From 42ebb9a15521e5a6aae0150e2f1372df94b93ff4 Mon Sep 17 00:00:00 2001 From: colin Date: Fri, 16 Dec 2022 06:10:44 +0000 Subject: [PATCH] sane-private-do: run a command with the private store unlocked; then re-lock it --- pkgs/sane-scripts/default.nix | 1 + pkgs/sane-scripts/src/sane-private-do | 11 +++++++++++ pkgs/sane-scripts/src/sane-private-unlock | 3 +-- 3 files changed, 13 insertions(+), 2 deletions(-) create mode 100755 pkgs/sane-scripts/src/sane-private-do diff --git a/pkgs/sane-scripts/default.nix b/pkgs/sane-scripts/default.nix index 6aa01ed1..e3a052b3 100644 --- a/pkgs/sane-scripts/default.nix +++ b/pkgs/sane-scripts/default.nix @@ -56,6 +56,7 @@ resholve.mkDerivation { # these are used internally; probably a better fix "sane-mount-servo" + "sane-private-lock" "sane-private-unlock" ]; }; diff --git a/pkgs/sane-scripts/src/sane-private-do b/pkgs/sane-scripts/src/sane-private-do new file mode 100755 index 00000000..04586d90 --- /dev/null +++ b/pkgs/sane-scripts/src/sane-private-do @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +# unlock the ~/private store, run some command, and then re-lock the store + +set -x + +external_cmd=$@ + +sane-private-unlock +$external_cmd +exec sane-private-lock diff --git a/pkgs/sane-scripts/src/sane-private-unlock b/pkgs/sane-scripts/src/sane-private-unlock index fb518bd3..f63c1b89 100755 --- a/pkgs/sane-scripts/src/sane-private-unlock +++ b/pkgs/sane-scripts/src/sane-private-unlock @@ -2,8 +2,7 @@ set -ex -# configure persistent, encrypted storage that is auto-mounted on login. -# this is a one-time setup and user should log out/back in after running it. +# mounts ~/private mount=/home/colin/private cipher="/nix/persist$mount"