From f143602d38b04df8ff430e47b742accdcf415aeb Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= <dev@felschr.com>
Date: Mon, 3 Jun 2024 19:45:03 +0200
Subject: [PATCH] feat(home-server): set up clevis

---
 hosts/home-server.nix              | 5 +++++
 secrets/clevis/home-server-enc.jwe | 1 +
 2 files changed, 6 insertions(+)
 create mode 100644 secrets/clevis/home-server-enc.jwe

diff --git a/hosts/home-server.nix b/hosts/home-server.nix
index 8f0fbf4..5efe1d3 100644
--- a/hosts/home-server.nix
+++ b/hosts/home-server.nix
@@ -143,6 +143,11 @@ in
       authorizedKeys = config.users.users.felschr.openssh.authorizedKeys.keys;
     };
   };
+  # allow automated decryption
+  # `echo -n '<LUKS passphrase here>' | clevis encrypt tang '{"url": "http://doctr:9090"}' > home-server-enc.jwe`
+  boot.initrd.clevis.enable = true;
+  boot.initrd.clevis.useTang = true;
+  boot.initrd.clevis.devices."enc".secretFile = ../secrets/clevis/home-server-enc.jwe;
 
   systemd.notify = {
     enable = true;
diff --git a/secrets/clevis/home-server-enc.jwe b/secrets/clevis/home-server-enc.jwe
new file mode 100644
index 0000000..7b6185f
--- /dev/null
+++ b/secrets/clevis/home-server-enc.jwe
@@ -0,0 +1 @@
+eyJhbGciOiJFQ0RILUVTIiwiY2xldmlzIjp7InBpbiI6InRhbmciLCJ0YW5nIjp7ImFkdiI6eyJrZXlzIjpbeyJhbGciOiJFUzUxMiIsImNydiI6IlAtNTIxIiwia2V5X29wcyI6WyJ2ZXJpZnkiXSwia3R5IjoiRUMiLCJ4IjoiQUtISFFSNjhkaFMxNGNiYXJJVkIxRFZPQkdaWEExY25OVHRSdHBkd1FVZ09LS2RNQnczM09wbk9zZGxOUmNFSDdRVHpRbTdHdDRuWFc1LTFCZU1pUkhBOCIsInkiOiJBQ1NoTmd6c0I1SnVCYWh3MGpacXlWZG0zT0h1TW44VXVCQ1hiYjdVUkQxZzlTQTF4a2dhb2lBMlpQZWxmVVJTYXF0c1VTWi1CaERNaVYwSlpBaF92LVBQIn0seyJhbGciOiJFQ01SIiwiY3J2IjoiUC01MjEiLCJrZXlfb3BzIjpbImRlcml2ZUtleSJdLCJrdHkiOiJFQyIsIngiOiJBQUV4MVB2d19qbmVfZDBUS3F3djZtWEY3Rm5yYl94bnVHTmRwOUVNZU1rVXItQXdBaW1CTE42MktJajBIcjlnVnZFZmUyZ2NJYzhLV1FCam90djdDYWw1IiwieSI6IkFXa2kwU1ZIcjRmRmFEODFkRVRQd0U0U1htZVJOeWl4WXlBOVNiWFpKSWhZRUM3YTVfZUliTk5xby1LX0paNzNEX20xVVdYdVY0bVAzVmxLc3N4bGZFTFEifV19LCJ1cmwiOiJodHRwOi8vZG9jdHI6OTA5MCJ9fSwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJjcnYiOiJQLTUyMSIsImt0eSI6IkVDIiwieCI6IkFEbTFxOEpJUEtOUVZnYnM0dTI0emxHRWNTME9TZWFjX1BEWnVUZFR6Y1VXa2d6SXJWZUlIWTlDRDIxR2NPYzBNSU1zeExzZkd3MWtYRnhFT0ZKb0dqYjIiLCJ5IjoiQVdSTkY1OXpjdmtfUFNOdUsxaXlrUTQ3aUptVUxqNWQzSWhnQTYwNkZMZ3lBRHJEemRRUFVFdDdLYUU3YmYtYVpjOXlSZUszcUFOeE9aM2xvZjZUdGxDMiJ9LCJraWQiOiJ1cGZSMUxlN19IbzE0c0RGTGVUYmZveml5Nmxnb0NDdm1KT1ZiMXVfbjVzIn0..joZ7BnztS81hEZ9v.PX-I51YQ8lvSmuSSnmcDYuYAAktzAU12sz7JVK9h9O8YUmvWxZC5wQ.TDmD4B4L7g6vRy5LHqM5VQ
\ No newline at end of file