diff options
| author | Natasha Moongrave <natasha@256phi.eu> | 2026-06-12 13:37:13 +0200 |
|---|---|---|
| committer | Natasha Moongrave <natasha@256phi.eu> | 2026-06-12 13:37:13 +0200 |
| commit | 15d50528cf86e93bad19f65f1e4b47af49e94d71 (patch) | |
| tree | caaa600a8f38df84dc269a3844d276393e90262c /system/encryption.nix | |
| parent | 72ee2b5a1e65ce804d6e1dcfd11aec06385594cc (diff) | |
Nuked everything
Diffstat (limited to 'system/encryption.nix')
| -rw-r--r-- | system/encryption.nix | 62 |
1 files changed, 0 insertions, 62 deletions
diff --git a/system/encryption.nix b/system/encryption.nix deleted file mode 100644 index d5555a2..0000000 --- a/system/encryption.nix +++ /dev/null @@ -1,62 +0,0 @@ -{pkgs, ...}: { - # The encrypted USB is NOT part of boot anymore - # We do NOT use crypttab or systemd-cryptsetup units at all - - systemd.tmpfiles.rules = [ - "d /mnt/ssh-keys 0755 root root -" - "d /mnt/nixos-config 0755 root root -" - "d /mnt/storage 0755 root root -" - "d /mnt/tools 0755 root root -" - "d /mnt/isos 0755 root root -" - ]; - - environment.systemPackages = with pkgs; [ - cryptsetup - # 🔓 Mount + unlock + load SSH key - (writeShellScriptBin "keys-mount" '' - set -e - DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c" - NAME="ssh-keys" - MNT="/mnt/ssh-keys" - MNT_CONFIG="/mnt/nixos-config" - MNT_STORAGE="/mnt/storage" - MNT_TOOLS="/mnt/tools" - echo "🔐 Unlocking encrypted USB..." - sudo cryptsetup open "$DEVICE" "$NAME" - echo "📂 Mounting partitions..." - sudo mount "/dev/mapper/$NAME" "$MNT" - sudo mount -L nixos-config "$MNT_CONFIG" - sudo mount -L storage "$MNT_STORAGE" - sudo mount -L tools "$MNT_TOOLS" - echo "🔑 Adding SSH keys..." - ssh-add "$MNT/poseidon" - ssh-add "$MNT/apollo" - ssh-add "$MNT/codeberg" - ssh-add "$MNT/gitlab-keys" - echo "🔑 Importing GPG key..." - gpg --import "$MNT/gpg-privkey.asc" - echo "✅ Done" - '') - # 🔒 Clean unmount + lock - (writeShellScriptBin "keys-umount" '' - set -e - MNT="/mnt/ssh-keys" - NAME="ssh-keys" - echo "🔑 Removing SSH keys..." - ssh-add -d "$MNT/poseidon" 2>/dev/null || true - ssh-add -d "$MNT/apollo" 2>/dev/null || true - ssh-add -d "$MNT/codeberg" 2>/dev/null || true - ssh-add -d "$MNT/gitlab-keys" 2>/dev/null || true - echo "🔑 Clearing GPG key..." - gpgconf --kill gpg-agent - echo "📤 Unmounting..." - sudo umount /mnt/nixos-config || true - sudo umount /mnt/storage || true - sudo umount /mnt/tools || true - sudo umount "$MNT" || true - echo "🔒 Closing encrypted device..." - sudo cryptsetup close "$NAME" || true - echo "✅ Done" - '') - ]; -} |