arca/README.md

# arca

A CLI tool for mounting and unmounting LUKS-encrypted volumes. Latin for
"strongbox."

arca talks to udisks2 over D-Bus, so no root privileges are required. It
handles the unlock-then-mount and unmount-then-lock sequences as single
commands.

## Usage

```
arca mount /dev/sda1          # unlock + mount by device path
arca mount backup              # unlock + mount by config alias
arca unmount backup            # unmount + lock
arca status                    # show unlocked LUKS volumes
```

## Configuration

Optional. Without a config file, arca works with device paths directly.

`~/.config/arca/config.yaml`:

```yaml
devices:
  backup:
    uuid: "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
    mountpoint: "/mnt/backup"  # optional — udisks2 picks if omitted
    methods:                   # optional — default: [passphrase]
      - fido2
      - passphrase
  media:
    uuid: "yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy"
    methods:
      - keyfile
      - passphrase
    keyfile: "/path/to/media.key"
```

Aliases let you refer to devices by name and ensure stable identification
via UUID regardless of device path changes.

The `methods` list defines the unlock strategies to try in order. If the
first method fails (e.g., FIDO2 key not present), arca tries the next.
Supported methods: `passphrase`, `keyfile`, `fido2`, `tpm2`.

## Installation

### Nix flake

```nix
# flake.nix
inputs.arca.url = "git+https://git.wntrmute.dev/kyle/arca";

# in your NixOS config or home packages
environment.systemPackages = [ inputs.arca.packages.${system}.default ];
```

### From source

```
go install git.wntrmute.dev/kyle/arca@latest
```

## Requirements

- Linux with udisks2 running (standard on most desktop distributions)
- D-Bus session or system bus access