nix/nixos/hosts/framework-server/ssh-luks.nix
2023-11-25 15:35:20 +09:00

17 lines
No EOL
639 B
Nix

{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
# ssh setup
boot.initrd.network.enable = true;
boot.initrd.network.ssh = {
enable = true;
port = 22;
shell = "/bin/cryptsetup-askpass";
authorizedKeys = [ config.users.users.${username}.openssh.authorizedKeys.keyFiles ];
hostKeys = [ "/etc/secrets/initrd/ssh_host_rsa_key" "/etc/secrets/initrd/ssh_host_ed25519_key" ];
};
boot.initrd.availableKernelModules = [ "e1000e" ];
boot.kernelParams = [ "ip=dhcp" ];
}