From 0084c41abfbf5fa6e19539d7a32f3bce4c3eb6b7 Mon Sep 17 00:00:00 2001
From: Florian Klink <flokli@flokli.de>
Date: Fri, 22 Oct 2021 15:01:55 +0200
Subject: [PATCH] nixos/systemd: add remote-cryptsetup.target

/etc/crypttab can contain the _netdev option, which adds crypto devices
to the remote-cryptsetup.target.

remote-cryptsetup.target has a dependency on cryptsetup-pre.target. So
let's add both of them.

Currently, one needs to manually ssh in and invoke `systemctl start
systemd-cryptsetup@<name>.service` to unlock volumes.

After this change, systemd will properly add it to the target, and
assuming remote-cryptsetup.target is pulled in somewhere, you can simply
pass the passphrase by invoking `systemd-tty-ask-password-agent` after
ssh-ing in, without having to manually start these services.

Whether remote-cryptsetup.target should be added to multi-user.target
(as it is on other distros) is part of another discussion - right now
the following snippet will do:

```
systemd.targets.multi-user.wants = [ "remote-cryptsetup.target" ];
```
---
 nixos/modules/system/boot/systemd.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nixos/modules/system/boot/systemd.nix b/nixos/modules/system/boot/systemd.nix
index 93ea77d1ee72..77997ac76863 100644
--- a/nixos/modules/system/boot/systemd.nix
+++ b/nixos/modules/system/boot/systemd.nix
@@ -26,6 +26,8 @@ let
       "nss-user-lookup.target"
       "time-sync.target"
       "cryptsetup.target"
+      "cryptsetup-pre.target"
+      "remote-cryptsetup.target"
       "sigpwr.target"
       "timers.target"
       "paths.target"