsetup-askpass";
network.enable = true;
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [ "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDRglopgF7AZxQ/5utdVX+SsZV2Bg5La52mJcoS2EDliDg45NrEvkHTA8BXuGkZmDWj4nNgtfZv0glXEPSNN2tZPbn7OuHJB+jhA6qNMNh1t77EPgNVozhLigeFcC+tjyiNeww7GqaxlQcS3aDU6SdxPoBnZ2RMWYyYlXjEZtwWK8QrSWeuqGCaEPV/vfcBwUALS8m6kk6uLYnXkk6VcnXusuZMc6f9qbApRIXtVbP0MgzIrhk7L60UUg2ceMfuhHF4h9NwtJahpg0veIXSAxcGOY9JZaJdBIntsIj8qkG1UjGPRQjUEWQtVv1w6QS6wc08DhATOMdh4LwncVeLDceN3AqFAvR7ysoCQp0CN9ejNmvXY0oOb5f9l0TRHT9jSscD38EobIQzZ+P8fcwQeHav8ikMqzdpds3xfA5LlNZ1xTZqKxR2PXdzy7GYBhwT+T+EaHsw7MCT7dl/YKYlcAX3JejtUdDy62oClaEwg/izfzfjTq9xHGdudjW8kOIvup8= albert j. copeland@DESKTOP-1SJQ70F" ];
hostKeys = [ "/boot/ssh_host_rsa_key" ];
};
};
}