clan-infra/targets/web01/decrypt.sh

#!/usr/bin/env nix-shell
#!nix-shell -i bash -p coreutils sops openssh

set -euox pipefail

if [ $# -ne 1 ]; then
  echo "Usage: $0 <host>"
  exit 1
fi

HOST=$1
temp=$(mktemp -d)
trap 'rm -rf $temp' EXIT
sops --extract '["cryptsetup_key"]' -d secrets.yaml > "$temp/secret.key"

while ! ping -4 -W 1 -c 1 "$HOST"; do
  sleep 1
done
while ! timeout 4 ssh -p 2222 "root@$HOST" true; do
  sleep 1
done

ssh -p 2222 "root@$HOST" "cat > /crypt-ramfs/passphrase" < "$temp/secret.key"
add new baremetal server 2023-07-17 08:31:59 +00:00			`#!/usr/bin/env nix-shell`
			`#!nix-shell -i bash -p coreutils sops openssh`

			`set -euox pipefail`

			`if [ $# -ne 1 ]; then`
			`echo "Usage: $0 <host>"`
			`exit 1`
			`fi`

			`HOST=$1`
			`temp=$(mktemp -d)`
			`trap 'rm -rf $temp' EXIT`
			`sops --extract '["cryptsetup_key"]' -d secrets.yaml > "$temp/secret.key"`

			`while ! ping -4 -W 1 -c 1 "$HOST"; do`
			`sleep 1`
			`done`
			`while ! timeout 4 ssh -p 2222 "root@$HOST" true; do`
			`sleep 1`
			`done`

			`ssh -p 2222 "root@$HOST" "cat > /crypt-ramfs/passphrase" < "$temp/secret.key"`