muhammed: Add Wraath network volume

2 files changed, 43 insertions, 0 deletions

diff --git a/hosts/muhammed/configuration.nix b/hosts/muhammed/configuration.nix
index f3908b2..c082ea9 100644
--- a/hosts/muhammed/configuration.nix
+++ b/hosts/muhammed/configuration.nix
@@ -2,6 +2,7 @@
 {flakeInputs, ...}: {
   imports = [
     ./home
+    ./wraaath-sshfs
   ];
 
   # Specify the location of this configuration file. Very meta.
diff --git a/hosts/muhammed/wraaath-sshfs/default.nix b/hosts/muhammed/wraaath-sshfs/default.nix
new file mode 100644
index 0000000..1f5f793
--- /dev/null
+++ b/hosts/muhammed/wraaath-sshfs/default.nix
@@ -0,0 +1,42 @@
+{
+  pkgs,
+  config,
+  ...
+}: {
+  # TEMP: Tell age that secrets should be decrypted through personal key.
+  # FIXME: These should probably be rekeyed with a system-wide key.
+  age.identityPaths = [
+    "${config.users.users.linus.home}/.ssh/id_rsa"
+  ];
+
+  # The current setup is an SFTP server with the username 'linus' and a
+  # password. This is far from ideal but beggars can't be choosers...
+  age.secrets.wraaath-sftp-password.file = ../../../secrets/wraaath-sftp-password.txt.age;
+
+  launchd.daemons.wraaath-sftp = {
+    script = ''
+      set -xue
+
+      # Create the mount point.
+      # Should be automatically deleted upon unmount.
+      mkdir -p /Volumes/Wraaath
+
+      # Start a MacFUSE daemon.
+      # Will run in background mode, as foreground mode broke everything for some reason.
+      exec ${pkgs.sshfs}/bin/sshfs [email protected]:/ /Volumes/Wraaath \
+        -p 2222 \
+        -o volname=Wraath \
+        -o reconnect \
+        -o allow_other \
+        -o password_stdin <${config.age.secrets.wraaath-sftp-password.path}
+    '';
+
+    serviceConfig = {
+      # XXX
+      AbandonProcessGroup = true;
+
+      # XXX
+      KeepAlive.NetworkState = true;
+    };
+  };
+}