From 7d2a0e5f3f2d2d8ff5e7a3b0e8cc60cdb631e096 Mon Sep 17 00:00:00 2001
From: Natasha Moongrave <natasha@256phi.eu>
Date: Mon, 11 May 2026 12:56:10 +0200
Subject: Rewrote the encryption to allow for command line mounting unmounting
 and auto adding of ssh keys on usb stick

---
 system/encryption.nix | 23 +++++++++++++++++------
 1 file changed, 17 insertions(+), 6 deletions(-)

(limited to 'system')

diff --git a/system/encryption.nix b/system/encryption.nix
index 152d657..76a4245 100644
--- a/system/encryption.nix
+++ b/system/encryption.nix
@@ -1,17 +1,28 @@
 {pkgs, ...}: {
-  environment.systemPackages = with pkgs; [
-    cryptsetup
-  ];
-
   environment.etc."crypttab" = {
     text = ''
-      ssh-keys UUID=da31e270-80d4-4a89-9633-87dd4d736ca2 none noauto,x-systemd.device-timeout=0
+      ssh-keys UUID=your-uuid-here none noauto,x-systemd.device-timeout=0
     '';
   };
 
   fileSystems."/mnt/ssh-keys" = {
     device = "/dev/mapper/ssh-keys";
     fsType = "ext4";
-    options = ["noauto" "nofail" "x-systemd.automount" "x-systemd.idle-timeout=300"];
+    options = ["noauto" "nofail" "users" "exec"];
   };
+
+  # define the scripts as system commands
+  environment.systemPackages = with pkgs; [
+    cryptsetup
+    (writeShellScriptBin "keys-mount" ''
+      sudo systemctl start systemd-cryptsetup@ssh\x2dkeys.service
+      sudo mount /mnt/ssh-keys
+      ssh-add /mnt/ssh-keys/id_ed25519
+    '')
+    (writeShellScriptBin "keys-umount" ''
+      ssh-add -d /mnt/ssh-keys/id_ed25519
+      sudo umount /mnt/ssh-keys
+      sudo systemctl stop systemd-cryptsetup@ssh\x2dkeys.service
+    '')
+  ];
 }
-- 
cgit v1.2.3