WIP: ssh unlock

assets/ssh/known_hosts

@@ -1,2 +1,4 @@
 # 2023-07 yodaNas with Arch Linux
 [p1st.de]:2222 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIASF7AJeGIkQG0erOJym8bHLBjRClkdPPCDNZAKOZ6S+
+# 2023-09 yodaTux NixOS early SSH FDE unlock
+[yodaTux.localhost]:22 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAII1QKkJg9ekAAxTADCXIvHylrYOc6EdEyKUmKaQhaW3e

modules/fde-ssh-unlock.nix

@@ -6,27 +6,30 @@
   #  # Kernel
   #  # boot.kernelPackages = pkgs.linuxPackages_latest;
   #  # boot.kernelPackages = pkgs.linuxPackages_hardened;
+
+  # SSH in initrd
+  boot.initrd.network.enable = true;
+  boot.initrd.network.ssh = {
+    enable = true;
+    port = 22;
+    shell = "/bin/cryptsetup-askpass";
+    authorizedKeys = [
+      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
+    ];
+    hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
+  };
+
+  # Network in initrd
   #
-  #  # SSH early boot setup
+  # Find out which module is used for network card:
-  #  boot.initrd.network.enable = true;
+  #   lspci -v | grep -iA8 'network\|ethernet'
-  #  boot.initrd.network.ssh = {
+  # Or check the "Network" part of:
-  #    enable = true;
+  #   inxi -F
-  #    port = 22;
+  #
-  #    shell = "/bin/cryptsetup-askpass";
+  boot.initrd.availableKernelModules = [ "r8169" ];
-  #    authorizedKeys = [
+  #boot.extraModulePackages = with config.boot.kernelPackages; [
-  #      "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpgihAg8Qzu5q+AGXHLR7p+rrS1yB0KlZb/Y/EwZT15EhEtsUMqBMRiY0TdjKQU0broyygZnymccLmCXvihEgk3zk/hP8VEDmN5wmE2tRBPR4lSjo8E1R8N79G+gaFkwi93QYh57MsGfa9k4tvGrJy0yaD7GrPqtQf+IIuvV14WJQAqnikTdbFqRjk5JGearYLU7jSKa+9NmR7JQ9NExoyIPgmQ/pd0Xc2qt8k5UGfz3HM9MAmIVQ30whK6m1iYZ8nxEidHrfreQx8NOa7ujo4zQnV1NYvRUjObr/qyIhPU6DYLT2mVRNupQFKx6LI38O4U13heugUFqJ3zvog3aDsriFiv8jzJAJvWXx7Q3TqKhqiG9VTkwBw1NDbCAOXKiEdMfiCYbdCfpNgdepU75bMloJcSQQVUqoH2tQhSbwKLuRFgOnyaHpvWbieXBRcUnfG8gg4p4jqiwx5laweEeOIOD/i7G1Mjx7Dj2ctnT/ILat/xsf+Y0W4eJr3bc5L9ghgw6wsKbNSqwjFUCFcHcARK3gvSH+hO2/BpgMVoyvZjO5PNuUqfsZ7bIIs5cDdyB/ly3irKuaRz1+3x1x4gPgSiOcji7HxPwogzhPsyfoRLHNt9tJ5X4nF2Iz1M5RTJpbZCi6yEj+9Q85FVjD76BEWuZe18kRrwhuLf/XgKdF9tQ== openpgp:0xA8B75370"
+  #  r8152
-  #    ];
+  #];
-  #    hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
-  #  };
-  #  # Find out which module is used for network card:
-  #  #   lspci -v | grep -iA8 'network\|ethernet'
-  #  # Or check the "Network" part of:
-  #  #   inxi -F
-  #  #
-  ##  boot.initrd.availableKernelModules = [ "r8152" ];
-  ##  boot.extraModulePackages = with config.boot.kernelPackages; [
-  ##    r8152
-  ##  ];
   #  boot.initrd.kernelModules = [
   #    # Arch wiki: Mkinitcpio MODULES: USB 3 hub
   #    "usbhid"
@@ -43,4 +46,5 @@
   #  ];
   #  # dmesg -> enp0s20f0u1u2: renamed from eth0
   #  boot.kernelParams = [ "ip=:::::eth0:dhcp" ];
+  boot.kernelParams = [ "ip=dhcp" ];
 }