diff options
Diffstat (limited to 'hosts/muhammed/wraaath-sshfs/default.nix')
| -rw-r--r-- | hosts/muhammed/wraaath-sshfs/default.nix | 42 |
1 files changed, 42 insertions, 0 deletions
diff --git a/hosts/muhammed/wraaath-sshfs/default.nix b/hosts/muhammed/wraaath-sshfs/default.nix new file mode 100644 index 0000000..1f5f793 --- /dev/null +++ b/hosts/muhammed/wraaath-sshfs/default.nix @@ -0,0 +1,42 @@ +{ + pkgs, + config, + ... +}: { + # TEMP: Tell age that secrets should be decrypted through personal key. + # FIXME: These should probably be rekeyed with a system-wide key. + age.identityPaths = [ + "${config.users.users.linus.home}/.ssh/id_rsa" + ]; + + # The current setup is an SFTP server with the username 'linus' and a + # password. This is far from ideal but beggars can't be choosers... + age.secrets.wraaath-sftp-password.file = ../../../secrets/wraaath-sftp-password.txt.age; + + launchd.daemons.wraaath-sftp = { + script = '' + set -xue + + # Create the mount point. + # Should be automatically deleted upon unmount. + mkdir -p /Volumes/Wraaath + + # Start a MacFUSE daemon. + # Will run in background mode, as foreground mode broke everything for some reason. + exec ${pkgs.sshfs}/bin/sshfs [email protected]:/ /Volumes/Wraaath \ + -p 2222 \ + -o volname=Wraath \ + -o reconnect \ + -o allow_other \ + -o password_stdin <${config.age.secrets.wraaath-sftp-password.path} + ''; + + serviceConfig = { + # XXX + AbandonProcessGroup = true; + + # XXX + KeepAlive.NetworkState = true; + }; + }; +} |