add fulldiskencryption

modules/boot.nix

@@ -13,19 +13,45 @@ in
         default = "";
         description = "The cpu-type installed on the server.";
       };
+      amdGPU = libS.mkOpinionatedOption "the system contains a AMD GPU";
     };
   };
 
   config.boot = lib.mkIf cfg.default {
+    initrd = {
+      # networking for netcard kernelModules = [ "e1000e" ];
+      kernelModules = lib.mkIf cfg.amdGPU [ "amdgpu" ];
+
+      network.enable = true;
+      network.ssh = {
+        enable = true;
+        hostKeys = [
+          "/root/ssh_key"
+        ];
+        port = 2222;
+      };
+      luks = {
+        devices."cryptroot" = {
+          device = "/dev/sda1";
+          preLVM = true;
+        };
+      };
+    };
+
     supportedFilesystems = [ "zfs" ];
     tmp.useTmpfs = true;
     kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
-    kernelParams = [ "nordrand" ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd";
+    kernelParams = [
+      "ip=<ip-addr>::<ip-gateway>:<netmask>"
+      "nordrand"
+    ] ++ lib.optional (cfg.cpuType == "amd") "kvm-amd";
+
     zfs = {
       enableUnstable = true;
       devNodes = "/dev/disk/by-id/";
       forceImportRoot = true;
     };
+
     loader = {
       efi = {
         canTouchEfiVariables = false;
@@ -39,6 +65,7 @@ in
         efiInstallAsRemovable = true;
         fsIdentifier = "uuid";
         device = "nodev";
+        enableCryptodisk = true;
       };
     };
   };

systems/palatine-hill/configuration.nix

@@ -3,6 +3,7 @@
   time.timeZone = "America/New_York";
   console.keyMap = "us";
   networking.hostId = "1139fa08";
+  boot.initrd.network.ssh.authorizedKeys = [ "ssh-ed25519 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" ];
 
   virtualisation = {
     docker = {