add a usb automount script for ssh key and age and stuff

home/base/zsh.nix

@@ -1,6 +1,5 @@
 { config, pkgs, ... }: {
-  home.packages = with pkgs; [ exa bat ripgrep vault ];
+  home.packages = with pkgs; [ exa bat ripgrep vault age ];
-
   programs.zsh = {
     enable = true;
     enableSyntaxHighlighting = true;
@@ -23,6 +22,8 @@
       log = "journalctl";
       dmesg = "dmesg -HP";
       hg = "history 0 | rg";
+      chaos_age = "age -i /usb/age-keys/chaoskey.priv";
+      chaos_pub = "cat /usb/age-keys/chaoskey.pub";
     };
     envExtra = ''
       export VAULT_ADDR="https://vault.owo.monster"

hosts/lappy/lappy.nix

@@ -9,6 +9,8 @@
     #profiles.printing
     profiles.sshd
 
+    hosts.lappy.profiles.usb-automount
+
     # required for dualsense controller
     profiles.kernels.latest
 

hosts/lappy/profiles/usb-automount.nix

@@ -0,0 +1,25 @@
+{ lib, pkgs, ... }:
+let
+  usb_label = "my_usb";
+  usb_path = "/usb";
+  onInsert = pkgs.writeShellScriptBin "usb-on-insert" ''
+    umount /usb || true
+    mount $(findfs LABEL=${usb_label}) -o rw,umask=600,uid=chaos,gid=root,fmask=0022,dmask=0022 ${usb_path}
+    touch /home/chaos/.ssh/id_ed25519 /home/chaos/.ssh/id_ed25519.pub
+    bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.priv /home/chaos/.ssh/id_ed25519
+    bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.pub /home/chaos/.ssh/id_ed25519.pub
+  '';
+in {
+  systemd.tmpfiles.rules = [ "d ${usb_path} - chaos root" ];
+
+  systemd.services.usb-automount = {
+    path = [ pkgs.util-linux pkgs.bindfs ];
+    script = ''
+      ${onInsert}/bin/usb-on-insert
+    '';
+  };
+
+  services.udev.extraRules = ''
+    ACTION=="add", ENV{ID_FS_LABEL}=="${usb_label}", ENV{SYSTEMD_WANTS}="usb-automount.service", ENV{UDISKS_PRESENTATION_HIDE}="1"
+  '';
+}