diff --git a/home/base/zsh.nix b/home/base/zsh.nix index 261c85b..8f97be3 100644 --- a/home/base/zsh.nix +++ b/home/base/zsh.nix @@ -1,6 +1,5 @@ { config, pkgs, ... }: { - home.packages = with pkgs; [ exa bat ripgrep vault ]; - + home.packages = with pkgs; [ exa bat ripgrep vault age ]; programs.zsh = { enable = true; enableSyntaxHighlighting = true; @@ -23,6 +22,8 @@ log = "journalctl"; dmesg = "dmesg -HP"; hg = "history 0 | rg"; + chaos_age = "age -i /usb/age-keys/chaoskey.priv"; + chaos_pub = "cat /usb/age-keys/chaoskey.pub"; }; envExtra = '' export VAULT_ADDR="https://vault.owo.monster" diff --git a/hosts/lappy/lappy.nix b/hosts/lappy/lappy.nix index 1043f81..fa83d3a 100644 --- a/hosts/lappy/lappy.nix +++ b/hosts/lappy/lappy.nix @@ -9,6 +9,8 @@ #profiles.printing profiles.sshd + hosts.lappy.profiles.usb-automount + # required for dualsense controller profiles.kernels.latest diff --git a/hosts/lappy/profiles/usb-automount.nix b/hosts/lappy/profiles/usb-automount.nix new file mode 100644 index 0000000..c1d9766 --- /dev/null +++ b/hosts/lappy/profiles/usb-automount.nix @@ -0,0 +1,25 @@ +{ lib, pkgs, ... }: +let + usb_label = "my_usb"; + usb_path = "/usb"; + onInsert = pkgs.writeShellScriptBin "usb-on-insert" '' + umount /usb || true + mount $(findfs LABEL=${usb_label}) -o rw,umask=600,uid=chaos,gid=root,fmask=0022,dmask=0022 ${usb_path} + touch /home/chaos/.ssh/id_ed25519 /home/chaos/.ssh/id_ed25519.pub + bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.priv /home/chaos/.ssh/id_ed25519 + bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.pub /home/chaos/.ssh/id_ed25519.pub + ''; +in { + systemd.tmpfiles.rules = [ "d ${usb_path} - chaos root" ]; + + systemd.services.usb-automount = { + path = [ pkgs.util-linux pkgs.bindfs ]; + script = '' + ${onInsert}/bin/usb-on-insert + ''; + }; + + services.udev.extraRules = '' + ACTION=="add", ENV{ID_FS_LABEL}=="${usb_label}", ENV{SYSTEMD_WANTS}="usb-automount.service", ENV{UDISKS_PRESENTATION_HIDE}="1" + ''; +}