From d401d7caaaef0689abfb0dde37d422832ef6972f Mon Sep 17 00:00:00 2001 From: Franck Cuny Date: Sun, 13 Feb 2022 13:56:19 -0800 Subject: hosts: unlock disks remotely on boot Enable a SSH daemon in initrd, with our keys, so we can unlock remotely the disk on reboot. --- hosts/carmel/default.nix | 20 ++++---------------- 1 file changed, 4 insertions(+), 16 deletions(-) (limited to 'hosts/carmel') diff --git a/hosts/carmel/default.nix b/hosts/carmel/default.nix index d728d6b..1413f1f 100644 --- a/hosts/carmel/default.nix +++ b/hosts/carmel/default.nix @@ -5,6 +5,8 @@ [ # Include the results of the hardware scan. ./hardware-configuration.nix ../common/desktop + # In order to unlock the root disk remotely + ../common/system/boot-ssh.nix ]; # Use the systemd-boot EFI boot loader. @@ -13,25 +15,11 @@ boot.initrd = { luks.devices."system".allowDiscards = true; - network = { - enable = true; - postCommands = '' - echo "cryptsetup-askpass; exit" > /root/.profile - ''; - ssh = { - enable = true; - port = 2222; - hostKeys = [ - /etc/ssh/ssh_host_ed25519_key - /etc/ssh/ssh_host_rsa_key - ]; - }; - }; }; - time.timeZone = "America/Los_Angeles"; + boot.kernelParams = [ "ip=dhcp" ]; - services.xserver.dpi = 168; + time.timeZone = "America/Los_Angeles"; hardware.opengl.driSupport = true; -- cgit 1.4.1