From 880ca20d73086666760e7416b6871e941d2c5bd3 Mon Sep 17 00:00:00 2001 From: sinanmohd Date: Tue, 2 Jan 2024 16:32:52 +0530 Subject: cez/sshfs: refactor to reflect changes made in 84fb4de --- hosts/cez/modules/sshfs.nix | 11 ++++++++--- hosts/cez/secrets.yaml | 7 ++++--- 2 files changed, 12 insertions(+), 6 deletions(-) (limited to 'hosts') diff --git a/hosts/cez/modules/sshfs.nix b/hosts/cez/modules/sshfs.nix index a1f1904..a9ff183 100644 --- a/hosts/cez/modules/sshfs.nix +++ b/hosts/cez/modules/sshfs.nix @@ -1,22 +1,27 @@ { config, pkgs, ... }: let - user = config.userdata.user; domain = config.userdata.domain; + user = config.userdata.user; + uid = config.users.users.${user}.uid; + gid = config.users.groups.users.gid; in { + sops.secrets."misc/sftp" = {}; system.fsPackages = with pkgs; [ sshfs ]; fileSystems."/kay" = { - device = "${user}@${domain}:"; + device = "sftp@${domain}:"; fsType = "sshfs"; options = [ "allow_other" # for non-root access + "uid=${toString uid}" + "gid=${toString gid}" "_netdev" # this is a network fs "x-systemd.automount" # mount on demand "reconnect" # handle connection drops "ServerAliveInterval=15" # keep connections alive - "IdentityFile=/var/secrets/ssh/${user}.key" + "IdentityFile=${config.sops.secrets."misc/sftp".path}" ]; }; } diff --git a/hosts/cez/secrets.yaml b/hosts/cez/secrets.yaml index d2a0348..d786971 100644 --- a/hosts/cez/secrets.yaml +++ b/hosts/cez/secrets.yaml @@ -1,4 +1,5 @@ misc: + sftp: ENC[AES256_GCM,data:/UuNJt9BlrheSQpFcUuIr/syKWtoDT6J4GRFtVCMOTCt8uPwnNZgi5JFb4JWMfVnBoUYMms9aDMFN4yF6xYT2FL6Tq44Uxtg8Ig4L75l34+zy/BPfQ8y7KeWCffLtGvOh8cdIKPa5UGQjsoT91cBw340oQOhG8x8oLWzwPL8ySJbWnFAZ53NIV8w7MqL/CsePN16SnBSi5pGgQIxcti8miLxaKVen6JOw+DCe6sWM2s/IEKpGjnTcUBSRMikbJ5qftGl9+wjHolNFiMP0gveK7UxP32OsgGvFDvASqVnY+SogvavUE6fqUroV3extzVIfMUEUQukeDBc4YSDNCk5YSX+0DRcO8pKRwBA2brLGteOaXhxsMxvJKlzXt6dSGKlMyNjEnlKgGDcR0V3Wx1AF/EwGl0t+zlTyiXCN3Fq+pwErx7r3JxMnUbSiGIWv+1djNt5CtTWNp+kMd9Kbz9d8Hubn5Ae3UUvnXpm2Je52CJkhqDrq0AE1RM3UvnMV44mmvvTrwoqX6FJ8o3EqNiB3DXEk6viQuYJqclPNReYSgLYGMxfieEAwvbjTtiTsBI3fakbfEeP0RUe2JxUTA8=,iv:VyhdbfiiQJqG6cKAz6WjmlG3MkM25VzQzfCt1qYgH4M=,tag:SKNSBPj8IG0aeooIoo7vAQ==,type:str] wireguard: ENC[AES256_GCM,data:4N0ZJd4p+Oik55XMhaEzZKpR66zEZxKfoqSnhYqf3W5BWsuDXGZFRi8xleY=,iv:hGgR3UcFeVGZjWJjdnVuQeUQtz3p4Lh6QRBJDfTr9Qo=,tag:0cJq8LFuNdkIiVgMgX/O2w==,type:str] sops: kms: [] @@ -15,8 +16,8 @@ sops: OHpabE5RaGl6d3F6K04rSGcrRGVMWE0K+1n6tSJYovD1BBuHlR8VRoHq81ZuKlKx S956gXSTXxqCpPjE7K4PXE8lEsPq6Yh6sMxd6TPZ9QnSRibV7gnsGg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-09-11T10:48:49Z" - mac: ENC[AES256_GCM,data:/Pb5W9E6nwkOmF3bJfYIVnXDY5BKwuSs7sjJPit2N97oBHJQg6aJcarJRmC9RKtmI+owe+9Sd6GQ8ZDJKemkppdnFhtgYhcNNe2O9p4C/Yv27zfKDd7dTgoL9g759KJOqDrOyoMVZtDDB7wizI4BY9L3YiUm/dplUbDDlrvBtYs=,iv:Ihw0f6lxz7sPjeq0KX4DfAKov2ofs49vLRb392aUtPo=,tag:JXYHHZcNsb28wTUtm4uaVQ==,type:str] + lastmodified: "2024-01-02T10:58:46Z" + mac: ENC[AES256_GCM,data:rjLgSUpCiQ+I3Mi5Sres030O6Af7hpR0J5EZ9b0HTM0aqi5WXp84b/I/zmJuMBaWFGrckZqVnuKDPpGtK45BIb8xU9EaNjFiP5CllVJXbEvysFloEAC6dPViYmx7xDxdcGzF7cuCJS1+vMaIuOFiK83x2jet5+fI0aivBnS2O7Q=,iv:sys4yBcsSGRhmplM8fDEQqpdbDdWNDLzc5qP9cyntn8=,tag:RAjr3rVHrBO40gO+dcu3zw==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.7.3 + version: 3.8.1 -- cgit v1.2.3