move remote-unlock as a profile

author: Franck Cuny <franck@fcuny.net> 2025-10-24 11:11:11 -0700
committer: Franck Cuny <franck@fcuny.net> 2025-10-24 11:12:49 -0700
commit: d9f0414b29c048b10699a3d725e5b7770bbbd242 (patch)
tree: 7b324dc31ef4b5d4c66547ab49ba9c535ecef120 /profiles/remote-unlock.nix
parent: configure rivendell to be an exit node for tailscale (diff)
download: infra-d9f0414b29c048b10699a3d725e5b7770bbbd242.tar.gz
1 files changed, 22 insertions, 0 deletions
diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix
new file mode 100644
index 0000000..b0e3fe8
--- /dev/null
+++ b/profiles/remote-unlock.nix
@@ -0,0 +1,22 @@
+{ ... }:
+{
+  boot.kernelParams = [
+    "ip=dhcp"
+  ];
+
+  boot.initrd.network = {
+    enable = true;
+    postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
+    flushBeforeStage2 = true;
+    ssh = {
+      enable = true;
+      port = 911;
+      hostKeys = [
+        "/etc/initrd/ssh_host_ed25519_key"
+      ];
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      ];
+    };
+  };
+}
author	Franck Cuny <franck@fcuny.net>	2025-10-24 11:11:11 -0700
committer	Franck Cuny <franck@fcuny.net>	2025-10-24 11:12:49 -0700
commit	d9f0414b29c048b10699a3d725e5b7770bbbd242 (patch)
tree	7b324dc31ef4b5d4c66547ab49ba9c535ecef120 /profiles/remote-unlock.nix
parent	configure rivendell to be an exit node for tailscale (diff)
download	infra-d9f0414b29c048b10699a3d725e5b7770bbbd242.tar.gz