nixos/modules/programs/ecryptfs.nix

   1 { config, lib, pkgs, ... }:
   2
   3 with lib;
   4
   5 let
   6   cfg = config.programs.ecryptfs;
   7
   8 in {
   9   options.programs.ecryptfs = {
  10     enable = mkEnableOption (lib.mdDoc "ecryptfs setuid mount wrappers");
  11   };
  12
  13   config = mkIf cfg.enable {
  14     security.wrappers = {
  15
  16       "mount.ecryptfs_private" = {
  17         setuid = true;
  18         owner = "root";
  19         group = "root";
  20         source = "${lib.getBin pkgs.ecryptfs}/bin/mount.ecryptfs_private";
  21       };
  22       "umount.ecryptfs_private" = {
  23         setuid = true;
  24         owner = "root";
  25         group = "root";
  26         source = "${lib.getBin pkgs.ecryptfs}/bin/umount.ecryptfs_private";
  27       };
  28
  29     };
  30   };
  31 }