programs: sane-private-change-passwd: rewrite based on how my system looks today
i haven't tested this
This commit is contained in:
parent
7c486492c8
commit
5b647a1a90
|
@ -101,7 +101,7 @@ let
|
||||||
private-change-passwd = static-nix-shell.mkBash {
|
private-change-passwd = static-nix-shell.mkBash {
|
||||||
pname = "sane-private-change-passwd";
|
pname = "sane-private-change-passwd";
|
||||||
src = ./src;
|
src = ./src;
|
||||||
pkgs = [ "gocryptfs" "rsync" "sane-scripts.private-unlock" ];
|
pkgs = [ "gocryptfs" "rsync" ];
|
||||||
};
|
};
|
||||||
private-do = static-nix-shell.mkBash {
|
private-do = static-nix-shell.mkBash {
|
||||||
pname = "sane-private-do";
|
pname = "sane-private-do";
|
||||||
|
|
|
@ -1,33 +1,40 @@
|
||||||
#!/usr/bin/env nix-shell
|
#!/usr/bin/env nix-shell
|
||||||
#!nix-shell -i bash -p gocryptfs -p rsync -p sane-scripts.private-unlock
|
#!nix-shell -i bash -p gocryptfs -p rsync
|
||||||
|
|
||||||
|
# HOW TO USE
|
||||||
|
# ```sh
|
||||||
|
# $ sudo mkdir /nix/persist/private.new && sudo chown colin:users /nix/persist/private.new
|
||||||
|
# $ sane-private-change-passwd /nix/persist/private.new
|
||||||
|
# this should prompt you to enter a password for the new directory.
|
||||||
|
# now all data in the original /mnt/persist/private has been re-encrypted, into /nix/persist/private.new/cipher
|
||||||
|
# if the data on-disk looks reasonable, continue:
|
||||||
|
# $ sudo mv /nix/persist/private /nix/persist/private.old
|
||||||
|
# $ sudo mv /nix/persist/private.new/cipher /nix/persist/private
|
||||||
|
# $ sudo rmdir /nix/persist/private.new
|
||||||
|
# ```
|
||||||
|
|
||||||
set -ex
|
set -ex
|
||||||
|
|
||||||
new_plain=/home/colin/private-new
|
new_cipher="$1/cipher"
|
||||||
new_cipher="/nix/persist${new_plain}"
|
new_plain="$1/plain"
|
||||||
dest_plain=/home/colin/private
|
old_plain=/mnt/persist/private
|
||||||
dest_cipher="/nix/persist${dest_plain}"
|
old_cipher=/nix/persist/private
|
||||||
|
|
||||||
|
mkdir -p "$new_cipher"
|
||||||
|
mkdir -p "$new_plain"
|
||||||
|
|
||||||
# initialize the new store
|
# initialize the new store
|
||||||
sudo mkdir -p "${new_cipher}" && sudo chown colin:users "${new_cipher}"
|
gocryptfs -init "$new_cipher"
|
||||||
mkdir -p "${new_plain}"
|
|
||||||
gocryptfs -init "${new_cipher}"
|
|
||||||
|
|
||||||
# mount the new and old store
|
# mount the new store. assume the old store is mounted.
|
||||||
gocryptfs "${new_cipher}" "${new_plain}"
|
# if old store ISN'T mounted, then run this entire script inside `sane-private-do`
|
||||||
sane-private-unlock
|
gocryptfs "$new_cipher" "$new_plain"
|
||||||
|
|
||||||
# transfer to the new store
|
# transfer to the new store
|
||||||
rsync -arv /home/colin/private/ "${new_plain}"/
|
rsync -arv "$old_plain/" "$new_plain/"
|
||||||
|
|
||||||
# unmount both stores
|
echo "now spot-check the data on-disk at $new_cipher"
|
||||||
sudo umount "${new_plain}"
|
echo "if it looks good, then:"
|
||||||
sudo umount /home/colin/private
|
echo " - sudo mv $old_cipher $old_cipher.old"
|
||||||
|
echo " - sudo mv $new_cipher $old_cipher"
|
||||||
# swap the stores
|
echo " - sudo rmdir $new_plain && sudo rmdir $new_plain/.."
|
||||||
sudo mv "${dest_cipher}" "${dest_cipher}-old"
|
|
||||||
sudo mv "${new_cipher}" "${dest_cipher}"
|
|
||||||
|
|
||||||
sane-private-unlock
|
|
||||||
|
|
||||||
echo "if things look well, rm ${dest_cipher}-old"
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user