feat(home-server): set up clevis

This commit is contained in:
Felix Schröter 2024-06-03 19:45:03 +02:00
parent cf969f5bca
commit f143602d38
Signed by: felschr
GPG key ID: 671E39E6744C807D
2 changed files with 6 additions and 0 deletions

View file

@ -143,6 +143,11 @@ in
authorizedKeys = config.users.users.felschr.openssh.authorizedKeys.keys;
};
};
# allow automated decryption
# `echo -n '<LUKS passphrase here>' | clevis encrypt tang '{"url": "http://doctr:9090"}' > home-server-enc.jwe`
boot.initrd.clevis.enable = true;
boot.initrd.clevis.useTang = true;
boot.initrd.clevis.devices."enc".secretFile = ../secrets/clevis/home-server-enc.jwe;
systemd.notify = {
enable = true;

View file

@ -0,0 +1 @@
eyJhbGciOiJFQ0RILUVTIiwiY2xldmlzIjp7InBpbiI6InRhbmciLCJ0YW5nIjp7ImFkdiI6eyJrZXlzIjpbeyJhbGciOiJFUzUxMiIsImNydiI6IlAtNTIxIiwia2V5X29wcyI6WyJ2ZXJpZnkiXSwia3R5IjoiRUMiLCJ4IjoiQUtISFFSNjhkaFMxNGNiYXJJVkIxRFZPQkdaWEExY25OVHRSdHBkd1FVZ09LS2RNQnczM09wbk9zZGxOUmNFSDdRVHpRbTdHdDRuWFc1LTFCZU1pUkhBOCIsInkiOiJBQ1NoTmd6c0I1SnVCYWh3MGpacXlWZG0zT0h1TW44VXVCQ1hiYjdVUkQxZzlTQTF4a2dhb2lBMlpQZWxmVVJTYXF0c1VTWi1CaERNaVYwSlpBaF92LVBQIn0seyJhbGciOiJFQ01SIiwiY3J2IjoiUC01MjEiLCJrZXlfb3BzIjpbImRlcml2ZUtleSJdLCJrdHkiOiJFQyIsIngiOiJBQUV4MVB2d19qbmVfZDBUS3F3djZtWEY3Rm5yYl94bnVHTmRwOUVNZU1rVXItQXdBaW1CTE42MktJajBIcjlnVnZFZmUyZ2NJYzhLV1FCam90djdDYWw1IiwieSI6IkFXa2kwU1ZIcjRmRmFEODFkRVRQd0U0U1htZVJOeWl4WXlBOVNiWFpKSWhZRUM3YTVfZUliTk5xby1LX0paNzNEX20xVVdYdVY0bVAzVmxLc3N4bGZFTFEifV19LCJ1cmwiOiJodHRwOi8vZG9jdHI6OTA5MCJ9fSwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJjcnYiOiJQLTUyMSIsImt0eSI6IkVDIiwieCI6IkFEbTFxOEpJUEtOUVZnYnM0dTI0emxHRWNTME9TZWFjX1BEWnVUZFR6Y1VXa2d6SXJWZUlIWTlDRDIxR2NPYzBNSU1zeExzZkd3MWtYRnhFT0ZKb0dqYjIiLCJ5IjoiQVdSTkY1OXpjdmtfUFNOdUsxaXlrUTQ3aUptVUxqNWQzSWhnQTYwNkZMZ3lBRHJEemRRUFVFdDdLYUU3YmYtYVpjOXlSZUszcUFOeE9aM2xvZjZUdGxDMiJ9LCJraWQiOiJ1cGZSMUxlN19IbzE0c0RGTGVUYmZveml5Nmxnb0NDdm1KT1ZiMXVfbjVzIn0..joZ7BnztS81hEZ9v.PX-I51YQ8lvSmuSSnmcDYuYAAktzAU12sz7JVK9h9O8YUmvWxZC5wQ.TDmD4B4L7g6vRy5LHqM5VQ