From 2b61601dd95244e31d82613621955effb91f7222 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 28 Nov 2025 14:05:44 -0800
Subject: add a module to remotely unlock machines

For machines with full disk encryption, we can remotely unlock them from
bree. A systemd timer will run every 10 minutes and check if we need to
unlock the host. If we need to, it will SSH and provide the passphrase
to unlock the disk(s).
---
 profiles/remote-unlock.nix | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'profiles')

diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix
index b0e3fe8..ea211ad 100644
--- a/profiles/remote-unlock.nix
+++ b/profiles/remote-unlock.nix
@@ -15,7 +15,10 @@
         "/etc/initrd/ssh_host_ed25519_key"
       ];
       authorizedKeys = [
+        # my personal key
         "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+        # key used to automatically unlock
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPr9Dv2MjZoRltmxi21PoS/42KnOhYxuq9r6ER62vjAx"
       ];
     };
   };
-- 
cgit v1.2.3