From 8e9da1df8872f0d348d366aff2aab61f0209e912 Mon Sep 17 00:00:00 2001
From: Daniel Flanagan <daniel@lyte.dev>
Date: Mon, 29 Jul 2024 10:43:11 -0500
Subject: [PATCH] Add unused remote unlock module

---
 modules/nixos/default.nix | 24 ++++++++++++++++++++++++
 1 file changed, 24 insertions(+)

diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix
index 2089268..449112e 100644
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@@ -136,6 +136,30 @@
     };
   };
 
+  remote-disk-key-entry-on-boot = {
+    lib,
+    pkgs,
+    ...
+  }: {
+    # https://nixos.wiki/wiki/Remote_disk_unlocking
+    # "When using DHCP, make sure your computer is always attached to the network and is able to get an IP adress, or the boot process will hang."
+    # ^ seems less than ideal
+    boot.kernelParams = ["ip=dhcp"];
+    boot.initrd = {
+      # availableKernelModules = ["r8169"]; # ethernet drivers
+      systemd.users.root.shell = "/bin/cryptsetup-askpass";
+      network = {
+        enable = true;
+        ssh = {
+          enable = true;
+          port = 22;
+          authorizedKeys = [pubkey];
+          hostKeys = ["/etc/secrets/initrd/ssh_host_rsa_key"];
+        };
+      };
+    };
+  };
+
   ssh-server = {lib, ...}: {
     # enable an ssh server and provide root access with my primary public key