I was actually using my own user account instead of root, but now that you mention it… I’m not sure how that would even work so yeah that makes sense.
I did rebuild the initramfs after every change but did not manually copy the key file anywhere other than etc.
Will check out the link tomorrow. Thanks a lot for sharing!
Edit: tried again with root and it worked flawlessly :D
https://www.cyberciti.biz/security/how-to-unlock-luks-using-dropbear-ssh-keys-remotely-in-linux/
As mentioned in another comment I haven’t quite gotten it working but it should be possible to do this via SSH
Thank you! I had no clue what to even search for but your comment pointed me in the right direction.
I spent the past hour setting this up and it almost works, but for some reason when I boot I only see something like “Loading initramfs” and then just a black screen and nothing happens. If I mash the escape key before I reach the black screen then plymouth works and I see the logo and LUKS password prompt.
In the past I wanted to use auto unlock via TPM, however it seems quite complicated to set up and the Arch wiki advises against it anyway, so I just enter the password during boot.
The one improvement I would like to make here is to have a nicer input (visually) like Fedora but I’m not sure how this is done and how I could replicate that on Arch.
Can’t speak for OP but I was also attempting this and couldn’t get it working. My use case is that CF tunnels make multiple of my self hosted services available on the Internet via HTTPS and without directly exposing my home IP.
It does however mean that even when I use a service on my home network, everything is being proxied through CF which makes things much slower than they need to be 90% of the time. So my idea is to use caddy in parallel to CF and have a local DNS server point to my homelab, thereby circumventing the proxy whenever I’m on my home network.
But like I said I could not get this working just yet.