From fd2002bd6af8ef88b04441af74dbfe46a2aded27 Mon Sep 17 00:00:00 2001
From: Natasha Moongrave <natasha@256phi.eu>
Date: Mon, 11 May 2026 13:22:14 +0200
Subject: Fixed ssh-key mounting and permission issues

---
 system/encryption.nix | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

(limited to 'system/encryption.nix')

diff --git a/system/encryption.nix b/system/encryption.nix
index a3b60d4..441ad86 100644
--- a/system/encryption.nix
+++ b/system/encryption.nix
@@ -17,16 +17,25 @@
     (writeShellScriptBin "keys-mount" ''
       sudo systemctl start systemd-cryptsetup@ssh\\x2dkeys.service
       sudo mount /mnt/ssh-keys
-      ssh-add /mnt/ssh-keys/*
+      # Add all of my ssh-keys on the usb
+      ssh-add /mnt/ssh-keys/poseidon
     '')
     (writeShellScriptBin "keys-umount" ''
-      ssh-add -d /mnt/ssh-keys/*
+      # Do the same here
+      ssh-add -d /mnt/ssh-keys/poseidon
       sudo umount /mnt/ssh-keys
       sudo systemctl stop systemd-cryptsetup@ssh\\x2dkeys.service
     '')
   ];
 
-  systemd.tmpfiles.rules = [
-    "d /mnt/ssh-keys 0770 root ssh-keys -"
-  ];
+  systemd.services."ssh-keys-permissions" = {
+    wantedBy = ["multi-user.target"];
+    after = ["dev-mapper-ssh\\x2dkeys.device"];
+    script = ''
+      chown -R root:ssh-keys /mnt/ssh-keys
+      chmod 750 /mnt/ssh-keys
+      # And here
+      chmod 600 /mnt/ssh-keys/poseidon
+    '';
+  };
 }
-- 
cgit v1.2.3