Use file to unlock LUKS from usb media

2025-04-04 16:43:44 +02:00 · 2025-04-04 16:43:44 +02:00 · 239fbf70e0
commit 239fbf70e0
parent 49c95ffc6a
4 changed files with 154 additions and 30 deletions
--- a/10
+++ b/10
@ -1,4 +1,5 @@
-usb_ram_disk := "/dev/disk/by-id/usb-jalr_USB_RAM_disk_prototype-01-0:0"
+usb_ram_disk := "/dev/disk/by-label/RAM_USB"
+usb_ram_mountpoint := shell("findmnt -n -o TARGET $1 || true", usb_ram_disk)

 boot:
  nixos-rebuild boot --flake . --use-remote-sudo
@ -26,9 +27,8 @@ repl:
  "

 luks-pass host:
-  @if [ -b "{{usb_ram_disk}}" ]; then \
-    gpg -d hosts/{{host}}/luks-passfile.gpg | sudo dd of={{usb_ram_disk}}; \
+  @if [ -d "{{usb_ram_mountpoint}}" ]; then \
+    gpg -d hosts/{{host}}/luks-passfile.gpg > "{{usb_ram_mountpoint}}/{{host}}.key"; \
  else \
-    echo "{{usb_ram_disk}} is not a block device" >&2; \
+    echo "Mount point not found. Is the usb device plugged and mounted?" >&2; \
  fi
-