From c16123dc8d5ebe72a8e938cdfddfe957235f62c9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Kier=C3=A1n=20Meinhardt?= <kmein@posteo.de>
Date: Thu, 8 Sep 2022 08:46:53 +0200
Subject: [PATCH] feat: automate entering ssh passphrase

---
 ci.nix          |  2 +-
 configs/ssh.nix | 10 +++++++++-
 2 files changed, 10 insertions(+), 2 deletions(-)

diff --git a/ci.nix b/ci.nix
index fc4338f..7f17cec 100644
--- a/ci.nix
+++ b/ci.nix
@@ -56,7 +56,7 @@
     "spotify/password"
   ];
   systemSecrets = let
-    basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem"];
+    basic = ["retiolum.ed25519" "retiolum.key" "syncthing/cert.pem" "syncthing/key.pem" "ssh/passphrase"];
   in
     {
       zaatar = ensureFiles (["moodle.token" "telegram/moodle-dl.token" "mpd-web.key"] ++ basic);
diff --git a/configs/ssh.nix b/configs/ssh.nix
index af15cb5..b4ef1a9 100644
--- a/configs/ssh.nix
+++ b/configs/ssh.nix
@@ -7,8 +7,16 @@
   inherit (import <niveum/lib>) sshPort kieran;
   externalNetwork = import <niveum/lib/external-network.nix>;
   sshIdentity = name: "${config.users.users.me.home}/.ssh/${name}";
+  ssh-passphrase = lib.strings.fileContents <system-secrets/ssh/passphrase>;
 in {
-  services.xserver.displayManager.sessionCommands = "${pkgs.openssh}/bin/ssh-add";
+  services.xserver.displayManager.sessionCommands = toString (pkgs.writeScript "ssh-add" ''
+    #!${pkgs.expect}/bin/expect -f
+    spawn ${pkgs.openssh}/bin/ssh-add
+    expect "Enter passphrase for *:"
+    send "${ssh-passphrase}\n";
+    expect "Identity added: *"
+    interact
+  '');
 
   programs.ssh.startAgent = true;