{ config, pkgs, ... }: { # Unlock encrypted root partition remotely with SSH. # https://nixos.wiki/wiki/Remote_LUKS_Unlocking#Prepare_SSH_host_keys # SSH in initrd boot.initrd.network.enable = true; boot.initrd.network.ssh = { enable = true; shell = "/bin/cryptsetup-askpass"; authorizedKeys = [ (builtins.readFile ./nitrokey.pub) ]; hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ]; }; # Network in initrd # # Find out which module is used for network card: # lspci -v | grep -iA8 'network\|ethernet' # Or check the "Network" part of: # inxi -F # boot.initrd.availableKernelModules = [ "r8169" ]; boot.kernelParams = [ "ip=dhcp" ]; }