credentials/oignon/** filter=git-crypt-julm diff=git-crypt-julm
credentials/patate/** filter=git-crypt-sevy diff=git-crypt-sevy
+hosts/oignon/** filter=git-crypt-julm diff=git-crypt-julm
+hosts/patate/** filter=git-crypt-sevy diff=git-crypt-sevy
+
root/oignon/** filter=git-crypt-julm diff=git-crypt-julm
root/patate/** filter=git-crypt-sevy diff=git-crypt-sevy
--- /dev/null
+#!/usr/bin/env sh
+set -eu
+dir=${0%/*}
+key=$1
+host=${key##*hosts/}
+host=${host%%/*}
+name=${key##*/}
+name=${name%.secret}
+sudo unshare --mount sh -xc "
+ mount --bind $dir/$host/root/credential.secret /var/lib/systemd/credential.secret &&
+ mount --bind $dir/$host/root/machine-id /etc/machine-id &&
+ systemd-creds decrypt --with-key=host --name '$name' '$key' -
+"
--- /dev/null
+#!/usr/bin/env sh
+set -eux
+dir=${0%/*}
+key=$1
+host=${key#*/}
+host=${host%%/*}
+hostkey=${key#*/*/}
+mkdir -p "$dir/$host/credentials/${hostkey%/*}"
+pass "$key" |
+sudo unshare --mount sh -xc "
+ mount --bind $dir/$host/root/credential.secret /var/lib/systemd/credential.secret &&
+ mount --bind $dir/$host/root/machine-id /etc/machine-id &&
+ systemd-creds encrypt --with-key=host --name '${hostkey##*/}' - - |
+ install -m 400 -o $USER -g users /dev/stdin '$dir/$host/credentials/$hostkey.secret'
+"
sourcephile / git / julm / julm-nix.git / commitdiff