diff --git a/assets/ssh/known_hosts b/assets/ssh/known_hosts index 8ae4a0a..9836b1c 100644 --- a/assets/ssh/known_hosts +++ b/assets/ssh/known_hosts @@ -1,2 +1,4 @@ # 2023-07 yodaNas with Arch Linux [p1st.de]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASF7AJeGIkQG0erOJym8bHLBjRClkdPPCDNZAKOZ6S+ +# 2023-09 yodaTux NixOS early SSH FDE unlock +[yodaTux.localhost]:22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1QKkJg9ekAAxTADCXIvHylrYOc6EdEyKUmKaQhaW3e diff --git a/modules/fde-ssh-unlock.nix b/modules/fde-ssh-unlock.nix index 900fe22..c692533 100644 --- a/modules/fde-ssh-unlock.nix +++ b/modules/fde-ssh-unlock.nix @@ -6,27 +6,30 @@ # # Kernel # # boot.kernelPackages = pkgs.linuxPackages_latest; # # boot.kernelPackages = pkgs.linuxPackages_hardened; + + # SSH in initrd + boot.initrd.network.enable = true; + boot.initrd.network.ssh = { + enable = true; + port = 22; + shell = "/bin/cryptsetup-askpass"; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370" + ]; + hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; + }; + + # Network in initrd # - # # SSH early boot setup - # boot.initrd.network.enable = true; - # boot.initrd.network.ssh = { - # enable = true; - # port = 22; - # shell = "/bin/cryptsetup-askpass"; - # authorizedKeys = [ - # "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370" - # ]; - # hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; - # }; - # # Find out which module is used for network card: - # # lspci -v | grep -iA8 'network\|ethernet' - # # Or check the "Network" part of: - # # inxi -F - # # - ## boot.initrd.availableKernelModules = [ "r8152" ]; - ## boot.extraModulePackages = with config.boot.kernelPackages; [ - ## r8152 - ## ]; + # Find out which module is used for network card: + # lspci -v | grep -iA8 'network\|ethernet' + # Or check the "Network" part of: + # inxi -F + # + boot.initrd.availableKernelModules = [ "r8169" ]; + #boot.extraModulePackages = with config.boot.kernelPackages; [ + # r8152 + #]; # boot.initrd.kernelModules = [ # # Arch wiki: Mkinitcpio MODULES: USB 3 hub # "usbhid" @@ -43,4 +46,5 @@ # ]; # # dmesg -> enp0s20f0u1u2: renamed from eth0 # boot.kernelParams = [ "ip=:::::eth0:dhcp" ]; + boot.kernelParams = [ "ip=dhcp" ]; }