baurmatt · August 3, 2022 11:39
diff --git a/ubuntu-remote-cryptsetup-unlock-via-dropbear.sh b/ubuntu-remote-cryptsetup-unlock-via-dropbear.sh
 sudo apt install dropbear-initramfs
 sudo cp $HOME/.ssh/authorized_keys /etc/dropbear/initramfs/authorized_keys
 echo "DROPBEAR_OPTIONS='-I 60 -s -c cryptroot-unlock'" | sudo tee -a /etc/dropbear/initramfs/dropbear.conf
 sudo update-initramfs -u
 sudo systemctl reboot

 cat >> $HOME/.ssh/config <<EOL
 Host nas01-unlock
    Hostname nas01
    User root
    UserKnownHostsFile ~/.ssh/known_hosts.initramfs
 EOL

 # Automatically encrypt multiple cryptsetup devices with the same password
 # Debian/Ubuntu only
 sudo cat > /etc/crypttab <<EOL
 nvme0n1p3_crypt UUID=xxxx-xxxx-xxxx-xxxx-xxxx crypt_disks luks,initramfs,keyscript=decrypt_keyctl,discard
 md0_crypt       UUID=yyyy-yyyy-yyyy-yyyy-yyyy crypt_disks luks,initramfs,keyscript=decrypt_keyctl
 EOL
 sudo update-initramfs -u
	sudo apt install dropbear-initramfs
	sudo cp $HOME/.ssh/authorized_keys /etc/dropbear/initramfs/authorized_keys
	echo "DROPBEAR_OPTIONS='-I 60 -s -c cryptroot-unlock'" \| sudo tee -a /etc/dropbear/initramfs/dropbear.conf
	sudo update-initramfs -u
	sudo systemctl reboot

	cat >> $HOME/.ssh/config <<EOL
	Host nas01-unlock
	Hostname nas01
	User root
	UserKnownHostsFile ~/.ssh/known_hosts.initramfs
	EOL

	# Automatically encrypt multiple cryptsetup devices with the same password
	# Debian/Ubuntu only
	sudo cat > /etc/crypttab <<EOL
	nvme0n1p3_crypt UUID=xxxx-xxxx-xxxx-xxxx-xxxx crypt_disks luks,initramfs,keyscript=decrypt_keyctl,discard
	md0_crypt UUID=yyyy-yyyy-yyyy-yyyy-yyyy crypt_disks luks,initramfs,keyscript=decrypt_keyctl
	EOL
	sudo update-initramfs -u