~cyplo/dotfiles

2cfef0623e1b4c2504781c29647d47f98e254c99 — Cyryl Płotnicki 2 months ago 399718a
basic vault scripts added
3 files changed, 86 insertions(+), 97 deletions(-)

M nixos/home-manager/scripts.nix
R tools/mount-vault => nixos/home-manager/scripts/mount-vault.nix -rwxr-xr-x => -rw-r--r--
A nixos/home-manager/scripts/umount-vault.nix
M nixos/home-manager/scripts.nix => nixos/home-manager/scripts.nix +6 -56
@@ 1,57 1,7 @@
{ config, pkgs, ... }:

let
  mount-vault = pkgs.writeTextFile {
    name = "mount-vault";
    executable = true;
    destination = "/bin/mount-vault";
    text = ''
      #!/usr/bin/env bash

      set -e
      set -o pipefail

      VERACRYPT="veracrypt"
      if [[ "$OSTYPE" == "darwin"* ]]; then
        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
      fi

      MOUNT_TARGET=$2
      if [[ -z "$MOUNT_TARGET" ]]; then
        MOUNT_TARGET=$HOME/.vault
      fi

      sudo chown $USER "$MOUNT_TARGET"
      mkdir -p "$MOUNT_TARGET"

      MOUNT_SOURCE=$1
      if [[ -z "$MOUNT_SOURCE" ]]; then
        MOUNT_SOURCE="$HOME/vaults/vault.vera"
      fi

      chmod a+x "$MOUNT_SOURCE"

      if [[ -z "$VAULT_PASSWORD" ]]; then
        echo "interactive mount"
        $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
      else
        echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
        sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
      fi
      echo "mounted"
      sudo chown $USER "$MOUNT_TARGET"
      echo "chowned"

      echo "$MOUNT_SOURCE -> $MOUNT_TARGET"

      if [[ -z $NO_INSTALL_VAULT ]]; then
        "$MOUNT_TARGET/install"
      fi
    '';
  };

in
  {

    home.packages = with pkgs; [ mount-vault ];
  }
{
  imports = [
    ./scripts/mount-vault.nix
    ./scripts/umount-vault.nix
  ];
}

R tools/mount-vault => nixos/home-manager/scripts/mount-vault.nix +57 -41
@@ 1,41 1,57 @@
#!/usr/bin/env bash

set -e
set -o pipefail

VERACRYPT="veracrypt"
if [[ "$OSTYPE" == "darwin"* ]]; then
  VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
fi

MOUNT_TARGET=$2
if [[ -z "$MOUNT_TARGET" ]]; then
  MOUNT_TARGET=$HOME/.vault
fi

sudo chown $USER "$MOUNT_TARGET"
mkdir -p "$MOUNT_TARGET"

MOUNT_SOURCE=$1
if [[ -z "$MOUNT_SOURCE" ]]; then
  MOUNT_SOURCE="$HOME/vaults/vault.vera"
fi

chmod a+x "$MOUNT_SOURCE"

if [[ -z "$VAULT_PASSWORD" ]]; then
  echo "interactive mount"
  $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
else
  echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
  sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
fi
echo "mounted"
sudo chown $USER "$MOUNT_TARGET"
echo "chowned"

echo "$MOUNT_SOURCE -> $MOUNT_TARGET"

if [[ -z $NO_INSTALL_VAULT ]]; then
  "$MOUNT_TARGET/install"
fi
{ config, pkgs, ... }:

let
  mount-vault = pkgs.writeTextFile {
    name = "mount-vault";
    executable = true;
    destination = "/bin/mount-vault";
    text = ''
      #!/usr/bin/env bash

      set -e
      set -o pipefail

      VERACRYPT="veracrypt"
      if [[ "$OSTYPE" == "darwin"* ]]; then
        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
      fi

      MOUNT_TARGET=$2
      if [[ -z "$MOUNT_TARGET" ]]; then
        MOUNT_TARGET=$HOME/.vault
      fi

      sudo chown $USER "$MOUNT_TARGET"
      mkdir -p "$MOUNT_TARGET"

      MOUNT_SOURCE=$1
      if [[ -z "$MOUNT_SOURCE" ]]; then
        MOUNT_SOURCE="$HOME/vaults/vault.vera"
      fi

      chmod a+x "$MOUNT_SOURCE"

      if [[ -z "$VAULT_PASSWORD" ]]; then
        echo "interactive mount"
        $VERACRYPT -t --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
      else
        echo "non-interactive mount of '$MOUNT_SOURCE' to '$MOUNT_TARGET'"
        sudo $VERACRYPT -t --non-interactive -p $VAULT_PASSWORD --mount "$MOUNT_SOURCE" "$MOUNT_TARGET"
      fi
      echo "mounted"
      sudo chown $USER "$MOUNT_TARGET"
      echo "chowned"

      echo "$MOUNT_SOURCE -> $MOUNT_TARGET"

      if [[ -z $NO_INSTALL_VAULT ]]; then
        "$MOUNT_TARGET/install"
      fi
    '';
  };

in
  {

    home.packages = with pkgs; [ mount-vault ];
  }

A nixos/home-manager/scripts/umount-vault.nix => nixos/home-manager/scripts/umount-vault.nix +23 -0
@@ 0,0 1,23 @@
{ config, pkgs, ... }:

let
  umount-vault = pkgs.writeTextFile {
    name = "umount-vault";
    executable = true;
    destination = "/bin/umount-vault";
    text = ''
      #!/usr/bin/env bash

      set -e
      VERACRYPT="veracrypt"
      if [[ "$OSTYPE" == "darwin"* ]]; then
        VERACRYPT="/Applications/VeraCrypt.app/Contents/MacOS/VeraCrypt"
      fi
      $VERACRYPT -t -d
    '';
  };

in
  {
    home.packages = with pkgs; [ umount-vault ];
  }