hosts: decrypt root disk via ssh on boot

3 files changed, 27 insertions, 0 deletions

diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index 9abd61a..bdc43f5 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -11,10 +11,31 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  boot.initrd = {
+    luks.devices."system".allowDiscards = true;
+    network = {
+      enable = true;
+      postCommands = ''
+        echo "cryptsetup-askpass; exit" > /root/.profile
+      '';
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          /etc/ssh/ssh_host_ed25519_key
+          /etc/ssh/ssh_host_rsa_key
+        ];
+        authorizedKeys = users.users.fcuny.openssh.authorizedKeys.keys;
+      };
+    };
+  };
+
   time.timeZone = "America/Los_Angeles";
 
   services.xserver.dpi = 168;
 
+  hardware.opengl.driSupport = true;
+
   # Use systemd-networkd for networking
   systemd.network = {
     enable = true;
diff --git a/hosts/common/system/default.nix b/hosts/common/system/default.nix
index 64cb51b..8e7def5 100644
--- a/hosts/common/system/default.nix
+++ b/hosts/common/system/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./boot.nix
+    ./hardware.nix
     ./motd.nix
     ./network.nix
     ./nix.nix
diff --git a/hosts/common/system/hardware.nix b/hosts/common/system/hardware.nix
new file mode 100644
index 0000000..030b358
--- /dev/null
+++ b/hosts/common/system/hardware.nix
@@ -0,0 +1,5 @@
+{ pkgs, lib, config, ... }:
+
+{
+  services.fwupd.enable = true;
+}