Updated encryption.nix to also temporarily mount the gpg key when running keys-mount and unmount it when running keys-unmount

author: Natasha Moongrave <natasha@256phi.eu> 2026-05-15 11:52:14 +0200
committer: Natasha Moongrave <natasha@256phi.eu> 2026-05-15 11:52:14 +0200
commit: 9633029a33c25aa931f2acbdbbe447153be7929a (patch)
tree: db9108749252eb23f0d0384ebcbf1694cf6aa7ea /system
parent: 76c23294e2a7c6d5303cc40d0eb5f2873ade705f (diff)
1 files changed, 36 insertions, 32 deletions
diff --git a/system/encryption.nix b/system/encryption.nix
index 397fc98..69de31b 100644
--- a/system/encryption.nix
+++ b/system/encryption.nix
@@ -14,41 +14,45 @@
     cryptsetup
     # 🔓 Mount + unlock + load SSH key
     (writeShellScriptBin "keys-mount" ''
-      set -e
-      DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c"
-      NAME="ssh-keys"
-      MNT="/mnt/ssh-keys"
-      MNT_CONFIG="/mnt/nixos-config"
-      MNT_STORAGE="/mnt/storage"
-      MNT_TOOLS="/mnt/tools"
-      echo "🔐 Unlocking encrypted USB..."
-      sudo cryptsetup open "$DEVICE" "$NAME"
-      echo "📂 Mounting partitions..."
-      sudo mount "/dev/mapper/$NAME" "$MNT"
-      sudo mount -L nixos-config "$MNT_CONFIG"
-      sudo mount -L storage "$MNT_STORAGE"
-      sudo mount -L tools "$MNT_TOOLS"
-      echo "🔑 Adding SSH keys..."
-      ssh-add "$MNT/poseidon"
-      ssh-add "$MNT/apollo"
-      echo "✅ Done"
+             set -e
+             DEVICE="/dev/disk/by-uuid/d5aa2823-2023-410b-a83e-a4f707db5f7c"
+             NAME="ssh-keys"
+             MNT="/mnt/ssh-keys"
+             MNT_CONFIG="/mnt/nixos-config"
+             MNT_STORAGE="/mnt/storage"
+             MNT_TOOLS="/mnt/tools"
+             echo "🔐 Unlocking encrypted USB..."
+             sudo cryptsetup open "$DEVICE" "$NAME"
+             echo "📂 Mounting partitions..."
+             sudo mount "/dev/mapper/$NAME" "$MNT"
+             sudo mount -L nixos-config "$MNT_CONFIG"
+             sudo mount -L storage "$MNT_STORAGE"
+             sudo mount -L tools "$MNT_TOOLS"
+             echo "🔑 Adding SSH keys..."
+             ssh-add "$MNT/poseidon"
+             ssh-add "$MNT/apollo"
+             echo "🔑 Importing GPG key..."
+      gpg --import "$MNT/gpg-privkey.asc"
+             echo "✅ Done"
     '')
     # 🔒 Clean unmount + lock
     (writeShellScriptBin "keys-umount" ''
-      set -e
-      MNT="/mnt/ssh-keys"
-      NAME="ssh-keys"
-      echo "🔑 Removing SSH keys..."
-      ssh-add -d "$MNT/poseidon" 2>/dev/null || true
-      ssh-add -d "$MNT/apollo" 2>/dev/null || true
-      echo "📤 Unmounting..."
-      sudo umount /mnt/nixos-config || true
-      sudo umount /mnt/storage || true
-      sudo umount /mnt/tools || true
-      sudo umount "$MNT" || true
-      echo "🔒 Closing encrypted device..."
-      sudo cryptsetup close "$NAME" || true
-      echo "✅ Done"
+            set -e
+            MNT="/mnt/ssh-keys"
+            NAME="ssh-keys"
+            echo "🔑 Removing SSH keys..."
+            ssh-add -d "$MNT/poseidon" 2>/dev/null || true
+            ssh-add -d "$MNT/apollo" 2>/dev/null || true
+      	     echo "🔑 Clearing GPG key..."
+      gpgconf --kill gpg-agent
+            echo "📤 Unmounting..."
+            sudo umount /mnt/nixos-config || true
+            sudo umount /mnt/storage || true
+            sudo umount /mnt/tools || true
+            sudo umount "$MNT" || true
+            echo "🔒 Closing encrypted device..."
+            sudo cryptsetup close "$NAME" || true
+            echo "✅ Done"
     '')
   ];
 }
author	Natasha Moongrave <natasha@256phi.eu>	2026-05-15 11:52:14 +0200
committer	Natasha Moongrave <natasha@256phi.eu>	2026-05-15 11:52:14 +0200
commit	9633029a33c25aa931f2acbdbbe447153be7929a (patch)
tree	db9108749252eb23f0d0384ebcbf1694cf6aa7ea /system
parent	76c23294e2a7c6d5303cc40d0eb5f2873ade705f (diff)