nix/nixos/common/modules/ssh-luks.nix

45 lines
No EOL
3.8 KiB
Nix

{ inputs, config, lib, pkgs, modulesPath, desktop, username, ... }: {
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking
# Unlock command:
# ssh root@<Local_IP_Address> "Password"
boot.kernelParams = [ "ip=dhcp" ];
boot.initrd = {
enable = true;
systemd.users.root.shell = "/bin/systemd-tty-ask-password-agent";
availableKernelModules = [ "cdc_ncm" ];
network.enable = true;
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [
# albert@nixos-framework
''ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDI7fJtiVPMYN2xJVdr84r1Vrquvo0abJQKtt1NO/F0umyCRvGBaim33KrgyWi8fFCqV6/26JNXx8TdJ6ekczuolxE6/LGIngJ4KUFrAaU9QDdcC7dkDGGUbsGXBNKcvy1uI2dJPqEA1+VotjwTs00Xa6nl9d5VH3yMo2Qgn3HoZvZKbBj2H+06ZJaFckLp7GT7OoPWOE50VxgH8tUsQOlgt/ZaFx7klI7EJLus7lo8gLsQeZPJVT9DXFDUJwwbUeUA/BwnRVPMTF1YrhKat/mvl7iApjNYojxClcEArj2e/hqV7EQrDv8wuW7ocb1HW/r2RLtytP27wJNc9RkrFL4mhvsRbFX2XmhbCoyCS4a1fZyxBqSS7jPbG8IBiAaMi9R45b1Jg4zE+960BKKpcrKJoU5+JHX23XJM4+1Mz9aCL2elSed5KeQDjCGdiYRL7NaqXzVK1qjgPbNsdEoL2VYuz8lT1yAtAEh7O+zFf/Argj5qaTlcRfSvKSYT3/rIj75MBLu3XKrcxBAl+2GE0WW8Wsk04XPiyR3dvAhpbLlkpQFCzsJvkAAwJr6Nh3ihY9bwBgLX8zY8ry+gkSMEsa5coazINkvJLtlLWOGt3Z5wkRIWXIrWDpGyLQCOKgUekUVIvYqJDYYuYMk/DJUJQ2OOtZMSHjXd/ajAGfRRU6hQoYopJIAPVBsZNAmQkVz1ijqX9L/B3LkPUTB3q4rxveTFFxdwFIv/QZp3Q258Sl/zfki1QPH+11Eezr2mmMLMc/AzPBONRb3T7/fv8aLXWBoI20az0lb+xCJFBkH4iVKWxAdpBD2Ou/Bc8QiEtPD5g59/bVkWnLcx03TrSL1UChcV7BIlBO0/CEcul9DZEPFaZvyAuSypIT7+Te1DSUqPugtFPdx9vnlXcar5JUfsTTgiJkHxWhidpxv36CBiwnCeAEhUhF/O2je8HCg9vkn9/WLu05X8xBFtQto5mH0SR/wAlz6iUEjQ4JvZMOsQnKnQxGRimmsAU2vM4YwO8u3xnJzs1ClJaWwkOwoHR9voBoY1Atzr/LI7o4R1mAw+HX7FtOqSnbeiD5Zv7OTNcP1RFp5rCCHoryp6WA4biVKZc7hrwDNb8jsym67Ji7Xy0VebZ9+/KOEcZMqgW94zqBlLPjL8VjwPRMdcq0yynho0TME84ODlY4Qfj6bIGcaQ+DEIVirwiomHKlWwX9kG/p4d1NByr4gM1kQ2UFGIgiXFcd56cf5mxR+0y9MhX4Wt2TRqqiwo5lEJz+ftikm3eFvCI5R9/nyVe5PPNz/UIuHjeiQ25b+eU1rt/jxQskqZsqUc8yBvfj67yIp+w3m1LHUfzXTjcPbJaNU68TgH1dComy8P albert@nixos-framework''
# albert@nixos-vm-01
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIFnjCBEWaHzD1OVwT0rtwh91Hb4iAdgkYnE4MKKANgE0 albert@nixos-vm-01''
# (Thu Dec 28 19:30:06 JST 2023) albert@framework-server
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAODamRCvyVOGmMSMXWdUzjcM2GsApizCvXEWKHiKhGk albert@framework-server''
# (Thu Dec 28 19:34:47 JST 2023) albert@osaka-linode-01
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEsl8Z0jXAboCBdAtWDkssHI3M3lHSPaM4uUgxzBJI41 albert@osaka-linode-01''
# (Fri Dec 15 09:34:02 AM UTC 2023) forgejo-runner
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJJE7z4JlohTe2TfB5ovsDWMT+M+V9AyQ6dXNelX6oGU forgejo-runner''
# (Fri Dec 15 09:34:02 AM UTC 2023) albert@piaware-rpi4
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINR8PCfKOTArLemqmnHom4vWJ6u8wrlpG6/gSqeYo/qD albert@piaware-rpi4''
# (Fri Dec 15 11:40:53 AM UTC 2023) albert@backups-rpi4
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGNkKoS32K487JaFza9TUFwrjwe9P7SNIHbVNxhzmRcI albert@backups-rpi4''
# (Tue Dec 26 10:33:58 AM UTC 2023) abc@rdesktop
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKa86iTPkRDwga4/T3XdyWfu5xH8oL/AWWWozz3rUyuA abc@rdesktop''
# (Thu Dec 28 10:56:22 AM UTC 2023) pixel-5
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIP7HMCutPvexUsbjAzpd0ZOsmVtg80MOaGnCOv+I3UBf pixel-5''
# (Sun Dec 31 10:35:10 PM JST 2023) albert@nixos-desktop
''ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIByqVpUx8mw0bs+q04xL5+UC7Mwqu9nKVFIsxTi2nWti albert@nixos-desktop''
];
hostKeys = [
# Generate new keys with:
# ssh-keygen -t rsa -N "" -f /boot/ssh_host_rsa_key
"/boot/ssh_host_rsa_key"
];
};
};
}