mirror of
https://codeberg.org/privacy1st/nixos-anywhere-example
synced 2024-11-23 22:19:33 +01:00
27 lines
706 B
Nix
27 lines
706 B
Nix
|
{ config, pkgs, ... }:
|
||
|
{
|
||
|
# Unlock encrypted root partition remotely with SSH.
|
||
|
# https://nixos.wiki/wiki/Remote_LUKS_Unlocking#Prepare_SSH_host_keys
|
||
|
|
||
|
# SSH in initrd
|
||
|
boot.initrd.network.enable = true;
|
||
|
boot.initrd.network.ssh = {
|
||
|
enable = true;
|
||
|
shell = "/bin/cryptsetup-askpass";
|
||
|
authorizedKeys = [
|
||
|
(builtins.readFile ./nitrokey.pub)
|
||
|
];
|
||
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||
|
};
|
||
|
|
||
|
# Network in initrd
|
||
|
#
|
||
|
# Find out which module is used for network card:
|
||
|
# lspci -v | grep -iA8 'network\|ethernet'
|
||
|
# Or check the "Network" part of:
|
||
|
# inxi -F
|
||
|
#
|
||
|
boot.initrd.availableKernelModules = [ "r8169" ];
|
||
|
boot.kernelParams = [ "ip=dhcp" ];
|
||
|
}
|