#!/bin/sh
AUTOPASS=""
SHM_MOUNTED=0
[ ! -d /dev/shm ] && { mkdir -p /dev/shm && mount -t tmpfs tmpfs /dev/shm && SHM_MOUNTED=1; }
trap 'rm -f /dev/shm/keys; [ $SHM_MOUNTED = 1 ] && umount /dev/shm' EXIT INT TERM
zpool=$(cat /proc/cmdline|grep -o 'root=ZFS=[^ ]*'|sed 's@root=ZFS=@@;s@/.*@@')
[ -z "$zpool" ] && { echo "zpool not found in cmdline"; exit 1; }
[ ! -f /dev/shm/keys ] && {
    if [ -n "$1" ]; then
        passphrase="$1"
    elif [ -n "$AUTOPASS" ] && [ -f "$AUTOPASS" ]; then
        passphrase=$(base64 -d "$AUTOPASS" | rev)
    else
        printf 'passphrase: '; stty -echo; IFS= read -r passphrase < /dev/tty; stty echo; echo
    fi
    openssl enc -d -aes-256-cbc -pbkdf2 -pass "pass:$passphrase" -in /etc/keys.enc -out /dev/shm/keys
}
[ ! -f /dev/shm/keys ] && { echo "keys not found"; exit 1; }
chmod 600 /dev/shm/keys
grep -v "$zpool" /dev/shm/keys|awk NF|while IFS=' ' read -r key uuid; do
    echo "Unlocking LUKS: $uuid"
    printf '%s' "$key"|cryptsetup open --key-file=- "UUID=$uuid" "$uuid" && echo "OK: $uuid" || echo "FAILED: $uuid"
done
echo "Importing ZFS pool: $zpool"
zpool import -f "$zpool" && echo "OK: $zpool" || { echo "FAILED: $zpool"; exit 1; }
echo "Loading ZFS key: $zpool"
grep " $zpool$" /dev/shm/keys|awk '{print $1}'|zfs load-key "$zpool" && echo "OK: zfs key loaded" || { echo "FAILED: zfs key"; exit 1; }
bootup