26 lines
902 B
Nix
26 lines
902 B
Nix
{ lib, pkgs, ... }:
|
|
let
|
|
usb_label = "my_usb";
|
|
usb_path = "/usb";
|
|
onInsert = pkgs.writeShellScriptBin "usb-on-insert" ''
|
|
umount /usb || true
|
|
mount $(findfs LABEL=${usb_label}) -o rw,umask=600,uid=chaos,gid=root,fmask=0022,dmask=0022 ${usb_path}
|
|
touch /home/chaos/.ssh/id_ed25519 /home/chaos/.ssh/id_ed25519.pub
|
|
bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.priv /home/chaos/.ssh/id_ed25519
|
|
bindfs -n -r -p 0700 -o nonempty /usb/ssh-keys/chaos.pub /home/chaos/.ssh/id_ed25519.pub
|
|
'';
|
|
in {
|
|
systemd.tmpfiles.rules = [ "d ${usb_path} - chaos root" ];
|
|
|
|
systemd.services.usb-automount = {
|
|
path = [ pkgs.util-linux pkgs.bindfs ];
|
|
script = ''
|
|
${onInsert}/bin/usb-on-insert
|
|
'';
|
|
};
|
|
|
|
services.udev.extraRules = ''
|
|
ACTION=="add", ENV{ID_FS_LABEL}=="${usb_label}", ENV{SYSTEMD_WANTS}="usb-automount.service", ENV{UDISKS_PRESENTATION_HIDE}="1"
|
|
'';
|
|
}
|