From 4596a2840b6a5c04acd4c2aa05280e425074c34e Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sun, 24 Oct 2021 22:15:02 +0200
Subject: l pass: add remote unlock command

---
 lass/2configs/pass.nix | 8 ++++++++
 1 file changed, 8 insertions(+)

(limited to 'lass')

diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 48070ea0..8ec3ac09 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -4,7 +4,15 @@
   users.users.mainUser.packages = with pkgs; [
     (pass.withExtensions (ext: [ ext.pass-otp ]))
     gnupg
+    (pkgs.writers.writeDashBin "unlock" ''
+      set -efu
+      HOST=$1
+
+      pw=$(pass show "admin/$HOST/luks")
+      torify sshn root@$(pass "hosts/$HOST/initrd/hostname") "echo $pw > /crypt-ramfs/passphrase"
+    '')
   ];
 
   programs.gnupg.agent.enable = true;
+
 }
-- 
cgit v1.2.3