TheCodedProf | bdc2345 | 2023-06-14 13:39:10 -0400 | [diff] [blame] | 1 | { lib, config, ... }: |
| 2 | let |
Skyler Grey | a78aa67 | 2023-05-20 13:48:18 +0200 | [diff] [blame] | 3 | cfg = config.scalpel; |
TheCodedProf | bdc2345 | 2023-06-14 13:39:10 -0400 | [diff] [blame] | 4 | in |
| 5 | { |
Skyler Grey | a78aa67 | 2023-05-20 13:48:18 +0200 | [diff] [blame] | 6 | system.activationScripts.scalpelCreateStore.text = lib.mkForce '' |
| 7 | echo "[scalpel] Ensuring existance of ${cfg.secretsDir}" |
| 8 | mkdir -p ${cfg.secretsDir} |
| 9 | grep -q "${cfg.secretsDir} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsDir}" -o nodev,nosuid,mode=0751 |
| 10 | |
| 11 | echo "[scalpel] Clearing old secrets from ${cfg.secretsDir}" |
| 12 | find '${cfg.secretsDir}' -wholename '${cfg.secretsDir}' -o -prune -exec rm -rf -- {} + |
| 13 | ''; |
| 14 | } |