nixfiles/profiles/usb-automount.nix

40 lines
1.3 KiB
Nix
Raw Normal View History

2022-12-04 16:10:00 +00:00
{pkgs, ...}: let
usb_data = import ../data/usb_data.nix {};
2022-12-14 10:08:14 +00:00
enc_usb_mount = pkgs.writeShellScriptBin "enc_usb_mount" ''
set -x
${enc_usb_unmount}/bin/enc_usb_unmount
cat /secrets/usb_encryption_passphrase | cryptsetup luksOpen ${usb_data.encrypted_path} ${usb_data.mapper_name}_afterboot -
mount ${usb_data.mapper_path}_afterboot -o rw ${usb_data.mountpoint}
2022-11-10 11:25:33 +00:00
'';
2022-12-14 10:11:51 +00:00
2022-12-14 10:08:14 +00:00
enc_usb_unmount = pkgs.writeShellScriptBin "enc_usb_unmount" ''
set -x
2022-11-10 11:25:33 +00:00
umount -flR ${usb_data.mountpoint} || true
2022-12-14 10:08:14 +00:00
cryptsetup close ${usb_data.mapper_name}_afterboot || true
2022-11-10 11:25:33 +00:00
'';
in {
2022-12-14 10:08:14 +00:00
environment.systemPackages = [enc_usb_mount enc_usb_unmount];
2022-11-10 11:25:33 +00:00
systemd.tmpfiles.rules = ["d ${usb_data.mountpoint} - chaos root"];
2022-11-10 11:25:33 +00:00
2022-12-14 10:08:14 +00:00
systemd.services.enc-usb-mount = {
path = [pkgs.util-linux pkgs.cryptsetup];
2022-12-14 10:08:14 +00:00
wantedBy = ["multi-user.target"];
2022-11-10 11:25:33 +00:00
script = ''
2022-12-14 10:08:14 +00:00
${enc_usb_mount}/bin/enc_usb_mount
2022-11-10 11:25:33 +00:00
'';
};
2022-12-14 10:08:14 +00:00
systemd.services.enc-usb-unmount = {
path = [pkgs.util-linux pkgs.cryptsetup];
2022-11-10 11:25:33 +00:00
script = ''
2022-12-14 10:08:14 +00:00
${enc_usb_unmount}/bin/enc_usb_unmount
2022-11-10 11:25:33 +00:00
'';
};
services.udev.extraRules = ''
2022-12-14 10:08:14 +00:00
ACTION=="add", ENV{PARTNAME}=="${usb_data.encrypted_partlabel}", ENV{SYSTEMD_WANTS}="enc-usb-mount.service", ENV{UDISKS_PRESENTATION_HIDE}="1"
ACTION=="remove", ENV{PARTNAME}=="${usb_data.encrypted_partlabel}", ENV{SYSTEMD_WANTS}="enc-usb-unmount.service"
2022-11-10 11:25:33 +00:00
'';
}