systemd initrd ssh zfs native encryption unlock

2025-12-10 00:43:56 -05:00 · 2024-06-24 23:35:55 -04:00 · 2024-06-24 23:35:55 -04:00 · c102d3c782
commit c102d3c782
parent 27fd18e3a2
3 changed files with 32 additions and 6 deletions
--- a/hosts/gerg-desktop/boot.nix
+++ b/hosts/gerg-desktop/boot.nix
@ -18,6 +18,37 @@ in
  environment.systemPackages = [ pkgs.sbctl ];

  boot = {
+    initrd = {
+      kernelModules = [ "igc" ];
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = 22;
+          hostKeys = [ "/persist/initrd-keys/ssh_host_ed5519_key" ];
+          authorizedKeys = [ config.local.keys.gerg_gerg-phone ];
+        };
+      };
+      systemd = {
+        network = {
+          enable = true;
+          networks.enp11s0 = {
+            name = "enp11s0";
+            address = [ "192.168.1.4/24" ];
+            gateway = [ "192.168.1.1" ];
+            dns = [ "192.168.1.1" ];
+            DHCP = "no";
+            linkConfig = {
+              MACAddress = "D8:5E:D3:E5:47:90";
+              RequiredForOnline = "routable";
+            };
+          };
+          wait-online.enable = false;
+        };
+        users.root.shell = "/bin/systemd-tty-ask-password-agent";
+      };
+    };
+
    lanzaboote = {
      enable = true;
      pkiBundle = "/etc/secureboot";
@ -86,6 +117,5 @@ in
          };
        })
    );
-
  };
 }
--- a/modules/builders.nix
+++ b/modules/builders.nix
@ -47,10 +47,7 @@

    (
      let
-        keys = [
-          config.local.keys.root_media-laptop
-          config.local.keys.root_game-desktop
-        ];
+        keys = [ config.local.keys.root_media-laptop ];
      in
      lib.mkIf config.local.remoteBuild.isBuilder {
        sops.secrets.store_key = { };
--- a/modules/keys.nix
+++ b/modules/keys.nix
@ -6,7 +6,6 @@
    gerg_gerg-phone = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILZKIp3iObuxEUPx1dsMiN3vyMaMQb0N1gKJY78TtRxd";
    gerg_gerg-windows = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILpYY2uw0OH1Re+3BkYFlxn0O/D8ryqByJB/ljefooNc";
    root_media-laptop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIq9YTf4jlVCKBKn44m4yJvj94C7pTOyaa4VjZFohNqD";
-    root_game-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJUKHZasYQUAmRBiqtx1drDxfq18/N4rKydCtPHx461I";
    root_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIeHsGcmOdIMzV+SNe4WFcA3CPHCNb1aqxThkXtm7G/1";
    gerg-desktop_fingerprint = "BQxvBOWsTw1gdNDR0KzrSRmbVhDrJdG05vYXkVmw8yA";
    gerg_gerg-desktop = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJWbwkFJmRBgyWyWU+w3ksZ+KuFw9uXJN3PwqqE7Z/i8";