Apollo: Add hera unlocking

home-manager/default.nix

@@ -17,6 +17,7 @@ imports = [
   ./modules/graphical
   ./modules/home-options.nix
   ./modules/eventd.nix
+  ./modules/unlock.nix
   ../common/private-options.nix
   ../common/secret
 #   ./sort-mail.nix
@@ -89,6 +90,7 @@ programs = {
         agHost = "fb04217.mathematik.tu-darmstadt.de";
       in [
         { host = "charon"; hostname = "charon.olymp.space"; }
+        { host = "hera"; hostname = "hera.m-0.eu"; }
         { host = "*.olymp.space"; user = me.user; }
         { host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
         { host = "ag"; hostname = agHost; user = meWork.user; }

home-manager/modules/unlock.nix

@@ -0,0 +1,26 @@
+{ pkgs, lib, config, ...}:
+with lib;
+
+let
+  makeScripts = name:
+  let
+    knownHosts = pkgs.writeText "KnownBootHosts" ''
+      hera.m-0.eu,213.136.94.190 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt
+    '';
+  in
+    pkgs.writeShellScriptBin "unlock-${name}" ''
+    ${pkgs.pass}/bin/pass eu/m-0/${name}/disk | ssh -4 root@${name}.m-0.eu -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass
+  '';
+in
+{
+
+options.m-0.unlocker = mkOption {
+  default = [];
+  type = types.listOf types.str;
+};
+
+config = {
+  home.packages = map makeScripts config.m-0.unlocker;
+};
+
+}

hosts/apollo/home.nix

@@ -14,5 +14,6 @@ m-0.graphical.enable = true;
 m-0.rustdev.enable = true;
 m-0.taskwarrior.enable = true;
 m-0.eventd.enable = true;
+m-0.unlocker = [ "hera" ];
 
 }