summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--common.nix1
-rw-r--r--hosts/cez/modules/sshfs.nix11
-rw-r--r--hosts/cez/secrets.yaml7
3 files changed, 13 insertions, 6 deletions
diff --git a/common.nix b/common.nix
index dac1a0f..188cefb 100644
--- a/common.nix
+++ b/common.nix
@@ -33,6 +33,7 @@ in
users.users.${user} = {
inherit description;
isNormalUser = true;
+ uid = 1000;
extraGroups = [
"wheel"
"adbusers"
diff --git a/hosts/cez/modules/sshfs.nix b/hosts/cez/modules/sshfs.nix
index a1f1904..a9ff183 100644
--- a/hosts/cez/modules/sshfs.nix
+++ b/hosts/cez/modules/sshfs.nix
@@ -1,22 +1,27 @@
{ config, pkgs, ... }:
let
- user = config.userdata.user;
domain = config.userdata.domain;
+ user = config.userdata.user;
+ uid = config.users.users.${user}.uid;
+ gid = config.users.groups.users.gid;
in
{
+ sops.secrets."misc/sftp" = {};
system.fsPackages = with pkgs; [ sshfs ];
fileSystems."/kay" = {
- device = "${user}@${domain}:";
+ device = "sftp@${domain}:";
fsType = "sshfs";
options = [
"allow_other" # for non-root access
+ "uid=${toString uid}"
+ "gid=${toString gid}"
"_netdev" # this is a network fs
"x-systemd.automount" # mount on demand
"reconnect" # handle connection drops
"ServerAliveInterval=15" # keep connections alive
- "IdentityFile=/var/secrets/ssh/${user}.key"
+ "IdentityFile=${config.sops.secrets."misc/sftp".path}"
];
};
}
diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml
index d2a0348..d786971 100644
--- a/hosts/cez/secrets.yaml
+++ b/hosts/cez/secrets.yaml
@@ -1,4 +1,5 @@
misc:
+ sftp: ENC[AES256_GCM,data:/UuNJt9BlrheSQpFcUuIr/syKWtoDT6J4GRFtVCMOTCt8uPwnNZgi5JFb4JWMfVnBoUYMms9aDMFN4yF6xYT2FL6Tq44Uxtg8Ig4L75l34+zy/BPfQ8y7KeWCffLtGvOh8cdIKPa5UGQjsoT91cBw340oQOhG8x8oLWzwPL8ySJbWnFAZ53NIV8w7MqL/CsePN16SnBSi5pGgQIxcti8miLxaKVen6JOw+DCe6sWM2s/IEKpGjnTcUBSRMikbJ5qftGl9+wjHolNFiMP0gveK7UxP32OsgGvFDvASqVnY+SogvavUE6fqUroV3extzVIfMUEUQukeDBc4YSDNCk5YSX+0DRcO8pKRwBA2brLGteOaXhxsMxvJKlzXt6dSGKlMyNjEnlKgGDcR0V3Wx1AF/EwGl0t+zlTyiXCN3Fq+pwErx7r3JxMnUbSiGIWv+1djNt5CtTWNp+kMd9Kbz9d8Hubn5Ae3UUvnXpm2Je52CJkhqDrq0AE1RM3UvnMV44mmvvTrwoqX6FJ8o3EqNiB3DXEk6viQuYJqclPNReYSgLYGMxfieEAwvbjTtiTsBI3fakbfEeP0RUe2JxUTA8=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:SKNSBPj8IG0aeooIoo7vAQ==,type:str]
wireguard: ENC[AES256_GCM,data:4N0ZJd4p+Oik55XMhaEzZKpR66zEZxKfoqSnhYqf3W5BWsuDXGZFRi8xleY=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:0cJq8LFuNdkIiVgMgX/O2w==,type:str]
sops:
kms: []
@@ -15,8 +16,8 @@ sops:
OHpabE5RaGl6d3F6K04rSGcrRGVMWE0K+1n6tSJYovD1BBuHlR8VRoHq81ZuKlKx
S956gXSTXxqCpPjE7K4PXE8lEsPq6Yh6sMxd6TPZ9QnSRibV7gnsGg==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2023-09-11T10:48:49Z"
- mac: ENC[AES256_GCM,data:/Pb5W9E6nwkOmF3bJfYIVnXDY5BKwuSs7sjJPit2N97oBHJQg6aJcarJRmC9RKtmI+owe+9Sd6GQ8ZDJKemkppdnFhtgYhcNNe2O9p4C/Yv27zfKDd7dTgoL9g759KJOqDrOyoMVZtDDB7wizI4BY9L3YiUm/dplUbDDlrvBtYs=,iv:Ihw0f6lxz7sPjeq0KX4DfAKov2ofs49vLRb392aUtPo=,tag:JXYHHZcNsb28wTUtm4uaVQ==,type:str]
+ lastmodified: "2024-01-02T10:58:46Z"
+ mac: ENC[AES256_GCM,data:rjLgSUpCiQ+I3Mi5Sres030O6Af7hpR0J5EZ9b0HTM0aqi5WXp84b/I/zmJuMBaWFGrckZqVnuKDPpGtK45BIb8xU9EaNjFiP5CllVJXbEvysFloEAC6dPViYmx7xDxdcGzF7cuCJS1+vMaIuOFiK83x2jet5+fI0aivBnS2O7Q=,iv:sys4yBcsSGRhmplM8fDEQqpdbDdWNDLzc5qP9cyntn8=,tag:RAjr3rVHrBO40gO+dcu3zw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
- version: 3.7.3
+ version: 3.8.1