diff options
| -rw-r--r-- | nixos/hosts/ev/default.nix | 20 | 
1 files changed, 20 insertions, 0 deletions
| diff --git a/nixos/hosts/ev/default.nix b/nixos/hosts/ev/default.nix index e7ec8d5..c797d29 100644 --- a/nixos/hosts/ev/default.nix +++ b/nixos/hosts/ev/default.nix @@ -18,6 +18,26 @@      ./hosehawk.nix    ]; +  # enable unlocking full disk encryption via SSH +  boot.kernelParams = ["ip=dhcp"]; +  boot.initrd = { +    availableKernelModules = ["r8169"]; # for Ethernet +    network = { +      enable = true; +      ssh = { +        enable = true; +        port = 2222; +        hostKeys = ["/etc/secrets/initrd/ssh_host_ed25519_key"]; +        authorizedKeys = [ +          "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDo/Y7w3hQgUIOQi63e8+L7eTMsVWl1vqY+Bd4tvwShdAj8ECU6JnD6gkCVzqXfUNdpA0Csd9PZlGAbXU+0kxudryFV6mxbXvYf+z70vcF02L5lDJ1tzCV7t7SwXnoenSNBIra/M2zDFgGM4oUkl9iZ2wxn/X/mvFzopJsM3xe2YNtJhXzCyaQTakKRDdHMyj9E867Ko03H6ZD2PI+9G+S39tk5ZLIcG9qhLTfDPziiZj7AIeTYVoxQycajwSlvp8BLzxxCKH8Mq7qW86jfT4lYvUuL5ItQ1cdFbmvJNKpgGXBzgBU+6kWf5c7P2aajhE3otgpfBXWBZRA3hKk+E+xX martin@hamac" +        ]; +        shell = "/bin/cryptsetup-askpass"; +      }; +    }; +  }; +  # unsure why this is necessary +  networking.interfaces.enp3s0.useDHCP = true; +    home-automation.zigbee2mqttPort = 8080;    torrent.qbittorrentWebUiPort = 7777;    torrent.networkNamespace = "se"; | 
