diff options
| -rw-r--r-- | machines/nixos/x86_64-linux/rivendell.nix | 6 | ||||
| -rw-r--r-- | modules/nixos/default.nix | 1 | ||||
| -rw-r--r-- | modules/nixos/remote-unlock.nix | 31 | ||||
| -rw-r--r-- | profiles/remote-unlock.nix | 22 |
4 files changed, 25 insertions, 35 deletions
diff --git a/machines/nixos/x86_64-linux/rivendell.nix b/machines/nixos/x86_64-linux/rivendell.nix index 271da7f..f158113 100644 --- a/machines/nixos/x86_64-linux/rivendell.nix +++ b/machines/nixos/x86_64-linux/rivendell.nix @@ -10,11 +10,12 @@ (modulesPath + "/installer/scan/not-detected.nix") inputs.nixos-hardware.nixosModules.framework-desktop-amd-ai-max-300-series ../../../profiles/disk/btrfs-on-luks.nix - ../../../profiles/defaults.nix - ../../../profiles/server.nix ../../../profiles/cgroups.nix + ../../../profiles/defaults.nix ../../../profiles/forgejo.nix ../../../profiles/keycloak.nix + ../../../profiles/remote-unlock.nix + ../../../profiles/server.nix ../../../profiles/tailscale.nix ]; @@ -94,7 +95,6 @@ }; my.modules.hardware.baremetal.enable = true; - my.modules.remote-unlock.enable = true; system.stateVersion = "23.11"; # Did you read the comment? } diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index a3c5d70..c214a72 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -6,7 +6,6 @@ ./home-manager.nix ./nas-client.nix ./nix.nix - ./remote-unlock.nix ./user.nix ]; } diff --git a/modules/nixos/remote-unlock.nix b/modules/nixos/remote-unlock.nix deleted file mode 100644 index 38b023d..0000000 --- a/modules/nixos/remote-unlock.nix +++ /dev/null @@ -1,31 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.my.modules.remote-unlock; -in -{ - options.my.modules.remote-unlock = with lib; { - enable = mkEnableOption "remote unlock"; - }; - - config = lib.mkIf cfg.enable { - boot.kernelParams = [ - "ip=dhcp" - ]; - - boot.initrd.network = { - enable = true; - postCommands = "echo 'cryptsetup-askpass' >> /root/.profile"; - flushBeforeStage2 = true; - ssh = { - enable = true; - port = 911; - hostKeys = [ - "/etc/initrd/ssh_host_ed25519_key" - ]; - authorizedKeys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" - ]; - }; - }; - }; -} diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix new file mode 100644 index 0000000..b0e3fe8 --- /dev/null +++ b/profiles/remote-unlock.nix @@ -0,0 +1,22 @@ +{ ... }: +{ + boot.kernelParams = [ + "ip=dhcp" + ]; + + boot.initrd.network = { + enable = true; + postCommands = "echo 'cryptsetup-askpass' >> /root/.profile"; + flushBeforeStage2 = true; + ssh = { + enable = true; + port = 911; + hostKeys = [ + "/etc/initrd/ssh_host_ed25519_key" + ]; + authorizedKeys = [ + "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi" + ]; + }; + }; +} |