From f46265e98ac1c57a0be582da9d6a9dc284b0b90e Mon Sep 17 00:00:00 2001
From: ahtlon <atlan@ahtlon.de>
Date: Tue, 31 Dec 2024 13:43:00 +0100
Subject: [PATCH] Add unlock-boot script

---
 outputs.nix            |  1 +
 scripts/unlock-boot.sh | 30 ++++++++++++++++++++++++++++++
 2 files changed, 31 insertions(+)
 create mode 100644 scripts/unlock-boot.sh

diff --git a/outputs.nix b/outputs.nix
index 9130a8eb..f79fd182 100644
--- a/outputs.nix
+++ b/outputs.nix
@@ -41,6 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
 
     packages = {
       remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
+      boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
       docs = pkgs.stdenv.mkDerivation {
         name = "malobeo-docs";
         phases = [ "buildPhase" ];
diff --git a/scripts/unlock-boot.sh b/scripts/unlock-boot.sh
new file mode 100644
index 00000000..e519bc37
--- /dev/null
+++ b/scripts/unlock-boot.sh
@@ -0,0 +1,30 @@
+set -o errexit
+set -o pipefail
+
+sshoptions="-o StrictHostKeyChecking=no -o ServerAliveInterval=1 -o ServerAliveCountMax=1 -p 222 -T"
+HOSTNAME=$1
+
+echo
+diskkey=$(sops -d machines/$HOSTNAME/disk.key)
+
+if [ $# = 1 ]
+    then
+    echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #storage
+
+    echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
+
+elif [ $# = 2 ]
+    then
+    IP=$2
+    
+    echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #storage
+
+    echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root
+
+else
+    echo
+    echo "Unlock the root disk on a remote host."
+    echo "Usage: $0 <hostname> [ip]"
+    echo "If an IP is not provided, the hostname will be used as the IP address."
+    exit 1
+fi
\ No newline at end of file