diff options
| -rw-r--r-- | system/encryption.nix | 23 |
1 files changed, 17 insertions, 6 deletions
diff --git a/system/encryption.nix b/system/encryption.nix index 152d657..76a4245 100644 --- a/system/encryption.nix +++ b/system/encryption.nix @@ -1,17 +1,28 @@ {pkgs, ...}: { - environment.systemPackages = with pkgs; [ - cryptsetup - ]; - environment.etc."crypttab" = { text = '' - ssh-keys UUID=da31e270-80d4-4a89-9633-87dd4d736ca2 none noauto,x-systemd.device-timeout=0 + ssh-keys UUID=your-uuid-here none noauto,x-systemd.device-timeout=0 ''; }; fileSystems."/mnt/ssh-keys" = { device = "/dev/mapper/ssh-keys"; fsType = "ext4"; - options = ["noauto" "nofail" "x-systemd.automount" "x-systemd.idle-timeout=300"]; + options = ["noauto" "nofail" "users" "exec"]; }; + + # define the scripts as system commands + environment.systemPackages = with pkgs; [ + cryptsetup + (writeShellScriptBin "keys-mount" '' + sudo systemctl start systemd-cryptsetup@ssh\x2dkeys.service + sudo mount /mnt/ssh-keys + ssh-add /mnt/ssh-keys/id_ed25519 + '') + (writeShellScriptBin "keys-umount" '' + ssh-add -d /mnt/ssh-keys/id_ed25519 + sudo umount /mnt/ssh-keys + sudo systemctl stop systemd-cryptsetup@ssh\x2dkeys.service + '') + ]; } |