feat(home-server): set up clevis

2024-06-03 19:45:03 +02:00 · 2024-06-03 19:45:03 +02:00 · f143602d38
commit f143602d38
parent cf969f5bca
2 changed files with 6 additions and 0 deletions
--- a/hosts/home-server.nix
+++ b/hosts/home-server.nix
@ -143,6 +143,11 @@ in
      authorizedKeys = config.users.users.felschr.openssh.authorizedKeys.keys;
    };
  };
+  # allow automated decryption
+  # `echo -n '<LUKS passphrase here>' | clevis encrypt tang '{"url": "http://doctr:9090"}' > home-server-enc.jwe`
+  boot.initrd.clevis.enable = true;
+  boot.initrd.clevis.useTang = true;
+  boot.initrd.clevis.devices."enc".secretFile = ../secrets/clevis/home-server-enc.jwe;

  systemd.notify = {
    enable = true;