diff options
| -rw-r--r-- | nixos/hosts/ev/default.nix | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix index e7ec8d5..c797d29 100644 --- a/nixos/hosts/ev/default.nix +++ b/nixos/hosts/ev/default.nix @@ -18,6 +18,26 @@ ./hosehawk.nix ]; + # enable unlocking full disk encryption via SSH + boot.kernelParams = ["ip=dhcp"]; + boot.initrd = { + availableKernelModules = ["r8169"]; # for Ethernet + network = { + enable = true; + ssh = { + enable = true; + port = 2222; + hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"]; + authorizedKeys = [ + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo/Y7w3hQgUIOQi63e8+L7eTMsVWl1vqY+Bd4tvwShdAj8ECU6JnD6gkCVzqXfUNdpA0Csd9PZlGAbXU+0kxudryFV6mxbXvYf+z70vcF02L5lDJ1tzCV7t7SwXnoenSNBIra/M2zDFgGM4oUkl9iZ2wxn/X/mvFzopJsM3xe2YNtJhXzCyaQTakKRDdHMyj9E867Ko03H6ZD2PI+9G+S39tk5ZLIcG9qhLTfDPziiZj7AIeTYVoxQycajwSlvp8BLzxxCKH8Mq7qW86jfT4lYvUuL5ItQ1cdFbmvJNKpgGXBzgBU+6kWf5c7P2aajhE3otgpfBXWBZRA3hKk+E+xX martin@hamac" + ]; + shell = "/bin/cryptsetup-askpass"; + }; + }; + }; + # unsure why this is necessary + networking.interfaces.enp3s0.useDHCP = true; + home-automation.zigbee2mqttPort = 8080; torrent.qbittorrentWebUiPort = 7777; torrent.networkNamespace = "se"; |