From 55fb2cfdda4e0287165f93bfd1347ff13174de1b Mon Sep 17 00:00:00 2001
From: Simon Bruder <simon@sbruder.de>
Date: Thu, 28 Jan 2021 19:02:19 +0100
Subject: [PATCH] shell.nix: Add luks remote unlock script

Closes #9.
---
 shell.nix | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/shell.nix b/shell.nix
index 807aba4..c32ca2b 100644
--- a/shell.nix
+++ b/shell.nix
@@ -25,6 +25,19 @@ let
       set -e
       $(nix-build --no-out-link deploy.nix -A "$1")
     '';
+
+    unlock = ''
+      set -eo pipefail
+      machine="$1"
+      hostname="$(nix-instantiate --eval --json machines -A "$1".target | ${pkgs.jq}/bin/jq -r . | cut -d@ -f2)"
+      ssh \
+          -oStrictHostKeyChecking=no \
+          -oGlobalKnownHostsFile=<(echo "[$hostname]:2222 ssh-ed25519 $(ssh-keygen -l -f <(ssh-keygen -y -f<(pass "nixos/machines/$machine/initrd-ssh-host-key")) | cut -d' ' -f2)") \
+          -4 \
+          -p 2222 \
+          "root@$hostname" \
+          "cat > /crypt-ramfs/passphrase" < <(pass "devices/$machine/luks")
+    '';
   };
 in
 pkgs.mkShell {