From 2e8aebc44a2e302028e5d26d75a608a3449074d6 Mon Sep 17 00:00:00 2001
From: Franck Cuny <franck@fcuny.net>
Date: Sun, 13 Feb 2022 11:00:40 -0800
Subject: hosts: decrypt root disk via ssh on boot

---
 hosts/carmel/default.nix | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

(limited to 'hosts/carmel')

diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix
index 9abd61a..bdc43f5 100644
--- a/hosts/carmel/default.nix
+++ b/hosts/carmel/default.nix
@@ -11,10 +11,31 @@
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
+  boot.initrd = {
+    luks.devices."system".allowDiscards = true;
+    network = {
+      enable = true;
+      postCommands = ''
+        echo "cryptsetup-askpass; exit" > /root/.profile
+      '';
+      ssh = {
+        enable = true;
+        port = 2222;
+        hostKeys = [
+          /etc/ssh/ssh_host_ed25519_key
+          /etc/ssh/ssh_host_rsa_key
+        ];
+        authorizedKeys = users.users.fcuny.openssh.authorizedKeys.keys;
+      };
+    };
+  };
+
   time.timeZone = "America/Los_Angeles";
 
   services.xserver.dpi = 168;
 
+  hardware.opengl.driSupport = true;
+
   # Use systemd-networkd for networking
   systemd.network = {
     enable = true;
-- 
cgit 1.4.1