Gitiles
Code Review Sign In
git.clicks.codes / Infra / NixFiles / 3e8dd8254f410b6e067693d27e48d2a30dd23e21 / . / modules / scalpel.nix
blob: 0e0e257602b78981aea2a492e9908fe37152445f [file] [log] [blame]
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]1{ lib, config, ... }:
2let
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]3 cfg = config.scalpel;
TheCodedProfbdc23452023-06-14 13:39:10 -0400[diff] [blame]4in
5{
Skyler Greya78aa672023-05-20 13:48:18 +0200[diff] [blame]6 system.activationScripts.scalpelCreateStore.text = lib.mkForce ''
7 echo "[scalpel] Ensuring existance of ${cfg.secretsDir}"
8 mkdir -p ${cfg.secretsDir}
9 grep -q "${cfg.secretsDir} ramfs" /proc/mounts || mount -t ramfs none "${cfg.secretsDir}" -o nodev,nosuid,mode=0751
10
11 echo "[scalpel] Clearing old secrets from ${cfg.secretsDir}"
12 find '${cfg.secretsDir}' -wholename '${cfg.secretsDir}' -o -prune -exec rm -rf -- {} +
13 '';
14}