Encrypted NixOS home server with passwordless reboot
These are my notes on refurbishing a laptop with a broken screen hinge to a NixOS home server. A coworker recommended Colmena for managing NixOS on remote machines, so I decided to give it a try. I got confused by the Colmena manual, which expects NixOS to be already set up on the remote host but doesn't clearly show how to move the existing nix (remote) config inside Colmena.
I then rebuilt the system `nixos-rebuild switch` and was able to log in from my main computer via ssh using the password. Once connected via ssh:
I use a TPM-backed ssh key which asks for a pin on every connection. To workaround the (documented) limitation of Colmena which requires non-interactive login, I started a ssh connection in "master mode" in another terminal. With this command running in the background, I am now able to run `colmena apply`.
Since I setup a full-disk encryption, I need to type the password on every boot. However I read recently on Lobster's that it was possible to skip this, when rebooting with kexec.
