## ENABLE SSH ON INIT
boot.initrd.kernelModules = [
## Which kernel module / driver for the network interface?
# lspci -v | grep -iA8 'network\|ethernet'
# nix run nixpkgs#lshw -- -C network | grep -Poh 'driver=[[:alnum:]]+'
"igb" # Intel Gigabit
# "e1000e"
# "igc"
# "r8169"
# # For debugging installation in vms
# "virtio_pci"
# "virtio_net"
];
boot.kernelParams = [
# # See <https://www.kernel.org/doc/Documentation/filesystems/nfs/nfsroot.txt> for docs on this
# # ip=<client-ip>:<server-ip>:<gw-ip>:<netmask>:<hostname>:<device>:<autoconf>:<dns0-ip>:<dns1-ip>:<ntp0-ip>
# # The server ip refers to the NFS server -- we don't need it.
# # "ip=${ipv4.address}::${ipv4.gateway}:${ipv4.netmask}:${hostName}-initrd:${networkInterface}:off:1.1.1.1"
## initrd luks_remote_unlock
"ip=192.168.1.35::192.168.1.1:255.255.255.0:my-server-initrd:eth0:none"
# "ip=dhcp"
];
boot.initrd.network = {
enable = true;
ssh = {
enable = true;
port = 2222;
authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
hostKeys = [ "/etc/secrets/initrd/host_ecdsa_key" ];
};
};
# NOTE: 20231225; We'll use the manual option for now, This way we can do more if we need to.
# # If you omit it, you will get dropped into a shell, and you will have to manually run it to enter the password.
# boot.initrd.network.ssh.shell = lib.mkIf (!config.boot.initrd.systemd.enable) "/bin/cryptsetup-askpass";
# boot.initrd.systemd.users.root.shell = lib.mkIf (config.boot.initrd.systemd.enable) "/bin/systemd-tty-ask-password-agent";