Hello,
I’d like to have a sshd to enter my password for fs decryption.
I’m trying to do something like:
{ config, pkgs, ... }:
{ boot.initrd = {
availableKernelModules = [ "aNetModule" ];
network.enable = true;
network.ssh = {
enable = true;
port = 22;
authorizedKeys = [ "ssh-rsa AAAAB... aUser@nixos" ];
hostECDSAKey = /boot/dropbear_ecdsa;
};
network.postCommands = '' echo 'cryptsetup-askpass'>>/root/.profile '';
};
}
This is derived from
and works fine when added to a running system.
It works for installing a fresh system when nix-install finds a copy of /mnt/boot/dropbear_ecdsa in /boot/dropbear_ecdsa.
When I boot to the fresh install, dropbear_ecdsa isn’t present in /mnt/boot/dropbear_ecdsa nor in /boot/dropbear_ecdsa, i.e. I can’t do a nixos-rebuild without further ado.
I would like to setup this sshd while installing without having to quirk with the keyfile, but I don’t know how.
Maybe this question is even more general:
How to cope with absolute paths in config.nix when installing?
Edit: I’m testing this on a vbox at the moment.