feat(home-server): set up clevis
This commit is contained in:
parent
cf969f5bca
commit
f143602d38
|
@ -143,6 +143,11 @@ in
|
|||
authorizedKeys = config.users.users.felschr.openssh.authorizedKeys.keys;
|
||||
};
|
||||
};
|
||||
# allow automated decryption
|
||||
# `echo -n '<LUKS passphrase here>' | clevis encrypt tang '{"url": "http://doctr:9090"}' > home-server-enc.jwe`
|
||||
boot.initrd.clevis.enable = true;
|
||||
boot.initrd.clevis.useTang = true;
|
||||
boot.initrd.clevis.devices."enc".secretFile = ../secrets/clevis/home-server-enc.jwe;
|
||||
|
||||
systemd.notify = {
|
||||
enable = true;
|
||||
|
|
1
secrets/clevis/home-server-enc.jwe
Normal file
1
secrets/clevis/home-server-enc.jwe
Normal file
|
@ -0,0 +1 @@
|
|||
eyJhbGciOiJFQ0RILUVTIiwiY2xldmlzIjp7InBpbiI6InRhbmciLCJ0YW5nIjp7ImFkdiI6eyJrZXlzIjpbeyJhbGciOiJFUzUxMiIsImNydiI6IlAtNTIxIiwia2V5X29wcyI6WyJ2ZXJpZnkiXSwia3R5IjoiRUMiLCJ4IjoiQUtISFFSNjhkaFMxNGNiYXJJVkIxRFZPQkdaWEExY25OVHRSdHBkd1FVZ09LS2RNQnczM09wbk9zZGxOUmNFSDdRVHpRbTdHdDRuWFc1LTFCZU1pUkhBOCIsInkiOiJBQ1NoTmd6c0I1SnVCYWh3MGpacXlWZG0zT0h1TW44VXVCQ1hiYjdVUkQxZzlTQTF4a2dhb2lBMlpQZWxmVVJTYXF0c1VTWi1CaERNaVYwSlpBaF92LVBQIn0seyJhbGciOiJFQ01SIiwiY3J2IjoiUC01MjEiLCJrZXlfb3BzIjpbImRlcml2ZUtleSJdLCJrdHkiOiJFQyIsIngiOiJBQUV4MVB2d19qbmVfZDBUS3F3djZtWEY3Rm5yYl94bnVHTmRwOUVNZU1rVXItQXdBaW1CTE42MktJajBIcjlnVnZFZmUyZ2NJYzhLV1FCam90djdDYWw1IiwieSI6IkFXa2kwU1ZIcjRmRmFEODFkRVRQd0U0U1htZVJOeWl4WXlBOVNiWFpKSWhZRUM3YTVfZUliTk5xby1LX0paNzNEX20xVVdYdVY0bVAzVmxLc3N4bGZFTFEifV19LCJ1cmwiOiJodHRwOi8vZG9jdHI6OTA5MCJ9fSwiZW5jIjoiQTI1NkdDTSIsImVwayI6eyJjcnYiOiJQLTUyMSIsImt0eSI6IkVDIiwieCI6IkFEbTFxOEpJUEtOUVZnYnM0dTI0emxHRWNTME9TZWFjX1BEWnVUZFR6Y1VXa2d6SXJWZUlIWTlDRDIxR2NPYzBNSU1zeExzZkd3MWtYRnhFT0ZKb0dqYjIiLCJ5IjoiQVdSTkY1OXpjdmtfUFNOdUsxaXlrUTQ3aUptVUxqNWQzSWhnQTYwNkZMZ3lBRHJEemRRUFVFdDdLYUU3YmYtYVpjOXlSZUszcUFOeE9aM2xvZjZUdGxDMiJ9LCJraWQiOiJ1cGZSMUxlN19IbzE0c0RGTGVUYmZveml5Nmxnb0NDdm1KT1ZiMXVfbjVzIn0..joZ7BnztS81hEZ9v.PX-I51YQ8lvSmuSSnmcDYuYAAktzAU12sz7JVK9h9O8YUmvWxZC5wQ.TDmD4B4L7g6vRy5LHqM5VQ
|
Loading…
Reference in a new issue