aaaaa
This commit is contained in:
parent
414e830efa
commit
d3a93fd115
35 changed files with 1832 additions and 228 deletions
|
|
@ -8,45 +8,12 @@
|
|||
let
|
||||
cfg = config.xyno.impermanence;
|
||||
genImpermanenceCfg = cfg: {
|
||||
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/var/log"
|
||||
"/var/lib/systemd/coredump"
|
||||
|
||||
]
|
||||
++ cfg.extraDirectories;
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
|
||||
]
|
||||
++ cfg.extraFiles;
|
||||
directories = cfg.directories;
|
||||
files = cfg.files;
|
||||
users.${config.xyno.system.user.name} = {
|
||||
directories = [
|
||||
"Downloads"
|
||||
"Music"
|
||||
"Pictures"
|
||||
"Documents"
|
||||
"Videos"
|
||||
"docs"
|
||||
"proj"
|
||||
"git"
|
||||
{
|
||||
directory = ".gnupg";
|
||||
mode = "0700";
|
||||
}
|
||||
{
|
||||
directory = ".ssh";
|
||||
mode = "0700";
|
||||
}
|
||||
{
|
||||
directory = ".local/share/keyrings";
|
||||
mode = "0700";
|
||||
}
|
||||
".local/share/direnv"
|
||||
]
|
||||
++ cfg.user.extraDirectories;
|
||||
files = cfg.user.extraFiles;
|
||||
directories = cfg.user.directories;
|
||||
files = cfg.user.files;
|
||||
};
|
||||
};
|
||||
|
||||
|
|
@ -54,43 +21,75 @@ in
|
|||
{
|
||||
options.xyno.impermanence = {
|
||||
enable = lib.mkEnableOption "erase all your darlings (they hate you anyways)";
|
||||
extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
files = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
directories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
user = {
|
||||
extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
files = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
directories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
};
|
||||
# have a seperate impermanence tree for "cache" files that can just be deleted if wanted
|
||||
cache = {
|
||||
extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
files = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
directories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
user = {
|
||||
extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
files = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
directories = lib.mkOption { type = lib.types.listOf lib.types.str; };
|
||||
};
|
||||
|
||||
};
|
||||
};
|
||||
config = lib.mkIf cfg.enable {
|
||||
imports = [
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
xyno.impermanence.files = [
|
||||
"/etc/machine-id" # systemd/zfs unhappy otherwise
|
||||
];
|
||||
xyno.impermanence.cache.extraDirectories = [ "/var/cache" ];
|
||||
xyno.impermanence.cache.user.extraDirectories = [ ".cache" ];
|
||||
xyno.impermanence.directories = [
|
||||
"/var/log"
|
||||
"/var/lib/systemd/coredump"
|
||||
"/etc/ssh" # host keys
|
||||
|
||||
];
|
||||
xyno.impermanence.user.directories = [
|
||||
"Downloads"
|
||||
"Music"
|
||||
"Pictures"
|
||||
"Documents"
|
||||
"Videos"
|
||||
"docs"
|
||||
"proj"
|
||||
"git"
|
||||
{
|
||||
directory = ".gnupg";
|
||||
mode = "0700";
|
||||
}
|
||||
{
|
||||
directory = ".ssh";
|
||||
mode = "0700";
|
||||
}
|
||||
{
|
||||
directory = ".local/share/keyrings";
|
||||
mode = "0700";
|
||||
}
|
||||
".local/share/direnv"
|
||||
|
||||
];
|
||||
xyno.impermanence.cache.directories = [ "/var/cache" ];
|
||||
xyno.impermanence.cache.user.directories = [ ".cache" ];
|
||||
environment.persistence."/persistent" = genImpermanenceCfg cfg;
|
||||
environment.persistence."/persistent/cache" = genImpermanenceCfg cfg.cache;
|
||||
|
||||
# https://github.com/nix-community/impermanence/issues/254#issuecomment-2683859091
|
||||
system.activationScripts."createPersistentStorageDirs".deps = [
|
||||
"var-lib-private-permissions"
|
||||
"users"
|
||||
"groups"
|
||||
];
|
||||
# https://github.com/nix-community/impermanence/issues/254#issuecomment-2683859091
|
||||
system.activationScripts = {
|
||||
"var-lib-private-permissions" = {
|
||||
deps = [ "specialfs" ];
|
||||
text = ''
|
||||
mkdir -p /persistent/var/lib/private
|
||||
mkdir -p /persistent/var/lib/private /persistent/cache
|
||||
chmod 0700 /persistent/var/lib/private
|
||||
touch /persistent/cache/.nobackup
|
||||
'';
|
||||
};
|
||||
};
|
||||
|
|
|
|||
|
|
@ -17,6 +17,7 @@ in
|
|||
config = lib.mkIf cfg.enable {
|
||||
environment.homeBinInPath = true;
|
||||
users.users.${cfg.name} = {
|
||||
openssh.authorizedKeys.keys = ["ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAID/oMAi5jyQsNohfhcSH2ItisTpBGB0WtYTVxJYKKqhj"]; # theseus
|
||||
isNormalUser = true;
|
||||
uid = 1000;
|
||||
extraGroups = [
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue