kalipso/infrastructure
1
1
Fork 1
Code Issues 42 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

Compare commits

base: kalipso:issue31
Branches Tags
kalipso:master kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver
..
compare: kalipso:eb7db0dc95ee22711f2f90c338316e38aa4af4fa
Branches Tags
kalipso:nextcloud_deck_derivation kalipso:vaultwarden kalipso:master kalipso:staging kalipso:script kalipso:zineshop kalipso:nextcloud_upgrade_31 kalipso:printer-module kalipso:microvm-dirs kalipso:sanoid kalipso:issue77 kalipso:reproducible-deployments kalipso:reproducible-deployments-filestructure kalipso:issue31 kalipso:microvm-module kalipso:issue47 kalipso:hostbuilder kalipso:better-workflows kalipso:issue51 kalipso:local-testing-v2 kalipso:gitea kalipso:fileserver

11 Commits
issue31 ... eb7db0dc95

Author SHA1 Message Date
kalipso
eb7db0dc95 [run-vm] mv to /scripts
All checks were successful
Check flake syntax / flake-check (push) Successful in 4m14s
Details
2025-01-23 16:48:02 +01:00
kalipso
d91760f781 [nix] rm machines/configuration.nix 2025-01-23 16:48:02 +01:00
kalipso
13db9eb4c9 [nix] mv buildVM to host_builder 2025-01-23 16:48:02 +01:00
kalipso
caa0a800a8 [vmBuilder] add writable store flag 2025-01-23 16:48:02 +01:00
kalipso
f7130d1483 [nix] fix imports 2025-01-23 16:48:02 +01:00
kalipso
e61f29055d [nix] mv vm overwrites to host_builder 2025-01-23 16:48:02 +01:00
kalipso
883549f15c [nix] mv host_builer.nix host_builder.nix 2025-01-23 16:48:02 +01:00
kalipso
72c614d330 [nix] create nixosConfigurations using malobeo.hosts 2025-01-23 16:48:02 +01:00
kalipso
9794c81894 [nix] mv host declarations to hosts.nix, add util to host_builer.nix 2025-01-23 16:48:02 +01:00
kalipso
47eda81019 [nix] generate hosts 2025-01-23 16:48:02 +01:00
kalipso
0a5359138a [nix] init host_builder.nix 2025-01-23 16:48:02 +01:00
13 changed files with 259 additions and 245 deletions
Expand all files Collapse all files

5
machines/bakunin/configuration.nix
View File

@@ -26,7 +26,6 @@ in
malobeo.disks = { malobeo.disks = {
enable = true; enable = true;
legacy = true;
hostId = "a3c3102f"; hostId = "a3c3102f";
root = { root = {
disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ"; disk0 = "disk/by-id/ata-HITACHI_HTS725016A9A364_110308PCKB04VNHX9XTJ";
@@ -34,7 +33,9 @@ in
}; };
malobeo.initssh = { malobeo.initssh = {
enable = false; enable = true;
authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"];
}; };
hardware.sane.enable = true; #scanner support hardware.sane.enable = true; #scanner support

7
machines/fanny/configuration.nix
View File

@@ -51,7 +51,6 @@ in
disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381"; disk0 = "disk/by-id/ata-SAMSUNG_MZ7LN256HCHP-000L7_S20HNAAH200381";
}; };
storage = { storage = {
enable = true;
disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"]; disks = ["disk/by-id/wwn-0x50014ee265b53b60" "disk/by-id/wwn-0x50014ee2bb0a194a"];
mirror = true; mirror = true;
}; };
@@ -73,12 +72,6 @@ in
services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ]; services.malobeo.microvm.deployHosts = [ "overwatch" "infradocs" "nextcloud" "durruti" ];
networking = { networking = {
nat = {
enable = true;
externalInterface = "enp1s0";
internalInterfaces = [ "microvm" ];
};
firewall = { firewall = {
allowedTCPPorts = [ 80 ]; allowedTCPPorts = [ 80 ];
}; };

4
machines/hosts.nix
View File

@@ -66,10 +66,6 @@
mac = "D0:E5:CA:F0:D7:E0"; mac = "D0:E5:CA:F0:D7:E0";
}; };
}; };
testvm = {
type = "host";
};
}; };
}; };
} }

63
machines/modules/disko/btrfs-laptop.nix Normal file
View File

@@ -0,0 +1,63 @@
{ config, self, inputs, ... }:
{
imports = [
inputs.disko.nixosModules.disko
];
# https://github.com/nix-community/disko/blob/master/example/luks-btrfs-subvolumes.nix
disko.devices = {
disk = {
main = {
type = "disk";
# When using disko-install, we will overwrite this value from the commandline
device = "/dev/disk/by-id/some-disk-id";
content = {
type = "gpt";
partitions = {
ESP = {
size = "512M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
luks = {
size = "100%";
content = {
type = "luks";
name = "crypted";
passwordFile = /tmp/secret.key; # Interactive
content = {
type = "btrfs";
extraArgs = [ "-f" ];
subvolumes = {
"/root" = {
mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/home" = {
mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/nix" = {
mountpoint = "/nix";
mountOptions = [ "compress=zstd" "noatime" ];
};
"/swap" = {
mountpoint = "/.swapvol";
swap.swapfile.size = "20M";
};
};
};
};
};
};
};
};
};
};
}

379
machines/modules/disko/default.nix
View File

@@ -20,11 +20,6 @@ in
default = true; default = true;
description = "Allows encryption to be disabled for testing"; description = "Allows encryption to be disabled for testing";
}; };
legacy = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable legacy boot (bios)";
};
devNodes = lib.mkOption { devNodes = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "/dev/disk/by-id/"; default = "/dev/disk/by-id/";
@@ -86,220 +81,198 @@ in
}; };
}; };
config = lib.mkMerge [ config = lib.mkIf cfg.enable {
(lib.mkIf (cfg.enable && !cfg.legacy) { networking.hostId = cfg.hostId;
boot = { disko.devices = {
loader.systemd-boot.enable = true; disk = lib.mkMerge [
loader.efi.canTouchEfiVariables = true; {
supportedFilesystems = [ "vfat" "zfs" ]; ssd0 = lib.mkIf (cfg.root.disk0 != "") {
}; type = "disk";
fileSystems."/boot".neededForBoot = true; device = "/dev/${cfg.root.disk0}";
}) content = {
(lib.mkIf (cfg.enable && cfg.legacy) { type = "gpt";
boot.loader.grub = { partitions = {
enable = lib.mkForce true; ESP = {
device = "/dev/${cfg.root.disk0}-part1"; size = "1024M";
efiSupport = false; type = "EF00";
enableCryptodisk = cfg.encryption;
zfsSupport = true;
};
})
(lib.mkIf cfg.enable {
networking.hostId = cfg.hostId;
disko.devices = {
disk = lib.mkMerge [
{
ssd0 = lib.mkIf (cfg.root.disk0 != "") {
type = "disk";
device = "/dev/${cfg.root.disk0}";
content = {
type = "gpt";
partitions = {
ESP = lib.mkIf (!cfg.legacy) {
size = "1024M";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = [ "umask=0077" ];
};
};
boot = lib.mkIf cfg.legacy {
size = "1024M";
type = "EF02";
};
encryptedSwap = {
size = cfg.root.swap;
content = {
type = "swap";
randomEncryption = true;
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
ssd1 = lib.mkIf (cfg.root.disk1 != "") {
type = "disk";
device = "/dev/${cfg.root.disk1}";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
}
(lib.mkIf cfg.storage.enable (
lib.mkMerge (
map (diskname: {
"${diskname}" = {
type = "disk";
device = "/dev/${diskname}";
content = { content = {
type = "gpt"; type = "filesystem";
partitions = { format = "vfat";
zfs = { mountpoint = "/boot";
size = "100%"; mountOptions = [ "umask=0077" ];
content = { };
type = "zfs"; };
pool = "storage"; encryptedSwap = {
}; size = cfg.root.swap;
content = {
type = "swap";
randomEncryption = true;
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
ssd1 = lib.mkIf (cfg.root.disk1 != "") {
type = "disk";
device = "/dev/${cfg.root.disk1}";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
}
(lib.mkIf cfg.storage.enable (
lib.mkMerge (
map (diskname: {
"${diskname}" = {
type = "disk";
device = "/dev/${diskname}";
content = {
type = "gpt";
partitions = {
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "storage";
}; };
}; };
}; };
}; };
}) cfg.storage.disks };
) }) cfg.storage.disks
)) )
]; ))
];
zpool = { zpool = {
zroot = { zroot = {
type = "zpool"; type = "zpool";
mode = lib.mkIf cfg.root.mirror "mirror"; mode = lib.mkIf cfg.root.mirror "mirror";
# Workaround: cannot import 'zroot': I/O error in disko tests # Workaround: cannot import 'zroot': I/O error in disko tests
options.cachefile = "none"; options.cachefile = "none";
rootFsOptions = { rootFsOptions = {
mountpoint = "none"; mountpoint = "none";
xattr = "sa"; # für microvm virtiofs mount xattr = "sa"; # für microvm virtiofs mount
acltype = "posixacl"; # für microvm virtiofs mount acltype = "posixacl"; # für microvm virtiofs mount
compression = "zstd"; compression = "zstd";
"com.sun:auto-snapshot" = "false"; "com.sun:auto-snapshot" = "false";
};
datasets = {
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = lib.mkIf cfg.encryption "aes-256-gcm";
keyformat = lib.mkIf cfg.encryption "passphrase";
keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
};
# use this to read the key during boot
postCreateHook = lib.mkIf cfg.encryption ''
zfs set keylocation="prompt" zroot/encrypted;
'';
};
"encrypted/root" = {
type = "zfs_fs";
mountpoint = "/";
options.mountpoint = "legacy";
};
"encrypted/var" = {
type = "zfs_fs";
mountpoint = "/var";
options.mountpoint = "legacy";
};
"encrypted/etc" = {
type = "zfs_fs";
mountpoint = "/etc";
options.mountpoint = "legacy";
};
"encrypted/home" = {
type = "zfs_fs";
mountpoint = "/home";
options.mountpoint = "legacy";
};
"encrypted/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options.mountpoint = "legacy";
};
reserved = {
# for cow delete if pool is full
options = {
canmount = "off";
mountpoint = "none";
reservation = "${cfg.root.reservation}";
};
type = "zfs_fs";
};
};
}; };
storage = lib.mkIf cfg.storage.enable { datasets = {
type = "zpool"; encrypted = {
mode = lib.mkIf (cfg.storage.mirror) "mirror"; type = "zfs_fs";
rootFsOptions = { options = {
mountpoint = "none"; mountpoint = "none";
xattr = "sa"; # für microvm virtiofs mount encryption = lib.mkIf cfg.encryption "aes-256-gcm";
acltype = "posixacl"; # für microvm virtiofs mount keyformat = lib.mkIf cfg.encryption "passphrase";
keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
};
# use this to read the key during boot
postCreateHook = lib.mkIf cfg.encryption ''
zfs set keylocation="prompt" zroot/encrypted;
'';
}; };
datasets = { "encrypted/root" = {
encrypted = { type = "zfs_fs";
type = "zfs_fs"; mountpoint = "/";
options = { options.mountpoint = "legacy";
mountpoint = "none"; };
encryption = lib.mkIf cfg.encryption "aes-256-gcm"; "encrypted/var" = {
keyformat = lib.mkIf cfg.encryption "passphrase"; type = "zfs_fs";
keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key"; mountpoint = "/var";
}; options.mountpoint = "legacy";
# use this to read the key during boot };
postCreateHook = lib.mkIf cfg.encryption '' "encrypted/etc" = {
zfs set keylocation="file:///root/secret.key" storage/encrypted; type = "zfs_fs";
''; mountpoint = "/etc";
options.mountpoint = "legacy";
};
"encrypted/home" = {
type = "zfs_fs";
mountpoint = "/home";
options.mountpoint = "legacy";
};
"encrypted/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options.mountpoint = "legacy";
};
reserved = {
# for cow delete if pool is full
options = {
canmount = "off";
mountpoint = "none";
reservation = "${cfg.root.reservation}";
}; };
"encrypted/data" = { type = "zfs_fs";
type = "zfs_fs"; };
mountpoint = "/data"; };
};
storage = lib.mkIf cfg.storage.enable {
type = "zpool";
mode = lib.mkIf (cfg.storage.mirror) "mirror";
rootFsOptions = {
mountpoint = "none";
xattr = "sa"; # für microvm virtiofs mount
acltype = "posixacl"; # für microvm virtiofs mount
};
datasets = {
encrypted = {
type = "zfs_fs";
options = {
mountpoint = "none";
encryption = lib.mkIf cfg.encryption "aes-256-gcm";
keyformat = lib.mkIf cfg.encryption "passphrase";
keylocation = lib.mkIf cfg.encryption "file:///tmp/secret.key";
}; };
reserved = { # use this to read the key during boot
# for cow delete if pool is full postCreateHook = lib.mkIf cfg.encryption ''
options = { zfs set keylocation="prompt" storage/encrypted;
canmount = "off"; '';
mountpoint = "none"; };
reservation = "${cfg.storage.reservation}"; "encrypted/data" = {
}; type = "zfs_fs";
type = "zfs_fs"; mountpoint = "/data";
options.mountpoint = "legacy";
};
reserved = {
# for cow delete if pool is full
options = {
canmount = "off";
mountpoint = "none";
reservation = "${cfg.storage.reservation}";
}; };
type = "zfs_fs";
}; };
}; };
}; };
}; };
};
boot.zfs.devNodes = lib.mkDefault cfg.devNodes; boot.zfs.devNodes = lib.mkDefault cfg.devNodes;
boot.zfs.extraPools = lib.mkIf cfg.storage.enable [ "storage" ];
fileSystems."/".neededForBoot = true; fileSystems."/".neededForBoot = true;
fileSystems."/etc".neededForBoot = true; fileSystems."/etc".neededForBoot = true;
fileSystems."/var".neededForBoot = true; fileSystems."/boot".neededForBoot = true;
fileSystems."/home".neededForBoot = true; fileSystems."/var".neededForBoot = true;
fileSystems."/nix".neededForBoot = true; fileSystems."/home".neededForBoot = true;
}) fileSystems."/nix".neededForBoot = true;
]; };
} }

9
machines/modules/host_builder.nix
View File

@@ -135,8 +135,8 @@ rec {
}]); }]);
#if networking is disabled forward port 80 to still have access to webservices #if networking is disabled forward port 80 to still have access to webservices
forwardPorts = pkgs.lib.mkIf (!options.withNetworking && options.fwdPort != 0) (pkgs.lib.mkForce [ forwardPorts = pkgs.lib.mkIf (!options.withNetworking) (pkgs.lib.mkForce [
{ from = "host"; host.port = options.fwdPort; guest.port = 80; } { from = "host"; host.port = 8080; guest.port = 80; }
]); ]);
}; };
@@ -212,13 +212,12 @@ rec {
builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts); builtins.listToAttrs (map mapperFunc self.nixosConfigurations.${host}.config.services.malobeo.microvm.deployHosts);
}; };
buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: fwdPort: (self.nixosConfigurations.${host}.extendModules { buildVM = host: networking: sopsDummy: disableDisko: varPath: writableStore: (self.nixosConfigurations.${host}.extendModules {
modules = [ modules = [
(vmMicroVMOverwrites host { (vmMicroVMOverwrites host {
withNetworking = networking; withNetworking = networking;
varPath = "${varPath}"; varPath = "${varPath}";
writableStore = writableStore; writableStore = writableStore; })
fwdPort = fwdPort; })
(if sopsDummy then (vmSopsOverwrites host) else {}) (if sopsDummy then (vmSopsOverwrites host) else {})
(if disableDisko then vmDiskoOverwrites else {}) (if disableDisko then vmDiskoOverwrites else {})
] ++ pkgs.lib.optionals (hosts.malobeo.hosts.${host}.type != "microvm") [ ] ++ pkgs.lib.optionals (hosts.malobeo.hosts.${host}.type != "microvm") [

5
machines/modules/malobeo/initssh.nix
View File

@@ -26,8 +26,13 @@ in
config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) { config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
boot = { boot = {
loader.systemd-boot.enable = true;
loader.efi.canTouchEfiVariables = true;
supportedFilesystems = [ "vfat" "zfs" ];
zfs = { zfs = {
forceImportAll = true;
requestEncryptionCredentials = true; requestEncryptionCredentials = true;
}; };
initrd = { initrd = {
availableKernelModules = cfg.ethernetDrivers; availableKernelModules = cfg.ethernetDrivers;

7
machines/modules/malobeo/peers.nix
View File

@@ -30,13 +30,6 @@
publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y="; publicKey = "TrJ4UAF//zXdaLwZudI78L+rTC36zEDodTDOWNS4Y1Y=";
}; };
"hetzner" = {
role = "client";
address = [ "10.100.0.6/24" ];
allowedIPs = [ "10.100.0.6/32" ];
publicKey = "csRzgwtnzmSLeLkSwTwEOrdKq55UOxZacR5D3GopCTQ=";
};
"fanny" = { "fanny" = {
role = "client"; role = "client";
address = [ "10.100.0.101/24" ]; address = [ "10.100.0.101/24" ];

2
machines/nextcloud/configuration.nix
View File

@@ -46,7 +46,7 @@ with lib;
}; };
extraAppsEnable = true; extraAppsEnable = true;
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls; inherit (config.services.nextcloud.package.packages.apps) contacts calendar;
collectives = pkgs.fetchNextcloudApp { collectives = pkgs.fetchNextcloudApp {
sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY="; sha256 = "sha256-cj/8FhzxOACJaUEu0eG9r7iAQmnOG62yFHeyUICalFY=";
url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz"; url = "https://github.com/nextcloud/collectives/releases/download/v2.15.2/collectives-2.15.2.tar.gz";

2
machines/testvm/configuration.nix → machines/testvm/default.nix
View File

@@ -24,7 +24,7 @@ in
malobeo.disks = { malobeo.disks = {
enable = true; enable = true;
encryption = true; encryption = false;
hostId = "83abc8cb"; hostId = "83abc8cb";
devNodes = "/dev/disk/by-path/"; devNodes = "/dev/disk/by-path/";
root = { root = {

2
scripts/remote-install-encrypt.sh
View File

@@ -37,11 +37,9 @@ trap cleanup EXIT
# Create the directory where sshd expects to find the host keys # Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh/" install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/root/"
diskKey=$(sops -d machines/$hostname/disk.key) diskKey=$(sops -d machines/$hostname/disk.key)
echo "$diskKey" > /tmp/secret.key echo "$diskKey" > /tmp/secret.key
echo "$diskKey" > $temp/root/secret.key
ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N "" ssh-keygen -f $temp/etc/ssh/"$hostname" -t ed25519 -N ""
ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N "" ssh-keygen -f $temp/etc/ssh/initrd -t ed25519 -N ""

13
scripts/run-vm.sh
View File

@@ -6,7 +6,6 @@ usage() {
echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny" echo "--no-disko disable disko and initrd secrets. needed for real hosts like fanny"
echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny" echo "--writable-store enables writable store. necessary for host with nested imperative microvms like fanny"
echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate" echo "--var path to directory that should be shared as /var. may require root otherwise some systemd units fail within vm. if dir is empty vm will populate"
echo "--fwd-port forwards the given port to port 80 on vm"
exit 1 exit 1
} }
@@ -23,7 +22,6 @@ DUMMY_SECRETS=false
NO_DISKO=false NO_DISKO=false
RW_STORE=false RW_STORE=false
VAR_PATH="" VAR_PATH=""
FWD_PORT=0
# check argws # check argws
shift shift
@@ -42,15 +40,6 @@ while [[ "$#" -gt 0 ]]; do
usage usage
fi fi
;; ;;
--fwd-port)
if [[ -n "$2" && ! "$2" =~ ^- ]]; then
FWD_PORT="$2"
shift
else
echo "Error: --var requires a non-empty string argument."
usage
fi
;;
*) echo "Unknown argument: $1"; usage ;; *) echo "Unknown argument: $1"; usage ;;
esac esac
shift shift
@@ -64,4 +53,4 @@ if [ -n "$VAR_PATH" ]; then
echo "sharing var directory: $VAR_PATH" echo "sharing var directory: $VAR_PATH"
fi fi
nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE $FWD_PORT).config.microvm.declaredRunner" nix run --show-trace --impure --expr "((builtins.getFlake \"$(pwd)\").vmBuilder.x86_64-linux \"$HOSTNAME\" $NETWORK $DUMMY_SECRETS $NO_DISKO \"$VAR_PATH\" $RW_STORE).config.microvm.declaredRunner"

4
scripts/unlock-boot.sh
View File

@@ -23,12 +23,16 @@ echo
if [ $# = 1 ] if [ $# = 1 ]
then then
diskkey=$(sops -d machines/$HOSTNAME/disk.key) diskkey=$(sops -d machines/$HOSTNAME/disk.key)
echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #storage
echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root echo "$diskkey" | ssh $sshoptions root@$HOSTNAME-initrd "systemd-tty-ask-password-agent" #root
elif [ $# = 2 ] elif [ $# = 2 ]
then then
diskkey=$(sops -d machines/$HOSTNAME/disk.key) diskkey=$(sops -d machines/$HOSTNAME/disk.key)
IP=$2 IP=$2
echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #storage
echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root echo "$diskkey" | ssh $sshoptions root@$IP "systemd-tty-ask-password-agent" #root
else else