Kyle Isom
26aa202b05
udisks2 connection and device listing errors now suggest checking the service. Device-not-found errors suggest 'arca status' or 'arca init'. Failed cryptsetup token unlock hints at missing FIDO2/TPM2 key. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
arca
A CLI tool for mounting and unmounting LUKS-encrypted volumes. Latin for "strongbox."
arca talks to udisks2 over D-Bus, so no root privileges are required. It handles the unlock-then-mount and unmount-then-lock sequences as single commands.
Usage
arca mount /dev/sda1 # unlock + mount by device path
arca mount backup # unlock + mount by config alias
arca unmount backup # unmount + lock
arca status # show unlocked LUKS volumes
Configuration
Optional. Without a config file, arca works with device paths directly.
~/.config/arca/config.yaml:
devices:
backup:
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
mountpoint: "/mnt/backup" # optional — udisks2 picks if omitted
methods: # optional — default: [passphrase]
- fido2
- passphrase
media:
uuid: "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
methods:
- keyfile
- passphrase
keyfile: "/path/to/media.key"
Aliases let you refer to devices by name and ensure stable identification via UUID regardless of device path changes.
The methods list defines the unlock strategies to try in order. If the
first method fails (e.g., FIDO2 key not present), arca tries the next.
Supported methods: passphrase, keyfile, fido2, tpm2.
Installation
Nix flake
# flake.nix
inputs.arca.url = "git+https://git.wntrmute.dev/kyle/arca";
# in your NixOS config or home packages
environment.systemPackages = [ inputs.arca.packages.${system}.default ];
From source
go install git.wntrmute.dev/kyle/arca@latest
Requirements
- Linux with udisks2 running (standard on most desktop distributions)
- D-Bus session or system bus access