diff options
| author | Natasha Moongrave <natasha@256phi.eu> | 2026-06-18 22:50:26 +0200 |
|---|---|---|
| committer | Natasha Moongrave <natasha@256phi.eu> | 2026-06-18 22:50:26 +0200 |
| commit | 64e98489467298205ef7291fbbfdcea2a1e51c42 (patch) | |
| tree | ed5b05329d48e6a26e7188a2cc0d9efebe1acb4b | |
| parent | 5fde8eb1727021a370b5203376271f41d84146a4 (diff) | |
Added keys.nix
| -rw-r--r-- | modules/system/keys.nix | 62 | ||||
| -rw-r--r-- | modules/system/system.nix | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/modules/system/keys.nix b/modules/system/keys.nix new file mode 100644 index 0000000..8c4a38c --- /dev/null +++ b/modules/system/keys.nix @@ -0,0 +1,62 @@ +# Mount and unmount scripts for the encrypted usb drive on my keys for easy access of ssh keys +{...}: { + flake.nixosModule.keys = {pkgs, ...}: { + systemd.tmpfiles.rules = [ + "d /mnt/ssh-keys 0755 root root -" + "d /mnt/nixos-config 0755 root root -" + "d /mnt/storage 0755 root root -" + "d /mnt/tools 0755 root root -" + "d /mnt/isos 0755 root root -" + ]; + + environment.systemPackages = with pkgs; [ + cryptsetup + # 🔓 Mount + unlock + load SSH key + (writeShellScriptBin "keys-mount" '' + set -e + DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c" + NAME="ssh-keys" + MNT="/mnt/ssh-keys" + MNT_CONFIG="/mnt/nixos-config" + MNT_STORAGE="/mnt/storage" + MNT_TOOLS="/mnt/tools" + echo "🔐 Unlocking encrypted USB..." + sudo cryptsetup open "$DEVICE" "$NAME" + echo "📂 Mounting partitions..." + sudo mount "/dev/mapper/$NAME" "$MNT" + sudo mount -L nixos-config "$MNT_CONFIG" + sudo mount -L storage "$MNT_STORAGE" + sudo mount -L tools "$MNT_TOOLS" + echo "🔑 Adding SSH keys..." + ssh-add "$MNT/poseidon" + ssh-add "$MNT/apollo" + ssh-add "$MNT/codeberg" + ssh-add "$MNT/gitlab-keys" + echo "🔑 Importing GPG key..." + gpg --import "$MNT/gpg-privkey.asc" + echo "✅ Done" + '') + # 🔒 Clean unmount + lock + (writeShellScriptBin "keys-umount" '' + set -e + MNT="/mnt/ssh-keys" + NAME="ssh-keys" + echo "🔑 Removing SSH keys..." + ssh-add -d "$MNT/poseidon" 2>/dev/null || true + ssh-add -d "$MNT/apollo" 2>/dev/null || true + ssh-add -d "$MNT/codeberg" 2>/dev/null || true + ssh-add -d "$MNT/gitlab-keys" 2>/dev/null || true + echo "🔑 Clearing GPG key..." + gpgconf --kill gpg-agent + echo "📤 Unmounting..." + sudo umount /mnt/nixos-config || true + sudo umount /mnt/storage || true + sudo umount /mnt/tools || true + sudo umount "$MNT" || true + echo "🔒 Closing encrypted device..." + sudo cryptsetup close "$NAME" || true + echo "✅ Done" + '') + ]; + }; +} diff --git a/modules/system/system.nix b/modules/system/system.nix index 283ea77..08259e7 100644 --- a/modules/system/system.nix +++ b/modules/system/system.nix @@ -11,6 +11,7 @@ }: { imports = [ self.nixosModules.nix # Nix configuration + self.nixosModules.keys # Configuration for encrypted drive on my keys ]; }; } |