hosts: unlock disks remotely on boot

Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot.
author: Franck Cuny <franck@fcuny.net> 2022-02-13 13:56:19 -0800
committer: Franck Cuny <franck@fcuny.net> 2022-02-13 13:56:19 -0800
commit: d401d7caaaef0689abfb0dde37d422832ef6972f (patch)
tree: 0d572386392c8681d9e826f1ca2e0cfc2d902953 /hosts/carmel/default.nix
parent: yt-dlp: don't install unstable (diff)
download: infra-d401d7caaaef0689abfb0dde37d422832ef6972f.tar.gz
1 files changed, 4 insertions, 16 deletions
diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index d728d6b..1413f1f 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -5,6 +5,8 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ../common/desktop
+      # In order to unlock the root disk remotely
+      ../common/system/boot-ssh.nix
     ];
 
   # Use the systemd-boot EFI boot loader.
@@ -13,25 +15,11 @@
 
   boot.initrd = {
     luks.devices."system".allowDiscards = true;
-    network = {
-      enable = true;
-      postCommands = ''
-        echo "cryptsetup-askpass; exit" > /root/.profile
-      '';
-      ssh = {
-        enable = true;
-        port = 2222;
-        hostKeys = [
-          /etc/ssh/ssh_host_ed25519_key
-          /etc/ssh/ssh_host_rsa_key
-        ];
-      };
-    };
   };
 
-  time.timeZone = "America/Los_Angeles";
+  boot.kernelParams = [ "ip=dhcp" ];
 
-  services.xserver.dpi = 168;
+  time.timeZone = "America/Los_Angeles";
 
   hardware.opengl.driSupport = true;
author	Franck Cuny <franck@fcuny.net>	2022-02-13 13:56:19 -0800
committer	Franck Cuny <franck@fcuny.net>	2022-02-13 13:56:19 -0800
commit	d401d7caaaef0689abfb0dde37d422832ef6972f (patch)
tree	0d572386392c8681d9e826f1ca2e0cfc2d902953 /hosts/carmel/default.nix
parent	yt-dlp: don't install unstable (diff)
download	infra-d401d7caaaef0689abfb0dde37d422832ef6972f.tar.gz