Blame - modules/ecryptfs.nix - Infra/NixFiles

blob: c54c93e6cf93b2d4b557ffb31f93e251e0f694a6 [file] [log] [blame]

Skyler Grey	488c2ad	2023-03-05 23:59:29 +0000	[diff] [blame]	1	{ pkgs, ... }: {
Skyler Grey	5b2c038	2023-05-29 11:09:05 +0200	[diff] [blame]	2	environment.systemPackages = with pkgs; let
				3	unlock-database-script = writeScriptBin "unlock-database-encryption"
				4	''
				5	if [ $UID -ne 0 ]; then
				6	echo "unlock-database-encryption must be run as root"
				7	exit 1
				8	fi
				9	ECRYPTFS_SIG=$(( stty -echo; printf "Passphrase: " 1>&2; read PASSWORD; stty echo; echo $PASSWORD; ) \| ecryptfs-insert-wrapped-passphrase-into-keyring ~/.ecryptfs/wrapped-passphrase - \| sed -nr 's/.\[(.)\].*/\1/p')
				10
				11	keyctl link @u @s
				12
				13	mount -i -t ecryptfs /var/db/.mongodb-encrypted/ /var/db/mongodb -o ecryptfs_sig=$ECRYPTFS_SIG,ecryptfs_fnek_sig=$ECRYPTFS_SIG,ecryptfs_cipher=aes,ecryptfs_key_bytes=32,ecryptfs_unlink_sigs
				14	'';
				15	in
				16	[
Skyler Grey	488c2ad	2023-03-05 23:59:29 +0000	[diff] [blame]	17	ecryptfs
Skyler Grey	cfefa66	2023-03-08 00:13:48 +0000	[diff] [blame]	18	keyutils
Skyler Grey	5b2c038	2023-05-29 11:09:05 +0200	[diff] [blame]	19	unlock-database-script
Skyler Grey	488c2ad	2023-03-05 23:59:29 +0000	[diff] [blame]	20	];
				21	}