hosts: unlock disks remotely on boot

Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot.
author: Franck Cuny <franck@fcuny.net> 2022-02-13 13:56:19 -0800
committer: Franck Cuny <franck@fcuny.net> 2022-02-13 13:56:19 -0800
commit: d401d7caaaef0689abfb0dde37d422832ef6972f (patch)
tree: 0d572386392c8681d9e826f1ca2e0cfc2d902953 /hosts/common/system/boot-ssh.nix
parent: yt-dlp: don't install unstable (diff)
download: infra-d401d7caaaef0689abfb0dde37d422832ef6972f.tar.gz
1 files changed, 21 insertions, 0 deletions
diff --git a/hosts/common/system/boot-ssh.nix b/hosts/common/system/boot-ssh.nix
new file mode 100644
index 0000000..2b865d5
--- /dev/null
+++ b/hosts/common/system/boot-ssh.nix
@@ -0,0 +1,21 @@
+{ config, lib, pkgs, ... }:
+
+{
+  boot.initrd = {
+    network = {
+      enable = true;
+      postCommands = ''
+        echo "cryptsetup-askpass; exit" > /root/.profile
+      '';
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          /etc/ssh/ssh_host_ed25519_key
+          /etc/ssh/ssh_host_rsa_key
+        ];
+        authorizedKeys = config.users.users.fcuny.openssh.authorizedKeys.keys;
+      };
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2022-02-13 13:56:19 -0800
committer	Franck Cuny <franck@fcuny.net>	2022-02-13 13:56:19 -0800
commit	d401d7caaaef0689abfb0dde37d422832ef6972f (patch)
tree	0d572386392c8681d9e826f1ca2e0cfc2d902953 /hosts/common/system/boot-ssh.nix
parent	yt-dlp: don't install unstable (diff)
download	infra-d401d7caaaef0689abfb0dde37d422832ef6972f.tar.gz