l pass: add remote unlock command

This commit is contained in:
lassulus 2021-10-24 22:15:02 +02:00
parent ff39fb0d1f
commit 4596a2840b

View File

@ -4,7 +4,15 @@
users.users.mainUser.packages = with pkgs; [ users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ])) (pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg gnupg
(pkgs.writers.writeDashBin "unlock" ''
set -efu
HOST=$1
pw=$(pass show "admin/$HOST/luks")
torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
'')
]; ];
programs.gnupg.agent.enable = true; programs.gnupg.agent.enable = true;
} }