diff options
| author | Natasha Moongrave <natasha@256phi.eu> | 2026-05-13 13:08:42 +0200 |
|---|---|---|
| committer | Natasha Moongrave <natasha@256phi.eu> | 2026-05-13 13:08:42 +0200 |
| commit | 9a84489bcd64385c1d453efef77ed0b1bf7e38c0 (patch) | |
| tree | 47416db54981c652a5ab389fed116715ae3af12c | |
| parent | 2ef03814e462de1bedb3832186bc71cb0b1432a0 (diff) | |
Updated encryption to mount all of my tools on the usb when running keys-mount
| -rw-r--r-- | system/encryption.nix | 34 |
1 files changed, 19 insertions, 15 deletions
diff --git a/system/encryption.nix b/system/encryption.nix index 111f5ef..f7ec45e 100644 --- a/system/encryption.nix +++ b/system/encryption.nix @@ -2,47 +2,51 @@ # The encrypted USB is NOT part of boot anymore # We do NOT use crypttab or systemd-cryptsetup units at all + systemd.tmpfiles.rules = [ + "d /mnt/ssh-keys 0755 root root -" + "d /mnt/nixos-config 0755 root root -" + "d /mnt/storage 0755 root root -" + "d /mnt/tools 0755 root root -" + ]; + environment.systemPackages = with pkgs; [ cryptsetup - # 🔓 Mount + unlock + load SSH key (writeShellScriptBin "keys-mount" '' set -e - DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c" NAME="ssh-keys" MNT="/mnt/ssh-keys" - + MNT_CONFIG="/mnt/nixos-config" + MNT_STORAGE="/mnt/storage" + MNT_TOOLS="/mnt/tools" echo "🔐 Unlocking encrypted USB..." sudo cryptsetup open "$DEVICE" "$NAME" - - echo "📂 Mounting..." + echo "📂 Mounting partitions..." sudo mount "/dev/mapper/$NAME" "$MNT" - - echo "🔑 Adding SSH key..." + sudo mount -L nixos-config "$MNT_CONFIG" + sudo mount -L storage "$MNT_STORAGE" + sudo mount -L tools "$MNT_TOOLS" + echo "🔑 Adding SSH keys..." ssh-add "$MNT/poseidon" ssh-add "$MNT/apollo" - echo "✅ Done" '') - # 🔒 Clean unmount + lock (writeShellScriptBin "keys-umount" '' set -e - MNT="/mnt/ssh-keys" NAME="ssh-keys" - - echo "🔑 Removing SSH key..." + echo "🔑 Removing SSH keys..." ssh-add -d "$MNT/poseidon" 2>/dev/null || true ssh-add -d "$MNT/apollo" 2>/dev/null || true - echo "📤 Unmounting..." + sudo umount /mnt/nixos-config || true + sudo umount /mnt/storage || true + sudo umount /mnt/tools || true sudo umount "$MNT" || true - echo "🔒 Closing encrypted device..." sudo cryptsetup close "$NAME" || true - echo "✅ Done" '') ]; |