2024-04-28 15:25:40 +00:00
|
|
|
{ flake, config, ... }:
|
|
|
|
{
|
2023-10-27 21:06:55 +00:00
|
|
|
# From https://nixos.wiki/wiki/ZFS#Unlock_encrypted_zfs_via_ssh_on_boot
|
|
|
|
boot.initrd.network = {
|
|
|
|
enable = true;
|
|
|
|
ssh = {
|
|
|
|
enable = true;
|
|
|
|
# To prevent ssh clients from freaking out because a different host key is used,
|
|
|
|
# a different port for ssh is useful (assuming the same host has also a regular sshd running)
|
|
|
|
port = 2222;
|
|
|
|
|
|
|
|
# Please create this manually the first time.
|
|
|
|
hostKeys = [ "/etc/secrets/initrd/ssh_host_ed25519_key" ];
|
2024-11-12 20:04:44 +00:00
|
|
|
authorizedKeys = flake.self.logins.sshPubKeys;
|
2023-10-27 21:06:55 +00:00
|
|
|
};
|
|
|
|
# this will automatically load the zfs password prompt on login
|
|
|
|
# and kill the other prompt so boot can continue
|
|
|
|
postCommands = ''
|
|
|
|
cat <<EOF > /root/.profile
|
|
|
|
if pgrep -x "zfs" > /dev/null
|
|
|
|
then
|
|
|
|
zfs load-key -a
|
|
|
|
killall zfs
|
|
|
|
else
|
|
|
|
echo "zfs not running -- maybe the pool is taking some time to load for some unforseen reason."
|
|
|
|
fi
|
|
|
|
EOF
|
|
|
|
'';
|
|
|
|
};
|
|
|
|
}
|