waffentrager: add elements drive service
This commit is contained in:
parent
e9998e42c3
commit
c47555fec7
|
@ -5,5 +5,6 @@
|
||||||
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
|
materusCfg.configInputs.nixos-hardware.nixosModules.raspberry-pi-4
|
||||||
./configuration.nix
|
./configuration.nix
|
||||||
./secrets
|
./secrets
|
||||||
|
./services
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, pkgs, lib, materusCfg, ... }:
|
{ materusCfg, ... }:
|
||||||
{
|
{
|
||||||
imports =
|
imports =
|
||||||
[
|
[
|
||||||
|
@ -23,5 +23,5 @@
|
||||||
];
|
];
|
||||||
sops.secrets.wireguard = { };
|
sops.secrets.wireguard = { };
|
||||||
sops.secrets."users/materus" = { neededForUsers = true; };
|
sops.secrets."users/materus" = { neededForUsers = true; };
|
||||||
|
sops.secrets.elements = { };
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,4 +1,5 @@
|
||||||
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
|
wireguard: ENC[AES256_GCM,data:QLngCAtEa6wfRRrZwywbARhsS1oGj9+hGTlC1QV6xnRmlZLorAoftGb8jTg=,iv:rNbE0tfJKTjo0pPwfw3oKxOZmSO9PGgW/xDo9zi8lCU=,tag:ZT4mfXaToiR6SjzOwSz4HA==,type:str]
|
||||||
|
elements: ENC[AES256_GCM,data:Kh6ueReXpj9h5yQ3P0qY8X1ow4RRZD9zyXZLS6DUIIVuthgqgu9dPzBc7ojnz6nXoYTHt1I2LJJKLOGQYZC+iVxXOk+QADJMPwY4NCyeZ3prgvYMghlD,iv:WFA/UQ0XDFjpbgaDEacrBxkteLitXv3CJP54ANVSJHM=,tag:M+tTpTR0alvQxvUiP2MWlA==,type:str]
|
||||||
users:
|
users:
|
||||||
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
|
materus: ENC[AES256_GCM,data:MhPrMJ4/0oxEsFZDUKcYb3WMUWLI2ZbRTgnh1fQZG1Ly2J781jcUWtA8vVAdMBedNfWky0mDq5+KEQ/2fJNGU4IkTBvLdAqnWw==,iv:Dpl+M+x1weNIVkEsf3I/uXpG0SM6bDz+d9w7AYwn/MY=,tag:yGc1D2ODp6Te/QAztOj7yA==,type:str]
|
||||||
sops:
|
sops:
|
||||||
|
@ -16,8 +17,8 @@ sops:
|
||||||
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
|
eFN4VVdUMkVjcTVWNFdLM0xtbExLdncK6LYUufWzIcd2jFyEeZDypo0xkJQ4z91F
|
||||||
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
|
ULyGxJLLWl6/inYXtxHNdxIIPfwW+5yppBAbXaOgvABi1E7tf1JZcA==
|
||||||
-----END AGE ENCRYPTED FILE-----
|
-----END AGE ENCRYPTED FILE-----
|
||||||
lastmodified: "2024-03-21T18:19:14Z"
|
lastmodified: "2024-03-23T01:18:06Z"
|
||||||
mac: ENC[AES256_GCM,data:W+DPXTyAZCMawijkbvNNe6UItS4ZVHY4qZ7hDOGkaMlziu9+e1awkvgmqg7H7gM0DgoAz17UE4uVIGB9Y/fnSc80Rk9sPZoNP8wnTwqzujmCyYIroi570aNQuNc6riTgaNcrSEefkzoATRUJvjbv63m+Sp5Vbl1kXepD3qaDDAU=,iv:HLOBwzemB8kqAE2DLoWeIIUUmp9i913bTG0onNdHAWY=,tag:cW0gP2TlUPY42NkWiWqICg==,type:str]
|
mac: ENC[AES256_GCM,data:VJvZl1wOOqDkiYXJyWn1V952H0Wovt4qi/ErQ2J63seRsqD8k52KpraB44gRyuRc3AwoDjm4gSj6vkWFoSmE+RxxiR03ArscVanJOrsefDclAcp9DLlHxyVopsnmzbd5HMAt89RznCwRtbxHk+Nm22uBrBjw3Kqq4zmHAZKjAjo=,iv:1Fg0RE4td6LL2ruJmy8lTL6euK0p+R/E/dQPjrQB9cg=,tag:os41oy4Wfo/HxPi0ESaeDA==,type:str]
|
||||||
pgp:
|
pgp:
|
||||||
- created_at: "2024-03-21T18:15:00Z"
|
- created_at: "2024-03-21T18:15:00Z"
|
||||||
enc: |-
|
enc: |-
|
||||||
|
|
|
@ -0,0 +1,8 @@
|
||||||
|
{ ... }:
|
||||||
|
{
|
||||||
|
imports =
|
||||||
|
[
|
||||||
|
./elements.nix
|
||||||
|
];
|
||||||
|
waffentragerService.elements.enable = true;
|
||||||
|
}
|
|
@ -0,0 +1,30 @@
|
||||||
|
{ materusArg, config, lib, pkgs, ... }:
|
||||||
|
{
|
||||||
|
options.waffentragerService.elements.enable = materusArg.pkgs.lib.mkBoolOpt false "Enable elements drive";
|
||||||
|
options.waffentragerService.elements.path = lib.mkOption { default = "/var/lib/elements"; };
|
||||||
|
options.waffentragerService.elements.uuid = lib.mkOption { default = "e32039c6-e98d-44b0-8e7d-120994bf7be1"; };
|
||||||
|
|
||||||
|
config =
|
||||||
|
let
|
||||||
|
cfg = config.waffentragerService.elements;
|
||||||
|
in
|
||||||
|
lib.mkIf cfg.enable {
|
||||||
|
|
||||||
|
systemd.services.elements-mount = {
|
||||||
|
wantedBy = [ "multi-user.target" ];
|
||||||
|
path = [ pkgs.cryptsetup pkgs.coreutils pkgs.util-linux ];
|
||||||
|
serviceConfig.Type = "oneshot";
|
||||||
|
serviceConfig.RemainAfterExit = true;
|
||||||
|
script = ''
|
||||||
|
mkdir -p ${cfg.path}
|
||||||
|
cryptsetup luksOpen /dev/disk/by-uuid/${cfg.uuid} elements -d ${config.sops.secrets.elements.path}
|
||||||
|
mount /dev/mapper/elements ${cfg.path}
|
||||||
|
'';
|
||||||
|
preStop = ''
|
||||||
|
umount ${cfg.path}
|
||||||
|
cryptsetup luksClose elements
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
|
||||||
|
};
|
||||||
|
}
|
Loading…
Reference in New Issue