love/nix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

unlock-host

Browse Source
This commit is contained in:
Love
2026-04-14 13:24:06 +02:00
parent 6df0e22b1d
commit b6bc49869d
1 changed files with 18 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
modules/nixos/bin-bash-wrapper.nix
+18
View File
@@ -12,6 +12,23 @@ let
cryptrootUnlockWrapper = pkgs.writeShellScriptBin "cryptroot-unlock" '' cryptrootUnlockWrapper = pkgs.writeShellScriptBin "cryptroot-unlock" ''
exec /run/current-system/sw/bin/systemd-tty-ask-password-agent --query --watch "$@" exec /run/current-system/sw/bin/systemd-tty-ask-password-agent --query --watch "$@"
''; '';
unlockHost = pkgs.writeShellScriptBin "unlock-host" ''
set -euo pipefail
usage() {
echo "Usage: unlock-host <host> [ssh-options...]"
echo "Unlocks a remote host waiting for a LUKS passphrase during boot."
exit 1
}
[[ $# -lt 1 ]] && usage
[[ "$1" == "-h" || "$1" == "--help" ]] && usage
HOST="$1"
shift
ssh -tt "$@" "$HOST" systemd-tty-ask-password-agent --query
'';
in in
{ {
options.my.binBashWrapper.enable = lib.mkEnableOption "create a /bin/bash wrapper"; options.my.binBashWrapper.enable = lib.mkEnableOption "create a /bin/bash wrapper";
@@ -20,6 +37,7 @@ in
systemd.tmpfiles.rules = [ systemd.tmpfiles.rules = [
"L+ /bin/bash - - - - ${bashWrapper}/bin/bash" "L+ /bin/bash - - - - ${bashWrapper}/bin/bash"
"L+ /bin/cryptroot-unlock - - - - ${cryptrootUnlockWrapper}/bin/cryptroot-unlock" "L+ /bin/cryptroot-unlock - - - - ${cryptrootUnlockWrapper}/bin/cryptroot-unlock"
"L+ /bin/unlock-host - - - - ${unlockHost}/bin/unlock-host"
]; ];
}; };
} }