blob: 1f5f7936564e8ac614e85d625d864beaef0331bb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
{
pkgs,
config,
...
}: {
# TEMP: Tell age that secrets should be decrypted through personal key.
# FIXME: These should probably be rekeyed with a system-wide key.
age.identityPaths = [
"${config.users.users.linus.home}/.ssh/id_rsa"
];
# The current setup is an SFTP server with the username 'linus' and a
# password. This is far from ideal but beggars can't be choosers...
age.secrets.wraaath-sftp-password.file = ../../../secrets/wraaath-sftp-password.txt.age;
launchd.daemons.wraaath-sftp = {
script = ''
set -xue
# Create the mount point.
# Should be automatically deleted upon unmount.
mkdir -p /Volumes/Wraaath
# Start a MacFUSE daemon.
# Will run in background mode, as foreground mode broke everything for some reason.
exec ${pkgs.sshfs}/bin/sshfs [email protected]:/ /Volumes/Wraaath \
-p 2222 \
-o volname=Wraath \
-o reconnect \
-o allow_other \
-o password_stdin <${config.age.secrets.wraaath-sftp-password.path}
'';
serviceConfig = {
# XXX
AbandonProcessGroup = true;
# XXX
KeepAlive.NetworkState = true;
};
};
}
|
