#!/usr/bin/env sh
set -eu
dir=${0%/*}
key=$1
host=${key##*hosts/}
host=${host%%/*}
name=${key##*/}
name=${name%.secret}
sudo unshare --mount sh -xc "
  mount --bind $dir/$host/root/credential.secret /var/lib/systemd/credential.secret &&
  mount --bind $dir/$host/root/machine-id /etc/machine-id &&
  systemd-creds decrypt --with-key=host --name '$name' '$key' -
"