From d9f0414b29c048b10699a3d725e5b7770bbbd242 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Fri, 24 Oct 2025 11:11:11 -0700
Subject: move remote-unlock as a profile

---
 profiles/remote-unlock.nix | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)
 create mode 100644 profiles/remote-unlock.nix

(limited to 'profiles')

diff --git a/profiles/remote-unlock.nix b/profiles/remote-unlock.nix
new file mode 100644
index 0000000..b0e3fe8
--- /dev/null
+++ b/profiles/remote-unlock.nix
@@ -0,0 +1,22 @@
+{ ... }:
+{
+  boot.kernelParams = [
+    "ip=dhcp"
+  ];
+
+  boot.initrd.network = {
+    enable = true;
+    postCommands = "echo 'cryptsetup-askpass' >> /root/.profile";
+    flushBeforeStage2 = true;
+    ssh = {
+      enable = true;
+      port = 911;
+      hostKeys = [
+        "/etc/initrd/ssh_host_ed25519_key"
+      ];
+      authorizedKeys = [
+        "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAINBkozy+X96u5ciX766bJ/AyQ3xm1tXZTIr5+4PVFZFi"
+      ];
+    };
+  };
+}
-- 
cgit v1.2.3