Apollo: Add hera unlocking
This commit is contained in:
parent
a95ea647e0
commit
9a10f1de52
|
@ -17,6 +17,7 @@ imports = [
|
|||
./modules/graphical
|
||||
./modules/home-options.nix
|
||||
./modules/eventd.nix
|
||||
./modules/unlock.nix
|
||||
../common/private-options.nix
|
||||
../common/secret
|
||||
# ./sort-mail.nix
|
||||
|
@ -89,6 +90,7 @@ programs = {
|
|||
agHost = "fb04217.mathematik.tu-darmstadt.de";
|
||||
in [
|
||||
{ host = "charon"; hostname = "charon.olymp.space"; }
|
||||
{ host = "hera"; hostname = "hera.m-0.eu"; }
|
||||
{ host = "*.olymp.space"; user = me.user; }
|
||||
{ host = "ag-forward"; hostname = agHost; proxyCommand = matheGwProxy; user = meWork.user; }
|
||||
{ host = "ag"; hostname = agHost; user = meWork.user; }
|
||||
|
|
26
home-manager/modules/unlock.nix
Normal file
26
home-manager/modules/unlock.nix
Normal file
|
@ -0,0 +1,26 @@
|
|||
{ pkgs, lib, config, ...}:
|
||||
with lib;
|
||||
|
||||
let
|
||||
makeScripts = name:
|
||||
let
|
||||
knownHosts = pkgs.writeText "KnownBootHosts" ''
|
||||
hera.m-0.eu,213.136.94.190 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCHkqWlFLtmIlTSKahr2PcL++K75YgfsSU6jwVYW5df3JCkowu/M16SIBxABxYSQrKej5uIz/OFCjqSxHJQ8D5wSYBvn2gYr/BbBcz4rfIJmZ55Od2jckaqlj/M8TtkuPPhsQG7S730vXxK5hbMT8iW5WWv8sIKY/WtaRbZOFMX/53WCLEHtnMu5zFJFWf92+mjIHSLyW8ggl1m525RUiaAfCge2vnuzIFq4kUqJxaWzxIvEWIncKWN10K/HMvdI+yOtbSen41uKedwSFhUFs3xHy1mJddYOrlcJQPt5zuuffZ/nTDVXMZoh5QNwg8ZlkkueVChaS1Y5STjb7cem1Mt
|
||||
'';
|
||||
in
|
||||
pkgs.writeShellScriptBin "unlock-${name}" ''
|
||||
${pkgs.pass}/bin/pass eu/m-0/${name}/disk | ssh -4 root@${name}.m-0.eu -o UserKnownHostsFile=${knownHosts} cryptsetup-askpass
|
||||
'';
|
||||
in
|
||||
{
|
||||
|
||||
options.m-0.unlocker = mkOption {
|
||||
default = [];
|
||||
type = types.listOf types.str;
|
||||
};
|
||||
|
||||
config = {
|
||||
home.packages = map makeScripts config.m-0.unlocker;
|
||||
};
|
||||
|
||||
}
|
|
@ -14,5 +14,6 @@ m-0.graphical.enable = true;
|
|||
m-0.rustdev.enable = true;
|
||||
m-0.taskwarrior.enable = true;
|
||||
m-0.eventd.enable = true;
|
||||
m-0.unlocker = [ "hera" ];
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue