From 25827a97d379c54274dfa3b1c71d3d1c0766d5b0 Mon Sep 17 00:00:00 2001
From: teutat3s <teutates@mailbox.org>
Date: Sat, 24 Aug 2024 03:05:28 +0200
Subject: [PATCH] modules: add unlock-luks-on-boot

---
 modules/unlock-luks-on-boot/default.nix | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 modules/unlock-luks-on-boot/default.nix

diff --git a/modules/unlock-luks-on-boot/default.nix b/modules/unlock-luks-on-boot/default.nix
new file mode 100644
index 00000000..09521880
--- /dev/null
+++ b/modules/unlock-luks-on-boot/default.nix
@@ -0,0 +1,20 @@
+{ flake, config, ... }:
+{
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      # To prevent ssh clients from freaking out because a different host key is used,
+      # a different port for ssh is useful (assuming the same host has also a regular sshd running)
+      port = 2222;
+
+      # Please create this manually the first time.
+      hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
+      authorizedKeys = config.pub-solar-os.authentication.sshPubKeys;
+    };
+    postCommands = ''
+      # Automatically ask for the password on SSH login
+      echo 'cryptsetup-askpass || echo "Unlock was successful; exiting SSH session" && exit 1' >> /root/.profile
+    '';
+  };
+}