Kyle Isom
c835358829
Go CLI using cobra with mount, unmount, status, and init subcommands. Unlocks via udisks2 D-Bus (passphrase/keyfile) or cryptsetup (FIDO2/TPM2) with ordered method fallback. Includes NixOS-specific LD_LIBRARY_PATH injection for systemd cryptsetup token plugins. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
1.7 KiB
1.7 KiB
arca
A CLI tool for mounting and unmounting LUKS-encrypted volumes. Latin for "strongbox."
arca talks to udisks2 over D-Bus, so no root privileges are required. It handles the unlock-then-mount and unmount-then-lock sequences as single commands.
Usage
arca mount /dev/sda1 # unlock + mount by device path
arca mount backup # unlock + mount by config alias
arca unmount backup # unmount + lock
arca status # show unlocked LUKS volumes
Configuration
Optional. Without a config file, arca works with device paths directly.
~/.config/arca/config.yaml:
devices:
backup:
uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
mountpoint: "/mnt/backup" # optional — udisks2 picks if omitted
methods: # optional — default: [passphrase]
- fido2
- passphrase
media:
uuid: "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
methods:
- keyfile
- passphrase
keyfile: "/path/to/media.key"
Aliases let you refer to devices by name and ensure stable identification via UUID regardless of device path changes.
The methods list defines the unlock strategies to try in order. If the
first method fails (e.g., FIDO2 key not present), arca tries the next.
Supported methods: passphrase, keyfile, fido2, tpm2.
Installation
Nix flake
# flake.nix
inputs.arca.url = "git+https://git.wntrmute.dev/kyle/arca";
# in your NixOS config or home packages
environment.systemPackages = [ inputs.arca.packages.${system}.default ];
From source
go install git.wntrmute.dev/kyle/arca@latest
Requirements
- Linux with udisks2 running (standard on most desktop distributions)
- D-Bus session or system bus access