nix/nixos/common/modules/ssh-luks.nix
2024-02-25 13:40:56 +09:00

35 lines
1.7 KiB
Nix

{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
enable = true;
systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent";
availableKernelModules = [ "cdc_ncm" ];
network.enable = true;
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
# (Thu Dec 28 19:30:06 JST 2023) albert@framework-server
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAODamRCvyVOGmMSMXWdUzjcM2GsApizCvXEWKHiKhGk albert@framework-server''
# (Fri Dec 15 09:34:02 AM UTC 2023) albert@piaware-rpi4
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR8PCfKOTArLemqmnHom4vWJ6u8wrlpG6/gSqeYo/qD albert@piaware-rpi4''
# (Fri Dec 15 11:40:53 AM UTC 2023) albert@backups-rpi4
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNkKoS32K487JaFza9TUFwrjwe9P7SNIHbVNxhzmRcI albert@backups-rpi4''
# (Tue Jan 09 21:06:13 PM JST 2024) albert@win10-desktop
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKLHGSk3WffS/mrSeehcM4O9eBx5cp7IMNYc842xprr3 albert@win10-desktop''
# (Tue Feb 20 09:20:39 PM JST 2024) albert@nixos-framework
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMAJLaC+NJQYfrWlerUj8yMkAIofBGMOWQB4mU/ncDpz albert@nixos-framework''
];
hostKeys = [
# Generate new keys with:
# ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key
"/boot/ssh_host_rsa_key"
];
};
};
}