xyno/nix-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
nix-configs/modules/system/impermanence.nix
Lucy Hochkamp d74a131529
Some checks failed
ci/woodpecker/push/build-cache Pipeline failed
Details
meow
2025-11-26 11:11:49 +01:00

101 lines
2.9 KiB
Nix
Raw Blame History

{
pkgs,
lib,
config,
inputs,
...
}:
let
cfg = config.xyno.impermanence;
genImpermanenceCfg = cfg: {
hideMounts = true;
directories = cfg.directories;
files = cfg.files;
users.${config.xyno.system.user.name} = {
directories = cfg.user.directories;
files = cfg.user.files;
};
};
in
{
options.xyno.impermanence = {
enable = lib.mkEnableOption "erase all your darlings (they hate you anyways)";
files = lib.mkOption { type = lib.types.listOf lib.types.str; default = []; };
directories = lib.mkOption { type = lib.types.listOf lib.types.anything; default = [];};
user = {
files = lib.mkOption { type = lib.types.listOf lib.types.str; default = [];};
directories = lib.mkOption { type = lib.types.listOf lib.types.anything; default = [];};
};
# have a seperate impermanence tree for "cache" files that can just be deleted if wanted
cache = {
files = lib.mkOption { type = lib.types.listOf lib.types.str; default = [];};
directories = lib.mkOption { type = lib.types.listOf lib.types.anything; default = [];};
user = {
files = lib.mkOption { type = lib.types.listOf lib.types.str; default = [];};
directories = lib.mkOption { type = lib.types.listOf lib.types.anything; default = [];};
};
};
};
config = lib.mkIf cfg.enable {
users.mutableUsers = false;
xyno.impermanence.files = [
"/etc/machine-id" # systemd/zfs unhappy otherwise
];
xyno.impermanence.directories = [
"/var/log"
"/var/lib/systemd/coredump"
"/etc/ssh" # host keys
"/var/lib/sbctl" # lanzaboote
"/var/lib/nixos"
];
xyno.impermanence.user.directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
"docs"
"proj"
"git"
{
directory = ".gnupg";
mode = "0700";
}
{
directory = ".ssh";
mode = "0700";
}
{
directory = ".local/share/keyrings";
mode = "0700";
}
".local/share/direnv"
];
sops.gnupg.sshKeyPaths = [ "/persistent/etc/ssh/ssh_host_rsa_key" ];
xyno.impermanence.cache.directories = [ "/var/cache" ];
xyno.impermanence.cache.user.directories = [ ".cache" ];
environment.persistence."/persistent" = genImpermanenceCfg cfg;
environment.persistence."/persistent/cache" = genImpermanenceCfg cfg.cache;
# https://github.com/nix-community/impermanence/issues/254#issuecomment-2683859091
system.activationScripts."createPersistentStorageDirs".deps = [
"var-lib-private-permissions"
"users"
"groups"
];
system.activationScripts = {
"var-lib-private-permissions" = {
deps = [ "specialfs" ];
text = ''
mkdir -p /persistent/var/lib/private /persistent/cache
chmod 0700 /persistent/var/lib/private
touch /persistent/cache/.nobackup
'';
};
};
};
}
Reference in a new issue View git blame Copy permalink