-#!/bin/bash
-
-# When using the Arch Linux mkinitcpio encrypt if the file /crypto_keyfile.bin
-# exists in the initramfs then it will be used to attempt unlocking.
-# 1. dd if=/dev/urandom of=/crypto_keyfile.bin bs=1 count=512
-# 2. Add /crypto_keyfile.bin to FILES in /etc/mkinitcpio.conf
-# 3. mkinitcpio -p linux
-# 4. systemctl enable disable-crypto_keyfiles@$(systemd-escape /dev/disk/by-id/xxx).service
-# 5. Run this script when you want to reboot without a passphrase
-
-
-crypto_keyfile="/crypto_keyfile.bin"
-reboot_cmd="${1:-sudo reboot}"
-
-if [ ! -f "$crypto_keyfile" ]; then
- echo "Failed to find $crypto_keyfile"
- exit 1
-fi
-
-readarray -t devnames < <(
- find \
- /etc/systemd/system/basic.target.wants/ \
- -maxdepth 1 \
- -name 'disable-crypto_keyfile@*' \
- -printf '%f\0' \
- | xargs -0 -n1 systemd-escape -u --instance
-)
-
-if [ ${#devnames[@]} = 0 ]; then
- echo "Failed to find your encrypted device. You must have disable-crypto_keyfile@.service enabled."
- exit 1
-fi
-
-echo -n "Enter password for devices: "
-read -r -s pw
-echo ""
-for devname in "${devnames[@]}"; do
- echo "Adding key to $devname"
- sudo cryptsetup luksAddKey "$devname" "$crypto_keyfile" --new-key-slot 7 <<EOF
-${pw}
-EOF
-done
-
-$reboot_cmd