17 lines
No EOL
590 B
Nix
17 lines
No EOL
590 B
Nix
{ username, ... }: {
|
|
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
|
|
# Unlock command:
|
|
# ssh root@<Local_IP_Address> "Password"
|
|
|
|
# ssh setup
|
|
boot.initrd.network.enable = true;
|
|
boot.initrd.network.ssh = {
|
|
enable = true;
|
|
port = 22;
|
|
shell = "/bin/cryptsetup-askpass";
|
|
authorizedKeys = [ config.users.users.${username}.openssh.authorizedKeys.keyFiles ];
|
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
|
};
|
|
boot.initrd.availableKernelModules = [ "e1000e" ];
|
|
boot.kernelParams = [ "ip=dhcp" ];
|
|
} |