ahtlon/infrastructure
1
0
Fork 0
forked from kalipso/infrastructure
Code Pull Requests Activity

Add unlock-boot script

Browse Source
This commit is contained in:
ahtlon
2024-12-31 13:43:00 +01:00
parent 9f81b1497d
commit f46265e98a
2 changed files with 31 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
outputs.nix
View File

@@ -41,6 +41,7 @@ in (utils.lib.eachSystem (builtins.filter filter_system utils.lib.defaultSystems
packages = { packages = {
remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh); remote-install = pkgs.writeShellScriptBin "remote-install" (builtins.readFile ./scripts/remote-install-encrypt.sh);
boot-unlock = pkgs.writeShellScriptBin "boot-unlock" (builtins.readFile ./scripts/unlock-boot.sh);
docs = pkgs.stdenv.mkDerivation { docs = pkgs.stdenv.mkDerivation {
name = "malobeo-docs"; name = "malobeo-docs";
phases = [ "buildPhase" ]; phases = [ "buildPhase" ];

30
scripts/unlock-boot.sh Normal file
View File

@@ -0,0 +1,30 @@
set -o errexit
set -o pipefail
sshoptions="-o StrictHostKeyChecking=no -o ServerAliveInterval=1 -o ServerAliveCountMax=1 -p 222 -T"
HOSTNAME=$1
echo
diskkey=$(sops -d machines/$HOSTNAME/disk.key)
if [ $# = 1 ]
then
echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #storage
echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
elif [ $# = 2 ]
then
IP=$2
echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #storage
echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root
else
echo
echo "Unlock the root disk on a remote host."
echo "Usage: $0 <hostname> [ip]"
echo "If an IP is not provided, the hostname will be used as the IP address."
exit 1
fi