@colemickens I will retry with pinentry flavor=“curses”, and if after that things continue to don’t work, i move to graphical way like you do.
I hit another limitation, gpgconf is not present in initd gpgSupport with option boot.initrd.luks.gpgSupport. I don’t see how i could forward my Yubikey GPG by SSH to decrypt remote Luks without that ?
boot.initrd.luks.gpgSupport = true;
boot.initrd.luks.devices = {
"enc-pv" = {
name = "enc-pv";
preLVM = true;
device = "$luksuuid";
gpgCard = {
publicKey = ./gpg-yubikey.asc;
encryptedPass = ./luks-passphrase-arkham.asc;
};
allowDiscards = true;
};
I search into https://github.com/NixOS/nixpkgs/blob/release-20.09/nixos/modules/system/boot/luksroot.nix#L328 open_hardware() to see if that possible …
If gpg-conf is not available, i need to search which socket could i use for extra / forward.
The command to launch gpg in initrd :
gpg-agent --daemon --scdaemon-program $out/bin/scdaemon > /dev/null 2> /dev/null
I try this without success :
ssh -R /root/.gnupg/S.gpg-agent:/run/user/1000/gnupg/S.gpg-agent.extra -o StreamLocalBindUnlink=yes myremote
Enter passphrase for key '/home/xxx/.ssh/vps.xxx.xxx':
Warning: remote port forwarding failed for listen path /root/.gnupg/S.gpg-agent
X11 forwarding request failed on channel 0
Last login: Mon Nov 23 16:32:19 2020 from xxxx