From 5c9d04d69b7ccde9a71245ae275a8c520f9c1a80 Mon Sep 17 00:00:00 2001
From: Grigory Shipunov <blame@oxapentane.com>
Date: Thu, 2 Jan 2025 20:02:48 +0000
Subject: [PATCH] add remote zfs unlock

---
 hosts/minime/hardware-configuration.nix |  2 +-
 hosts/minime/zfs.nix                    | 42 ++++++++++++++++++-------
 2 files changed, 31 insertions(+), 13 deletions(-)

diff --git a/hosts/minime/hardware-configuration.nix b/hosts/minime/hardware-configuration.nix
index 49ba6d6..f714d9e 100644
--- a/hosts/minime/hardware-configuration.nix
+++ b/hosts/minime/hardware-configuration.nix
@@ -51,7 +51,7 @@
 
   swapDevices =
     [ {
-      device = "/dev/disk/by-partuuid/5c3e37ec-c277-4487-8169-813446a5f723";
+      device = "/dev/disk/by-partuuid/7e7d0e0b-90b7-465c-a022-089b38e0f16d";
       randomEncryption = true;
     } ];
 
diff --git a/hosts/minime/zfs.nix b/hosts/minime/zfs.nix
index a2a1acd..90858db 100644
--- a/hosts/minime/zfs.nix
+++ b/hosts/minime/zfs.nix
@@ -11,21 +11,39 @@
   networking.hostId = "41ba28ff";
   boot = {
     kernelPackages = let
- zfsCompatibleKernelPackages = lib.filterAttrs (
-    name: kernelPackages:
-    (builtins.match "linux_[0-9]+_[0-9]+" name) != null
-    && (builtins.tryEval kernelPackages).success
-    && (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
-  ) pkgs.linuxKernel.packages;
-  latestKernelPackage = lib.last (
-    lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
-      builtins.attrValues zfsCompatibleKernelPackages
-    )
-  );
-in latestKernelPackage;
+      zfsCompatibleKernelPackages = lib.filterAttrs (
+        name: kernelPackages:
+        (builtins.match "linux_[0-9]+_[0-9]+" name) != null
+        && (builtins.tryEval kernelPackages).success
+        && (!kernelPackages.${config.boot.zfs.package.kernelModuleAttribute}.meta.broken)
+        ) pkgs.linuxKernel.packages;
+        latestKernelPackage = lib.last (
+          lib.sort (a: b: (lib.versionOlder a.kernel.version b.kernel.version)) (
+            builtins.attrValues zfsCompatibleKernelPackages
+            )
+            );
+    in latestKernelPackage;
     supportedFilesystems = [ "zfs" ];
     kernelParams = [ "nohibernate" ];
     plymouth.enable = false;
     tmp.useTmpfs = true;
   };
+
+  # unlock over ssh
+  boot.initrd.network = {
+    enable = true;
+    ssh = {
+      enable = true;
+      port = 2222;
+      hostKeys = [ /etc/secrets/initrd/ssh_host_rsa_key ];
+      authorizedKeys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJl9iYG5oHBq/poBn7Jf1/FGWWbAnbx+NKjs7qtT3uAK 0xa@toaster 2024-12-31" ];
+    };
+    postCommands = ''
+        zpool import -a
+        echo "zfs load-key -a; killall zfs" >> /root/.profile
+    '';
+  };
+  # support for network
+  boot.initrd.kernelModules = [ "igc" "i40e" "mt7921e" ];
+  boot.kernelModules = [ "igc" "i40e" "mt7921e" ];
 }