[Nix-dev] autofs and sshfs / sane idea?

[Marc Weber]

Probably you all have seen that NixOS supports autofs.
autofs mounts a filesystem when you access /auto/dir and umounts it
automatically for you.

You can also use fuse mounts such as sshfs.
I googled a bit and all I could find was "use keys without passphrase".
No way!. 

Instead I wrote this sshfs wrapper script:

  #!/bin/sh
  . ~marc/.keychain/nixos-sh &> /dev/null
  # add SSH and SSHFS in PATH:
  export PATH=/var/run/current-system/sw/bin:~marc/.nix-profile/bin
  exec sshfs "$@"

where nixos-sh contains ssh-agent output you set by eval `ssh-agent`
So this is much more secure and exactly what I'm looking for.

However writing this wrapper script is a bit work and I'd like to commit
it to nixos. Using a  .keychain/name-sh file which is written bey
keychain is not an option then. But hey, we're root, aren't we?
So can't we just pgrep for ssh-agents and try them all ?
It shouldn't be too hard to find the socket file either..

Eg lsof does provide all information:

  # lsof | grep /tmp/ssh- | grep agent.                                                                                                                                                  
  ssh-agent  3814       marc    3u     unix 0xffff8801ec1d5100        0t0      15440 /tmp/ssh-oIzuho3813/agent.3813

  3814 is the bid and agent.3813 is the socket file.
        
Is it insane providing such a helper script?

Then you can configure fast access to many ssh locations:

        autoMaster = a:
        let
          map = pkgs.writeText "auto" ''
           linmarc -fstype=fuse,rw,nodev,nonempty,noatime,allow_other,max_read=65536,uid=1008,gid=100 :${a.sshfs}\#marc at lin\:
          '';
        in ''
          /auto file:${map}
        '';

  where a.sshfs is the script iterating over all ssh-agents. Usually you
  have only one running anyway, don't you?

Marc Weber