From 1e6fe4a8efe1d87f1ff0ccbc830ce6e51fcf8b6e Mon Sep 17 00:00:00 2001
From: NullBite <me@nullbite.com>
Date: Fri, 5 Jul 2024 18:34:31 -0400
Subject: [PATCH] system: set rescue password in systemd initrd

---
 system/profile/base.nix | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/system/profile/base.nix b/system/profile/base.nix
index deab171..d91f75d 100644
--- a/system/profile/base.nix
+++ b/system/profile/base.nix
@@ -129,6 +129,10 @@ in
         enableSSHSupport = lib.mkDefault false;
       };
 
+      # initrd rescue password (can store plain hash since it is extremely
+      # unlikely to be brute forced)
+      boot.initrd.systemd.emergencyAccess = "$2b$15$jljA4yma8GrD2LmvhrlUkuXWBry/0jhMnXs1qB1y/byBGXKq74wMK";
+
       boot.loader.systemd-boot.configurationLimit = lib.mkDefault 15;
 
       # see: