From a4318fce756e7267de8c8791a9b0e2096eda209c Mon Sep 17 00:00:00 2001
From: Jeff Moe <moe@forksand.com>
Date: Thu, 22 Nov 2018 15:02:56 -0700
Subject: [PATCH] Add cryptsetup remote ssh unlock

---
 source/resources/apps/cryptsetup/README.md | 34 ++++++++++++++++++++++
 1 file changed, 34 insertions(+)
 create mode 100644 source/resources/apps/cryptsetup/README.md

diff --git a/source/resources/apps/cryptsetup/README.md b/source/resources/apps/cryptsetup/README.md
new file mode 100644
index 0000000..df4c339
--- /dev/null
+++ b/source/resources/apps/cryptsetup/README.md
@@ -0,0 +1,34 @@
+apt install dropbear-initramfs
+
+/etc/dropbear-initramfs/config
+DROPBEAR_OPTIONS="-p611 -s -j -k -I 60"
+
+# Add RSA keys here (no ed25519 ?)
+vim /etc/dropbear-initramfs/authorized_keys
+
+# update initramfs
+update-initramfs -u
+
+# Set up grub
+vim /etc/default/grub
+# Like:
+GRUB_CMDLINE_LINUX_DEFAULT="ip=client-ip::gw-ip:netmask"
+# Example:
+GRUB_CMDLINE_LINUX_DEFAULT="ip=10.1.1.100::10.1.1.1:255.255.255.0"
+
+# update grub
+update-grub
+
+# Set up ~/.ssh/config for client to connect to dropbear/ssh:
+Host sf-001-disk
+    Hostname 10.1.1.100
+    Port 611
+    User root
+    PasswordAuthentication no
+    IdentityFile ~/.ssh/id_rsa
+
+# Then when system boots up, ssh to it:
+ssh sf-001-disk
+
+# When logged in, run:
+cryptroot-unlock