From 5b44216b4b3915ea14b7e6c7bf2efa174d7fcb63 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= <motiejus@jakstys.lt>
Date: Mon, 24 Jul 2023 12:50:17 +0300
Subject: [PATCH] add zfsunlock for vno1-oh2

---
 data.nix                       |  1 +
 hosts/hel1-a/configuration.nix | 13 +++++++++++++
 2 files changed, 14 insertions(+)

diff --git a/data.nix b/data.nix
index 3f7ed06..9edee30 100644
--- a/data.nix
+++ b/data.nix
@@ -7,6 +7,7 @@ rec {
     "vno1-oh2.servers.jakst" = {
       extraHostNames = ["dl.jakstys.lt" "vno1-oh2.jakstys.lt"];
       publicKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHtYsaht57g2sp6UmLHqsCK+fHjiiZ0rmGceFmFt88pY";
+      initrdPubKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIEzt0eaSRTAfM2295x4vACEd5VFqVeYJPV/N9ZUq+voP";
       publicIP = "88.223.107.21";
     };
     "hel1-a.servers.jakst" = {
diff --git a/hosts/hel1-a/configuration.nix b/hosts/hel1-a/configuration.nix
index 0127417..66434eb 100644
--- a/hosts/hel1-a/configuration.nix
+++ b/hosts/hel1-a/configuration.nix
@@ -18,6 +18,19 @@ in {
     stateVersion = "22.11";
     timeZone = "UTC";
 
+    services = {
+      zfsunlock = {
+        enable = true;
+        targets."vno1-oh2.servers.jakst" = {
+          sshEndpoint = myData.hosts."vno1-oh2.servers.jakst".publicIP;
+          pingEndpoint = "vno1-oh2.servers.jakst";
+          remotePubkey = myData.hosts."vno1-oh2.servers.jakst".initrdPubKey;
+          pwFile = config.age.secrets.zfs-passphrase-vno1-oh2.path;
+          startAt = "*-*-* *:00/5:00";
+        };
+      };
+    };
+
     base = {
       users.passwd = {
         root.passwordFile = config.age.secrets.root-passwd-hash.path;