This commit is contained in:
Daniel Langbein 2023-09-11 18:16:05 +02:00
parent 948c775bf2
commit 4131abfe82
Signed by: langfingaz
GPG Key ID: 6C47C753F0823002
2 changed files with 8 additions and 3 deletions

View File

@ -372,10 +372,9 @@ Some references to websites that helped me create this repository:
## TODOs ## TODOs
* FDE remote SSH unlock: https://nixos.wiki/wiki/Remote_LUKS_Unlocking, https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
* Yubikey FDE: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix * Yubikey FDE: https://github.com/georgewhewell/nixos-host/blob/master/profiles/luks-yubi.nix
* Impermanence, opt-in to * Impermanence, opt-in to persistence:
persistence: https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance https://github.com/Misterio77/nix-starter-configs/tree/main#try-opt-in-persistance
* nix-shell / lorri * nix-shell / lorri
* https://ghedam.at/15978/an-introduction-to-nix-shell * https://ghedam.at/15978/an-introduction-to-nix-shell
* docker-compose.yml for services and nix-shell to run the code * docker-compose.yml for services and nix-shell to run the code

View File

@ -1,6 +1,12 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
# Unlock encrypted root partition remotely with SSH.
# TODO: Some manual steps are required, see https://nixos.wiki/wiki/Remote_LUKS_Unlocking
#
# Additional references:
# https://wiki.archlinux.org/title/Dm-crypt/Specialties#Remote_unlocking_of_root_(or_other)_partition
# SSH in initrd # SSH in initrd
boot.initrd.network.enable = true; boot.initrd.network.enable = true;
boot.initrd.network.ssh = { boot.initrd.network.ssh = {