forked from pub-solar/infra
modules: add unlock-luks-on-boot
This commit is contained in:
parent
4a3d3ce84b
commit
25827a97d3
20
modules/unlock-luks-on-boot/default.nix
Normal file
20
modules/unlock-luks-on-boot/default.nix
Normal file
|
@ -0,0 +1,20 @@
|
||||||
|
{ flake, config, ... }:
|
||||||
|
{
|
||||||
|
boot.initrd.network = {
|
||||||
|
enable = true;
|
||||||
|
ssh = {
|
||||||
|
enable = true;
|
||||||
|
# To prevent ssh clients from freaking out because a different host key is used,
|
||||||
|
# a different port for ssh is useful (assuming the same host has also a regular sshd running)
|
||||||
|
port = 2222;
|
||||||
|
|
||||||
|
# Please create this manually the first time.
|
||||||
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
||||||
|
authorizedKeys = config.pub-solar-os.authentication.sshPubKeys;
|
||||||
|
};
|
||||||
|
postCommands = ''
|
||||||
|
# Automatically ask for the password on SSH login
|
||||||
|
echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in a new issue