commit 5b2c03820436e9330bb4684c0af85fe72be8675d
author Skyler Grey <skyler3665@gmail.com> Mon May 29 11:09:05 2023 +0200
committer Skyler Grey <skyler3665@gmail.com> Tue Jun 06 23:46:51 2023 +0200
tree 25730ced48a0edd2ea1e34d8f0f8de611545b911
parent b3516c2fa7d5c0367ddde969833daa9705e5ca25

Add a script for root to easily mount mongodb and force a static ip

modules/ecryptfs.nix

diff --git a/modules/ecryptfs.nix b/modules/ecryptfs.nix
index 81934a7..c54c93e 100644
--- a/modules/ecryptfs.nix
+++ b/modules/ecryptfs.nix
@@ -1,6 +1,21 @@
 { pkgs, ... }: {
-  environment.systemPackages = with pkgs; [
+  environment.systemPackages = with pkgs; let
+    unlock-database-script = writeScriptBin "unlock-database-encryption"
+      ''
+        if [ $UID -ne 0 ]; then
+          echo "unlock-database-encryption must be run as root"
+          exit 1
+        fi
+        ECRYPTFS_SIG=$(( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) | ecryptfs-insert-wrapped-passphrase-into-keyring ~/.ecryptfs/wrapped-passphrase - | sed -nr 's/.*\[(.*)\].*/\1/p')
+
+        keyctl link @u @s
+
+        mount -i -t ecryptfs /var/db/.mongodb-encrypted/ /var/db/mongodb -o ecryptfs_sig=$ECRYPTFS_SIG,ecryptfs_fnek_sig=$ECRYPTFS_SIG,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs
+      '';
+  in
+  [
     ecryptfs
     keyutils
+    unlock-database-script
   ];
 }