nix-git/modules/fde-ssh-unlock.nix

{ config, pkgs, ... }:

{
  # TODO

  #  # Kernel
  #  # boot.kernelPackages = pkgs.linuxPackages_latest;
  #  # boot.kernelPackages = pkgs.linuxPackages_hardened;

  # SSH in initrd
  boot.initrd.network.enable = true;
  boot.initrd.network.ssh = {
    enable = true;
    port = 22;
    shell = "/bin/cryptsetup-askpass";
    authorizedKeys = [
      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
    ];
    hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
  };

  # Network in initrd
  #
  # Find out which module is used for network card:
  #   lspci -v | grep -iA8 'network\|ethernet'
  # Or check the "Network" part of:
  #   inxi -F
  #
  boot.initrd.availableKernelModules = [ "r8169" ];
  #boot.extraModulePackages = with config.boot.kernelPackages; [
  #  r8152
  #];
  #  boot.initrd.kernelModules = [
  #    # Arch wiki: Mkinitcpio MODULES: USB 3 hub
  #    "usbhid"
  #    "xhci_hcd"
  #
  #    # Realtek RTL8152/RTL8153 Based USB Ethernet Adapters
  #    "r8152"
  #
  #    #"usbcore"
  #    # MII hardware support library
  #    #"mii"
  #    # USB HID core driver
  #    #"usbhid"
  #  ];
  #  # dmesg -> enp0s20f0u1u2: renamed from eth0
  #  boot.kernelParams = [ "ip=:::::eth0:dhcp" ];
  boot.kernelParams = [ "ip=dhcp" ];
}
WIP: ssh unlock 2023-08-31 13:15:22 +02:00			`{ config, pkgs, ... }:`

			`{`
refactor 2023-08-31 14:28:05 +02:00			`# TODO`

WIP: ssh unlock 2023-08-31 13:15:22 +02:00			`# # Kernel`
			`# # boot.kernelPackages = pkgs.linuxPackages_latest;`
			`# # boot.kernelPackages = pkgs.linuxPackages_hardened;`
WIP: ssh unlock 2023-09-07 19:07:45 +02:00
			`# SSH in initrd`
			`boot.initrd.network.enable = true;`
			`boot.initrd.network.ssh = {`
			`enable = true;`
			`port = 22;`
			`shell = "/bin/cryptsetup-askpass";`
			`authorizedKeys = [`
			"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
			`];`
			`hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];`
			`};`

			`# Network in initrd`
			`#`
			`# Find out which module is used for network card:`
			`# lspci -v \| grep -iA8 'network\\|ethernet'`
			`# Or check the "Network" part of:`
			`# inxi -F`
WIP: ssh unlock 2023-08-31 13:15:22 +02:00			`#`
WIP: ssh unlock 2023-09-07 19:07:45 +02:00			`boot.initrd.availableKernelModules = [ "r8169" ];`
			`#boot.extraModulePackages = with config.boot.kernelPackages; [`
			`# r8152`
			`#];`
WIP: ssh unlock 2023-08-31 13:15:22 +02:00			`# boot.initrd.kernelModules = [`
			`# # Arch wiki: Mkinitcpio MODULES: USB 3 hub`
			`# "usbhid"`
			`# "xhci_hcd"`
			`#`
			`# # Realtek RTL8152/RTL8153 Based USB Ethernet Adapters`
			`# "r8152"`
			`#`
			`# #"usbcore"`
			`# # MII hardware support library`
			`# #"mii"`
			`# # USB HID core driver`
			`# #"usbhid"`
			`# ];`
			`# # dmesg -> enp0s20f0u1u2: renamed from eth0`
			`# boot.kernelParams = [ "ip=:::::eth0:dhcp" ];`
WIP: ssh unlock 2023-09-07 19:07:45 +02:00			`boot.kernelParams = [ "ip=dhcp" ];`
WIP: ssh unlock 2023-08-31 13:15:22 +02:00			`}`