ctucx.git: nixfiles

machines/hector: add luks-unlock in initramfs

diff --git a/machines/hector/configuration.nix b/machines/hector/configuration.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, lib, pkgs, ... }:
 
 {
 

@@ -13,10 +13,30 @@
     ../../configurations/services/restic-server.nix
   ];
 
-  boot.loader.grub = {
-    enable  = true;
-    version = 2;
-    device  = "/dev/sda";
+  boot = {
+    loader.grub = {
+      enable  = true;
+      version = 2;
+      device  = "/dev/sda";
+    };
+
+    initrd.network = {
+      enable = true;
+      ssh    = {
+        enable         = true;
+        port           = 22;
+        hostKeys       = [ /etc/ssh/ssh_host_rsa_key ];
+        authorizedKeys = with lib; concatLists (mapAttrsToList (name: user: if elem "wheel" user.extraGroups then user.openssh.authorizedKeys.keys else []) config.users.users);
+      };
+
+      postCommands = ''
+        ip link set dev ens18 up
+        ip addr add 2a01:4f9:6b:2d99:2829:acab::1 dev ens18
+        ip route add default via 2a01:4f9:6b:2d99::2 dev ens18 onlink
+
+        echo 'cryptsetup-askpass' >> /root/.profile
+      '';
+    };
   };
 
   dns.zones."ctu.cx".subdomains.hector.AAAA = [ "2a01:4f9:6b:2d99:2829:acab::1" ];