nixos/modules/tasks/filesystems/ecryptfs.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24

{ config, lib, pkgs, ... }:
# TODO: make ecryptfs work in initramfs?

with lib;

{
  config = mkIf (any (fs: fs == "ecryptfs") config.boot.supportedFilesystems) {
    system.fsPackages = [ pkgs.ecryptfs ];
    security.wrappers = {
      "mount.ecryptfs_private" =
        { setuid = true;
          owner = "root";
          group = "root";
          source = "${pkgs.ecryptfs.out}/bin/mount.ecryptfs_private";
        };
      "umount.ecryptfs_private" =
        { setuid = true;
          owner = "root";
          group = "root";
          source = "${pkgs.ecryptfs.out}/bin/umount.ecryptfs_private";
        };
    };
  };
}