aboutsummaryrefslogblamecommitdiff
path: root/nix/remote-unlock.nix
blob: 669f578dfba3a30972fd1bf121e0f1253f87a799 (plain) (tree)

























                                                                                                                                           
{ config, pkgs, ... }:

  with builtins;
  with pkgs.lib;
{
  config = {
    boot.initrd.availableKernelModules = [ "pps_core" "ptp" "e1000e" ];
    boot.initrd.network.enable = true;
    boot.initrd.network.ssh = {
      enable = true;
      port = 2222;
      authorizedKeys = concatLists (mapAttrsToList (name: user: user) config.deuxfleurs.admin_accounts);
      hostKeys = [ "/var/lib/deuxfleurs/remote-unlock/ssh_host_ed25519_key" ];
    };
    boot.initrd.network.postCommands = ''
      ip addr add ${config.deuxfleurs.lan_ip}/${toString config.deuxfleurs.lan_ip_prefix_length} dev ${config.deuxfleurs.network_interface}
      ip link set dev ${config.deuxfleurs.network_interface} up
      ip route add default via ${config.deuxfleurs.lan_default_gateway} dev ${config.deuxfleurs.network_interface}
      ip a
      ip route
      ping -c 4 ${config.deuxfleurs.lan_default_gateway}
      echo 'echo run cryptsetup-askpass to unlock drives' >> /root/.profile
    '';
  };
}