Remote disk unlocking: Difference between revisions
Add section on how to enable wifi in initrd
(→Bcachefs unlocking: Clarify bcachefs remote disk unlocking setup) |
(Add section on how to enable wifi in initrd) |
||
Line 183: | Line 183: | ||
<pre>torify ssh root@<onion.id>.onion -p 22 'my-secret-password'</pre> | <pre>torify ssh root@<onion.id>.onion -p 22 'my-secret-password'</pre> | ||
=== Enable Wifi in initrd === | |||
Following example configuration by [https://discourse.nixos.org/t/wireless-connection-within-initrd/38317/13 @loutr] enables wifi connections inside initrd. Replace interface name <code>wlp0s20f0u4</code> with the name of your wifi adapter. Depending on your wifi device, you might need to add different kernel modules.<syntaxhighlight lang="nix"> | |||
boot.initrd = { | |||
# crypto coprocessor and wifi modules | |||
availableKernelModules = [ "ccm" "ctr" "iwlmvm" "iwlwifi" ]; | |||
systemd = { | |||
enable = true; | |||
packages = [ pkgs.wpa_supplicant ]; | |||
initrdBin = [ pkgs.wpa_supplicant ]; | |||
targets.initrd.wants = [ "wpa_supplicant@wlp0s20f0u4.service" ]; | |||
# prevent WPA supplicant from requiring `sysinit.target`. | |||
services."wpa_supplicant@".unitConfig.DefaultDependencies = false; | |||
users.root.shell = "/bin/systemd-tty-ask-password-agent"; | |||
network = { | |||
enable = true; | |||
networks."10-wlan" = { | |||
matchConfig.Name = "wlp0s20f0u4"; | |||
networkConfig.DHCP = "yes"; | |||
}; | |||
ssh = { | |||
enable = true; | |||
port = 22; | |||
hostKeys = [ "/etc/ssh/ssh_host_ed25519_key" ]; | |||
authorizedKeys = default.user.openssh.authorizedKeys.keys; | |||
}; | |||
}; | |||
secrets."/etc/wpa_supplicant/wpa_supplicant-wlp0s20f0u4.conf" = /root/secrets/wpa_supplicant.conf; | |||
}; | |||
</syntaxhighlight>The file <code>wpa_supplicat-wlp0s20f0u4.conf</code> is the wireless profile used by [[wpa_supplicant]] which will get copied into the initramfs. | |||
[[Category:Server]] | [[Category:Server]] | ||
[[Category:Cookbook]] | [[Category:Cookbook]] |