From 2e8aebc44a2e302028e5d26d75a608a3449074d6 Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 13 Feb 2022 11:00:40 -0800 Subject: hosts: decrypt root disk via ssh on boot --- hosts/carmel/default.nix | 21 +++++++++++++++++++++ hosts/common/system/default.nix | 1 + hosts/common/system/hardware.nix | 5 +++++ 3 files changed, 27 insertions(+) create mode 100644 hosts/common/system/hardware.nix diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index 9abd61a..bdc43f5 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -11,10 +11,31 @@ boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; + boot.initrd = { + luks.devices."system".allowDiscards = true; + network = { + enable = true; + postCommands = '' + echo "cryptsetup-askpass; exit" > /root/.profile + ''; + ssh = { + enable = true; + port = 2222; + hostKeys = [ + /etc/ssh/ssh_host_ed25519_key + /etc/ssh/ssh_host_rsa_key + ]; + authorizedKeys = users.users.fcuny.openssh.authorizedKeys.keys; + }; + }; + }; + time.timeZone = "America/Los_Angeles"; services.xserver.dpi = 168; + hardware.opengl.driSupport = true; + # Use systemd-networkd for networking systemd.network = { enable = true; diff --git a/hosts/common/system/default.nix b/hosts/common/system/default.nix index 64cb51b..8e7def5 100644 --- a/hosts/common/system/default.nix +++ b/hosts/common/system/default.nix @@ -3,6 +3,7 @@ { imports = [ ./boot.nix + ./hardware.nix ./motd.nix ./network.nix ./nix.nix diff --git a/hosts/common/system/hardware.nix b/hosts/common/system/hardware.nix new file mode 100644 index 0000000..030b358 --- /dev/null +++ b/hosts/common/system/hardware.nix @@ -0,0 +1,5 @@ +{ pkgs, lib, config, ... }: + +{ + services.fwupd.enable = true; +} -- cgit 1.4.1