* In this config, i understand that /boot is only partly encrypted, is it right ? Another question, i finally found a way to remotly ssh unlock luks on vps. What is the benefit to use boot.initrd.secrets if i had already this config ? I suppose the usage of boot.initrd.secrets also broke the possibility to revert ?
```
boot.initrd.network = {
          enable = true;
          ssh = {
            enable = true;
            port = 2222;
            authorizedKeys = ["ssh-rsa xxx"];
            hostKeys = [ /boot/host_ecdsa_key ];
            };
        };
```

?