waffentrager: add elements drive service

2024-03-23 02:30:39 +01:00 · 2024-03-23 02:30:39 +01:00 · c47555fec7
parent e9998e42c3
commit c47555fec7
5 changed files with 44 additions and 4 deletions
--- a/configurations/host/waffentrager/default.nix
+++ b/configurations/host/waffentrager/default.nix
@ -5,5 +5,6 @@
    materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
    ./configuration.nix
    ./secrets
+    ./services
  ];
 }
--- a/configurations/host/waffentrager/secrets/default.nix
+++ b/configurations/host/waffentrager/secrets/default.nix
@ -1,4 +1,4 @@
-{ config, pkgs, lib, materusCfg, ... }:
+{ materusCfg, ... }:
 {
  imports =
    [
@ -23,5 +23,5 @@
  ];
  sops.secrets.wireguard = { };
  sops.secrets."users/materus" = { neededForUsers = true; };
-
+  sops.secrets.elements = { };
 }
--- a/configurations/host/waffentrager/secrets/secrets.yaml
+++ b/configurations/host/waffentrager/secrets/secrets.yaml
@ -1,4 +1,5 @@
 wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
+elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
 users:
    materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
 sops:
@ -16,8 +17,8 @@ sops:
            eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
            ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-21T18:19:14Z"
-    mac: ENC[AES256_GCM,data:W+DPXTyAZCMawijkbvNNe6UItS4ZVHY4qZ7hDOGkaMlziu9+e1awkvgmqg7H7gM0DgoAz17UE4uVIGB9Y/fnSc80Rk9sPZoNP8wnTwqzujmCyYIroi570aNQuNc6riTgaNcrSEefkzoATRUJvjbv63m+Sp5Vbl1kXepD3qaDDAU=,iv:HLOBwzemB8kqAE2DLoWeIIUUmp9i913bTG0onNdHAWY=,tag:cW0gP2TlUPY42NkWiWqICg==,type:str]
+    lastmodified: "2024-03-23T01:18:06Z"
+    mac: ENC[AES256_GCM,data:VJvZl1wOOqDkiYXJyWn1V952H0Wovt4qi/ErQ2J63seRsqD8k52KpraB44gRyuRc3AwoDjm4gSj6vkWFoSmE+RxxiR03ArscVanJOrsefDclAcp9DLlHxyVopsnmzbd5HMAt89RznCwRtbxHk+Nm22uBrBjw3Kqq4zmHAZKjAjo=,iv:1Fg0RE4td6LL2ruJmy8lTL6euK0p+R/E/dQPjrQB9cg=,tag:os41oy4Wfo/HxPi0ESaeDA==,type:str]
    pgp:
        - created_at: "2024-03-21T18:15:00Z"
          enc: |-
--- a/configurations/host/waffentrager/services/default.nix
+++ b/configurations/host/waffentrager/services/default.nix
@ -0,0 +1,8 @@
+{ ... }:
+{
+  imports =
+    [
+      ./elements.nix
+    ];
+  waffentragerService.elements.enable = true;
+}
--- a/configurations/host/waffentrager/services/elements.nix
+++ b/configurations/host/waffentrager/services/elements.nix
@ -0,0 +1,30 @@
+{ materusArg, config, lib, pkgs, ... }:
+{
+  options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
+  options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
+  options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
+
+  config =
+    let
+      cfg = config.waffentragerService.elements;
+    in
+    lib.mkIf cfg.enable {
+
+      systemd.services.elements-mount = {
+        wantedBy = [ "multi-user.target" ];
+        path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
+        serviceConfig.Type = "oneshot";
+        serviceConfig.RemainAfterExit = true;
+        script = ''
+          mkdir -p ${cfg.path}
+          cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
+          mount /dev/mapper/elements ${cfg.path}
+        '';
+        preStop = ''
+          umount ${cfg.path}
+          cryptsetup luksClose elements
+        '';
+      };
+
+    };
+}