simon/nixos-config
simon/nixos-config
1
1
Fork 0
Code Issues 8 Pull requests Actions Projects Activity

shell.nix: Add luks remote unlock script

Browse source 
Closes #9.
This commit is contained in:
Simon Bruder 2021-01-28 19:02:19 +01:00
parent e7c6406820
commit 55fb2cfdda
Signed by: simon
GPG key ID: 8D3C82F9F309F8EC
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
shell.nix
View file

@ -25,6 +25,19 @@ let
set -e set -e
$(nix-build --no-out-link deploy.nix -A "$1") $(nix-build --no-out-link deploy.nix -A "$1")
''; '';
unlock = ''
set -eo pipefail
machine="$1"
hostname="$(nix-instantiate --eval --json machines -A "$1".target | ${pkgs.jq}/bin/jq -r . | cut -d@ -f2)"
ssh \
-oStrictHostKeyChecking=no \
-oGlobalKnownHostsFile=<(echo "[$hostname]:2222 ssh-ed25519 $(ssh-keygen -l -f <(ssh-keygen -y -f<(pass "nixos/machines/$machine/initrd-ssh-host-key")) | cut -d' ' -f2)") \
-4 \
-p 2222 \
"root@$hostname" \
"cat > /crypt-ramfs/passphrase" < <(pass "devices/$machine/luks")
'';
}; };
in in
pkgs.mkShell { pkgs.mkShell {