]> Git — Sourcephile - sourcephile-nix.git/blob - private/hosts/decrypt.sh
nftables: revamp to declarative configuration
[sourcephile-nix.git] / private / hosts / decrypt.sh
1 #!/usr/bin/env sh
2 set -eu
3 dir=${0%/*}
4 key=$1
5 host=${key##*hosts/}
6 host=${host%%/*}
7 name=${key##*/}
8 name=${name%.secret}
9 sudo unshare --mount sh -xc "
10 mount --bind $dir/$host/root/credential.secret /var/lib/systemd/credential.secret &&
11 mount --bind $dir/$host/root/machine-id /etc/machine-id &&
12 systemd-creds decrypt --with-key=host --name '$name' '$key' -
13 "