nix: enable ssh on initrd

benmezger · Jan 26, 2025 · b34b54a · b34b54a
1 parent d46bcaa
commit b34b54a
Showing 1 changed file with 13 additions and 0 deletions.
diff --git a/hosts/default/bootloader.nix b/hosts/default/bootloader.nix
@@ -2,6 +2,7 @@
   config,
   lib,
   pkgs,
+  userConf,
   ...
 }:
 
@@ -14,6 +15,7 @@
       # to prevent connection drop
       # fixes: usb 1-10.2: 3:1: cannot get freq at ep 0x3
       "usbhid.quirks=0x1532:0x00ab:0x00000400"
+      "ip=192.168.0.168::192.168.0.1:255.255.255.0:${userConf.hostname}.local::none"
     ];
     supportedFilesystems = [ "btrfs" ];
     kernelModules = [
@@ -27,6 +29,16 @@
       };
     };
     initrd = {
+      systemd.users.root.shell = "/bin/cryptsetup-askpass";
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = 22;
+          authorizedKeys = userConf.sshKeys;
+          hostKeys = [ "/etc/secrets/initrd/host_rsa_key" ];
+        };
+      };
       availableKernelModules = [
         "vmd"
         "xhci_pci"
@@ -35,6 +47,7 @@
         "usbhid"
         "usb_storage"
         "sd_mod"
+        "igc"
       ];
       luks.devices = {
         cryptroot = {