kalipso/infrastructure
1
1
Fork 1
Code Issues 43 Pull Requests 2 Actions Projects 2 Releases Wiki Activity

[nixpkgs] update #109

Open
kalipso wants to merge 5 commits from staging into master
pull from: staging
merge into: kalipso:master
Conversation 0 Commits 5 Files Changed 5 +290 -26
14 changed files with 290 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 42f2c91b8e - Show all commits

1
doc/src/SUMMARY.md
View File

@@ -21,3 +21,4 @@
- [Updates](./anleitung/updates.md) - [Updates](./anleitung/updates.md)
- [Rollbacks](./anleitung/rollback.md) - [Rollbacks](./anleitung/rollback.md)
- [MicroVM](./anleitung/microvm.md) - [MicroVM](./anleitung/microvm.md)
- [Update Nextcloud](./anleitung/update_nextcloud.md)

16
doc/src/anleitung/update_nextcloud.md Normal file
View File

@@ -0,0 +1,16 @@
### Updating nextcloud
## Updating the draggable patch
The draggable patch is a one line patch found in the deck repo under `src/components/cards/CardItem.vue`
Direct link: https://git.dynamicdiscord.de/ahtlon/deck/commit/77cbcf42ca80dd32e450839f02faca2e5fed3761
The easiest way to apply is
1. Sync the repo with remote https://github.com/nextcloud/deck/tree/main
2. Checkout the stable branch for the nextcloud version you need
- example `git checkout stable31`
3. Apply the patch using `git cherry-pick bac32ace61e7e1e01168f9220cee1d24ce576d5e`
4. Start a nix-shell with `nix-shell -p gnumake krankerl php84Packages.composer php nodejs_24`
5. run `krankerl package`
6. upload the archive at "./build/artifacts/deck.tar.gz" to a file storage (ask Ahtlon for access to the storj s3 or use own)
7. Change url and sha in the nextcloud configuration.nix `deck = pkgs.fetchNextcloudApp {};`

8
flake.lock generated
View File

@@ -357,11 +357,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1743458889, "lastModified": 1760981884,
"narHash": "sha256-eVTtsCPio3Wj/g/gvKTsyjh90vrNsmgjzXK9jMfcboM=", "narHash": "sha256-ASFWbOhuB6i3AKze5sHCvTM+nqHIuUEZy9MGiTcdZxA=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "b61466549e2687628516aa1f9ba73f251935773a", "rev": "b67eb2d778a34c0dceb91a236b390fe493aa3465",
"revCount": 30, "revCount": 32,
"type": "git", "type": "git",
"url": "https://git.dynamicdiscord.de/kalipso/tasklist" "url": "https://git.dynamicdiscord.de/kalipso/tasklist"
}, },

35
machines/fanny/configuration.nix
View File

@@ -1,6 +1,7 @@
{ inputs, config, ... }: { inputs, config, ... }:
let let
sshKeys = import ../ssh_keys.nix; sshKeys = import ../ssh_keys.nix;
peers = import ../modules/malobeo/peers.nix;
in in
{ {
sops.defaultSopsFile = ./secrets.yaml; sops.defaultSopsFile = ./secrets.yaml;
@@ -85,8 +86,42 @@ in
enable = true; enable = true;
authorizedKeys = sshKeys.admins; authorizedKeys = sshKeys.admins;
ethernetDrivers = ["r8169"]; ethernetDrivers = ["r8169"];
zfsExtraPools = [ "storage" ];
}; };
boot.initrd = {
availableKernelModules = [ "wireguard" ];
# postMountCommands = ''
# ip address flush dev wg-initrd
# ip link set dev wg-initrd down
# '';
systemd = {
enable = true;
network = {
enable = true;
netdevs."30-wg-initrd" = {
netdevConfig = {
Kind = "wireguard";
Name = "wg-initrd";
};
wireguardConfig = { PrivateKeyFile = "/etc/secrets/30-wg-initrd.key"; };
wireguardPeers = [{
AllowedIPs = peers.vpn.allowedIPs;
PublicKey = peers.vpn.publicKey;
Endpoint = "${peers.vpn.publicIp}:${builtins.toString(peers.vpn.listenPort)}";
PersistentKeepalive = 25;
}];
};
networks."30-wg-initrd" = {
name = "wg-initrd";
addresses = [{ Address = "${peers.fanny-initrd.address}/24"; }];
};
};
};
};
boot.initrd.secrets."/etc/secrets/30-wg-initrd.key" = "/etc/wireguard/wg.private";
services.malobeo.vpn = { services.malobeo.vpn = {
enable = true; enable = true;
name = "fanny"; name = "fanny";

47
machines/modules/malobeo/initssh.nix
View File

@@ -22,6 +22,11 @@ in
description = "Ethernet drivers to load: run `lspci -k | grep -iA4 ethernet`"; description = "Ethernet drivers to load: run `lspci -k | grep -iA4 ethernet`";
example = "r8169"; example = "r8169";
}; };
zfsExtraPools = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ ];
description = "Name or GUID of extra ZFS pools that you wish to import during boot.";
};
}; };
config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) { config = lib.mkIf (cfg.enable && config.malobeo.disks.encryption) {
@@ -32,35 +37,43 @@ in
zfs = { zfs = {
forceImportAll = true; forceImportAll = true;
requestEncryptionCredentials = true; requestEncryptionCredentials = true;
extraPools = cfg.zfsExtraPools;
}; };
initrd = { initrd = {
availableKernelModules = cfg.ethernetDrivers; availableKernelModules = cfg.ethernetDrivers;
systemd = { systemd = {
initrdBin = [ pkgs.busybox pkgs.wireguard-tools pkgs.iproute2 ];
enable = true; enable = true;
network.enable = true; network.enable = true;
services."stopInitVpn" = {
description = "stop init vpn";
wantedBy = [
"initrd.target"
];
after = [
"zfs.target"
];
serviceConfig.StandardOutput = "journal+console";
script = ''
networkctl down wg-initrd
'';
serviceConfig.Type = "oneshot";
};
}; };
network.ssh = { network = {
enable = true; flushBeforeStage2 = true;
port = 222; ssh = {
authorizedKeys = cfg.authorizedKeys; enable = true;
hostKeys = [ "/etc/ssh/initrd" ]; port = 222;
authorizedKeys = cfg.authorizedKeys;
hostKeys = [ "/etc/ssh/initrd" ];
};
}; };
secrets = { secrets = {
"/etc/ssh/initrd" = "/etc/ssh/initrd"; "/etc/ssh/initrd" = "/etc/ssh/initrd";
}; };
systemd.services.zfs-remote-unlock = {
description = "Prepare for ZFS remote unlock";
wantedBy = ["initrd.target"];
after = ["systemd-networkd.service"];
path = with pkgs; [ zfs ];
serviceConfig.Type = "oneshot";
script = ''
echo "systemctl default" >> /var/empty/.profile
'';
};
}; };
kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ]; kernelParams = [ "ip=::::${hostName}-initrd::dhcp" ];
}; };
}; };
} }

8
machines/modules/malobeo/peers.nix
View File

@@ -44,6 +44,14 @@
publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU="; publicKey = "3U59F6T1s/1LaZBIa6wB0qsVuO6pRR9jfYZJIH2piAU=";
}; };
"fanny-initrd" = {
role = "client";
address = "10.100.0.102";
allowedIPs = [ "10.100.0.102/32" ];
#TODO: UPDATE
publicKey = "h1A2yt7OQ5EJIilC8tQg203u27o6J6/c+Kd/pZ4UWAY=";
};
"backup0" = { "backup0" = {
role = "client"; role = "client";
address = "10.100.0.20"; address = "10.100.0.20";

7
machines/nextcloud/configuration.nix
View File

@@ -47,12 +47,17 @@ with lib;
}; };
extraAppsEnable = true; extraAppsEnable = true;
extraApps = { extraApps = {
inherit (config.services.nextcloud.package.packages.apps) contacts calendar deck polls registration collectives forms; inherit (config.services.nextcloud.package.packages.apps) contacts calendar polls registration collectives forms;
appointments = pkgs.fetchNextcloudApp { appointments = pkgs.fetchNextcloudApp {
sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78="; sha256 = "sha256-ls1rLnsX7U9wo2WkEtzhrvliTcWUl6LWXolE/9etJ78=";
url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz"; url = "https://github.com/SergeyMosin/Appointments/raw/refs/tags/v2.4.3/build/artifacts/appstore/appointments.tar.gz";
license = "agpl3Plus"; license = "agpl3Plus";
}; };
deck = pkgs.fetchNextcloudApp {
sha256 = "sha256-1sqDmJpM9SffMY2aaxwzqntdjdcUaRySyaUDv9VHuiE=";
url = "https://link.storjshare.io/raw/jw7pf6gct34j3pcqvlq6ddasvdwq/mal/deck.tar.gz";
license = "agpl3Plus";
};
}; };
settings = { settings = {
trusted_domains = ["10.0.0.13"]; trusted_domains = ["10.0.0.13"];

9
machines/overwatch/configuration.nix
View File

@@ -12,6 +12,7 @@ with lib;
self.nixosModules.malobeo.metrics self.nixosModules.malobeo.metrics
../modules/malobeo_user.nix ../modules/malobeo_user.nix
../modules/sshd.nix ../modules/sshd.nix
./printer_module.nix
]; ];
networking.firewall.allowedTCPPorts = [ 80 3100 ]; networking.firewall.allowedTCPPorts = [ 80 3100 ];
@@ -77,6 +78,8 @@ with lib;
}; };
}; };
}; };
printer_scraping.enable = true;
services.prometheus = { services.prometheus = {
enable = true; enable = true;
@@ -89,6 +92,12 @@ with lib;
targets = [ "127.0.0.1:9002" ]; targets = [ "127.0.0.1:9002" ];
}]; }];
} }
{
job_name = "printer";
static_configs = [{
targets = [ "127.0.0.1:9091" ];
}];
}
{ {
job_name = "durruti"; job_name = "durruti";
static_configs = [{ static_configs = [{

33
machines/overwatch/printer_module.nix Normal file
View File

@@ -0,0 +1,33 @@
{config, lib, pkgs, ...}:
{
options.printer_scraping = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable the script to pull data from the printer";
};
timer = lib.mkOption {
type = lib.types.str;
default = "1m";
description = "systemd timer for script execution";
};
};
config = lib.mkIf config.printer_scraping.enable {
systemd.services."printer-scraping" = {
description = "Pull printer stats and upload to influxdb";
serviceConfig.Type = "oneshot";
path = with pkgs; [yq jq curl bash];
script = "bash ${./pull_info.sh}";
};
systemd.timers."printer-scraping" = {
wantedBy = ["timers.target"];
timerConfig = {
OnBootSec = "5s";
OnUnitActiveSec = config.printer_scraping.timer;
Unit = "printer-scraping.service";
};
};
services.prometheus.pushgateway.enable = true; #Im not dealing with influx
};
}

133
machines/overwatch/pull_info.sh Normal file
View File

@@ -0,0 +1,133 @@
#!/usr/bin/env bash
set -eo pipefail
for command in "jq" "xq" "grep" "curl" "sed"
do
if ! command -v $command >/dev/null 2>&1
then
echo "$command could not be found"
exit 1
fi
done
#Functions---------------
get_cookie () {
if [[ $1 == "-d" ]]; then
cookie=$(cat request_example_1.txt)
else
cookie=$(curl -s -D - -X GET http://192.168.1.42/wcd/index.html)
fi
exitCode="$?"
if [[ $exitCode == "7" ]];
then
echo "Server offline"
exit 0
elif [[ $exitCode != "0" ]];
then
echo "Something went wrong"
exit 1
fi
cookie=$(echo "$cookie" | grep Set-Cookie | grep -oP "ID=\K[^.]+" )
if [[ $cookie == "" ]]
then
echo "No cookie got!"
exit 1
fi
}
get_values () {
local path="$1"
local -n keys=$2
local name="$3"
local_system_counter_data=$(echo "$system_counter_data" | jq "$path | .[]")
for key in "${keys[@]}";
do
value=$(echo "$local_system_counter_data" |
jq "select(.Type==\"$key\") | .Count" |
sed 's/"//g'
)
valueStore=$(echo "$valueStore"; echo "$name"_"$key" "$value")
done
}
get_values_DeviceStatus () {
local -n keys=$1
local name="$2"
local_system_counter_data=$(echo "$system_counter_data" | jq ".MFP.Common.DeviceStatus")
for key in "${keys[@]}";
do
value=$(echo "$local_system_counter_data" |
jq ".$key" |
sed 's/"//g'
)
valueStore=$(echo "$valueStore"; echo "$name"_"$key" "$value")
done
}
get_values_consumables () {
local -n keys=$1
local name="$2"
local_system_consumables_data=$(echo "$system_consumables_data" | jq ".[] |.DeviceInfo.ConsumableList.Consumable | .[]")
for key in "${keys[@]}";
do
value=$(
echo "$local_system_consumables_data" |
jq "select(.Name==\"$key\") | .CurrentLevel.LevelPer" |
sed 's/"//g'
)
valueStore=$(echo "$valueStore"; echo "$name"_"${key//[^a-zA-Z_-]/_}" "$value")
done
}
#End Functions----------
#Variables-----------------------
system_counter_DeviceStatus_keys=("ScanStatus" "PrintStatus" "Processing" "NetworkErrorStatus" "KmSaasgw" "HddMirroringErrorStatus")
system_counter_TotalCounter_keys=("Total" "DuplexTotal" "Document" "Paper" "TotalLarge" "PrintPageTotal" "PaperSizeA3" "PaperSizeA4" "PaperSizeB4" "PaperSizeB5" "PaperSizeOther" "Nin12in1" "PaperTypeNormal" "PaperTypeOther")
system_counter_FullColorCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other")
system_counter_BlackCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other")
system_counter_DoubleColorCounter_keys=("PrintPageTotal" "A3" "A4" "B4" "B5" "Other")
system_counter_CopyCounter_keys=("BwTotal" "FullColorTotal" "Total" "BwLarge" "FullColorLarge" "BiColorLarge")
system_counter_PrintCounter_keys=("BwTotal" "FullColorTotal" "BiColorTotal" "Total" "BwLarge" "FullColorLarge" "BiColorLarge")
system_counter_ScanFaxCounter_keys=("DocumentReadTotal" "DocumentReadLarge" "FaxReceive" "FaxSend")
system_consumables_base_keys=("Toner (Yellow)" "Toner (Magenta)" "Toner (Cyan)" "Toner (Black)" "Drum Cartridge (Cyan)" "Developer Cartridge (Cyan)" "Drum Cartridge (Magenta)" "Developer Cartridge (Magenta)" "Drum Cartridge (Yellow)" "Developer Cartridge (Yellow)" "Drum Cartridge (Black)" "Developer Cartridge (Black)" "Fusing Unit" "Image Transfer Belt Unit" "Transfer Roller Unit")
#End Variables-------------
echo "Getting cookie"
get_cookie "$@"
echo "Start extracting info from system_counter"
if [[ $1 == "-d" ]]; then
system_counter_data=$(cat system_counter.xml |xq)
else
system_counter_data=$(curl -s -X GET http://192.168.1.42/wcd/system_counter.xml -H "Cookie: ID=$cookie" |xq)
fi
get_values ".MFP.Count.UserCounterInfo.TotalCounterList.TotalCounter" system_counter_TotalCounter_keys TotalCounter
get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.FullColorCounterList.FullColorCounter" system_counter_FullColorCounter_keys FullColorCounter
get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.BlackCounterList.BlackCounter" system_counter_BlackCounter_keys BlackCounter
get_values ".MFP.Count.UserCounterInfo.PaperSheetCounter.DoubleColorCounterList.DoubleColorCounter" system_counter_DoubleColorCounter_keys DoubleColorCounter
get_values ".MFP.Count.UserCounterInfo.CopyCounterList.CopyCounter" system_counter_CopyCounter_keys CopyCounter
get_values ".MFP.Count.UserCounterInfo.ScanFaxCounterList.ScanFaxCounter" system_counter_ScanFaxCounter_keys ScanFaxCounter
get_values_DeviceStatus system_counter_DeviceStatus_keys DeviceStatus
echo "Start extracting info from system_consumables"
if [[ $1 == "-d" ]]; then
system_consumables_data=$(cat system_consumables.xml |xq)
else
system_consumables_data=$(curl -s -X GET http://192.168.1.42/wcd/system_consumable.xml -H "Cookie: ID=$cookie" |xq)
fi
get_values_consumables system_consumables_base_keys Consumables
echo "Sending data to prometheus-pushgateway..."
echo "$valueStore" | curl -s --data-binary @- http://localhost:9091/metrics/job/printer
echo "Success!"
exit 0

2
machines/ssh_keys.nix
View File

@@ -7,6 +7,6 @@
]; ];
backup = [ backup = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560=" "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDIGryhnXdmbGObONG88K+c9zeduMrwtoLHwzMDZg3UXB+Cnq2FXWOrlLZxA+95VUgHpyGZiykJmzeWrKhldDlDeGGd8QCCLeuliiOgXADTYjWaVfhd+6arPZrK2VtqqsguvH40gW1xfoGAOmAT4WFnxWxIaEip0V2u6NOoKTiH9I3bz2Qe4lfJvPXig+XwCXcukXd6XUkDFYDpiw8XNV3X7pqTus5d2RYR97bAhIYZZQ6h50ZpTY8N0lFh4RY5yfx8BhxJW3tfoi9uZvVuPx7dGPsZsSniENFPMNz3UwHGitTJMr4088cJrAGgd5lyFuLouiHiM2JMGA0wx9wWTbWJEwTLaTVQK9gSJf857ndV2zCh9vKlfko4w9bQgqxKg4U/mY8dXX1E7D51nD2ci8Ed+ZG+NEneFLyZhLsD82GkBY+YovA+4xm/pcx+hBhlyqGNxI8v+Jh+JhEyD/ZLgJfq3ZMbGIGsTiDwZ2flLLxImHHEoDoT6PHU6hDhPDJu560="
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJKl5FWPskhlnzJs1+mMYrVTMNnRG92uFKUgGlteTPhL" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPP4s6qNKwtu2l5DRKU/Xo6lMRztqNw/MOVsKx58kUE8 root@silizium"
]; ];
} }

6
scripts/add_new_host_keys.sh
View File

@@ -31,10 +31,13 @@ cd "$pwpath"
# Generate SSH keys # Generate SSH keys
ssh-keygen -f $hostkey -t ed25519 -N "" -C "root@$host" ssh-keygen -f $hostkey -t ed25519 -N "" -C "root@$host"
ssh-keygen -f $initrdkey -t ed25519 -N "" -C "root@$host-initrd" ssh-keygen -f $initrdkey -t ed25519 -N "" -C "root@$host-initrd"
wg genkey > wg.private
publickey=$(cat wg.private | wg pubkey)
#encrypt the private keys #encrypt the private keys
sops -e -i ./$hostkey sops -e -i ./$hostkey
sops -e -i ./$initrdkey sops -e -i ./$initrdkey
sops -e -i ./wg.private
#generate encryption key #generate encryption key
tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key tr -dc 'A-Za-z0-9' < /dev/urandom | head -c 20 > disk.key
@@ -45,6 +48,9 @@ echo
echo "Hier ist der age public key für sops etc:" echo "Hier ist der age public key für sops etc:"
echo "$(ssh-to-age -i ./"$hostkey".pub)" echo "$(ssh-to-age -i ./"$hostkey".pub)"
echo echo
echo "Hier ist der wireguard pubkey für das gerät"
echo "$publickey"
echo
echo "Hier ist eine reproduzierbare mac-addresse:" echo "Hier ist eine reproduzierbare mac-addresse:"
echo "$hostname"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/' echo "$hostname"|md5sum|sed 's/^\(..\)\(..\)\(..\)\(..\)\(..\).*$/02:\1:\2:\3:\4:\5/'

3
scripts/remote-install-encrypt.sh
View File

@@ -40,7 +40,9 @@ trap cleanup EXIT
# Create the directory where sshd expects to find the host keys # Create the directory where sshd expects to find the host keys
install -d -m755 "$temp/etc/ssh/" install -d -m755 "$temp/etc/ssh/"
install -d -m755 "$temp/etc/wireguard/"
##TODO:: wg genkey + pubkey --> /etc/wireguard/wg.private
diskKey=$(sops -d $pwpath/disk.key) diskKey=$(sops -d $pwpath/disk.key)
echo "$diskKey" > /tmp/secret.key echo "$diskKey" > /tmp/secret.key
@@ -48,6 +50,7 @@ sops -d "$pwpath/$hostkey" > "$temp/etc/ssh/$hostname"
sops -d "$pwpath/$initrdkey" > "$temp/etc/ssh/initrd" sops -d "$pwpath/$initrdkey" > "$temp/etc/ssh/initrd"
sops -d "$pwpath/wg.private" > "$temp/etc/wireguard/wg.private"
# # Set the correct permissions so sshd will accept the key # # Set the correct permissions so sshd will accept the key
chmod 600 "$temp/etc/ssh/$hostname" chmod 600 "$temp/etc/ssh/$hostname"
chmod 600 "$temp/etc/ssh/initrd" chmod 600 "$temp/etc/ssh/initrd"

8
scripts/unlock-boot.sh
View File

@@ -24,14 +24,16 @@ diskkey=$(sops -d machines/$hostname/secrets/disk.key)
echo echo
if [ $# = 1 ] if [ $# = 1 ]
then then
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #root ssh $sshoptions root@$hostname-initrd "zpool import -a"
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "zfs load-key storage/encrypted" #root
echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #data echo "$diskkey" | ssh $sshoptions root@$hostname-initrd "systemd-tty-ask-password-agent" #data
elif [ $# = 2 ] elif [ $# = 2 ]
then then
ip=$2 ip=$2
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #root ssh $sshoptions root@$ip "zpool import -a"
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent" #data echo "$diskkey" | ssh $sshoptions root@$ip "zfs load-key storage/encrypted"
echo "$diskkey" | ssh $sshoptions root@$ip "systemd-tty-ask-password-agent"
else else
echo echo