michaelmrose · March 24, 2025 20:04
diff --git a/system-auth b/system-auth
 AFTER pam_unix.so

 auth optional pam_exec.so expose_authtok /usr/local/bin/zfs-unlock-home.sh ifok

 remainder redacted
diff --git a/zfs-unlock-home.sh b/zfs-unlock-home.sh
 #!/bin/bash

 # Adjust to match your dataset
 ZFS_DATASET="trident/home/michael"
 PASS=`cat -`

 # Only try if dataset is encrypted and not mounted
 if ! zfs get -H -o value mounted "$ZFS_DATASET" | grep -q "yes"; then
 echo attempting to load key and mount
  echo "$PASS" | zfs load-key "$ZFS_DATASET"
  zfs mount "$ZFS_DATASET"
 fi
	AFTER pam_unix.so

	auth optional pam_exec.so expose_authtok /usr/local/bin/zfs-unlock-home.sh ifok

	remainder redacted
	#!/bin/bash

	# Adjust to match your dataset
	ZFS_DATASET="trident/home/michael"
	PASS=`cat -`

	# Only try if dataset is encrypted and not mounted
	if ! zfs get -H -o value mounted "$ZFS_DATASET" \| grep -q "yes"; then
	echo attempting to load key and mount
	echo "$PASS" \| zfs load-key "$ZFS_DATASET"
	zfs mount "$ZFS_DATASET"
	fi