feat: put impermanence for services next to service definitions

2025-10-11 07:10:39 +02:00 · 2023-12-18 01:01:24 +01:00 · 2023-12-18 01:01:24 +01:00 · 336f648275
commit 336f648275
parent 8f28273b65
13 changed files with 98 additions and 100 deletions
--- a/hosts/ward/guests/adguardhome.nix
+++ b/hosts/ward/guests/adguardhome.nix
@ -34,6 +34,13 @@ in {
    };
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/private/AdGuardHome";
+      mode = "0700";
+    }
+  ];
+
  networking.firewall = {
    allowedTCPPorts = [53];
    allowedUDPPorts = [53];
--- a/hosts/ward/guests/forgejo.nix
+++ b/hosts/ward/guests/forgejo.nix
@ -61,6 +61,15 @@ in {
  # Recommended by forgejo: https://forgejo.org/docs/latest/admin/recommendations/#git-over-ssh
  services.openssh.settings.AcceptEnv = "GIT_PROTOCOL";

+  environment.persistence."/persist".directories = [
+    {
+      directory = config.services.gitea.stateDir;
+      user = "gitea";
+      group = "gitea";
+      mode = "0700";
+    }
+  ];
+
  services.gitea = {
    enable = true;
    package = pkgs.forgejo;
--- a/hosts/ward/guests/grafana.nix
+++ b/hosts/ward/guests/grafana.nix
@ -75,6 +75,15 @@ in {
    };
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = config.services.grafana.dataDir;
+      user = "grafana";
+      group = "grafana";
+      mode = "0700";
+    }
+  ];
+
  services.grafana = {
    enable = true;
    settings = {
--- a/hosts/ward/guests/influxdb.nix
+++ b/hosts/ward/guests/influxdb.nix
@ -68,6 +68,15 @@ in {
    group = "influxdb2";
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/influxdb2";
+      user = "influxdb2";
+      group = "influxdb2";
+      mode = "0700";
+    }
+  ];
+
  services.influxdb2 = {
    enable = true;
    settings = {
--- a/hosts/ward/guests/kanidm.nix
+++ b/hosts/ward/guests/kanidm.nix
@ -80,6 +80,15 @@ in {
    };
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/kanidm";
+      user = "kanidm";
+      group = "kanidm";
+      mode = "0700";
+    }
+  ];
+
  services.kanidm = {
    enableServer = true;
    serverSettings = {
--- a/hosts/ward/guests/loki.nix
+++ b/hosts/ward/guests/loki.nix
@ -52,6 +52,15 @@ in {
    };
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/loki";
+      user = "loki";
+      group = "loki";
+      mode = "0700";
+    }
+  ];
+
  services.loki = let
    lokiDir = "/var/lib/loki";
  in {
--- a/hosts/ward/guests/paperless.nix
+++ b/hosts/ward/guests/paperless.nix
@ -46,6 +46,15 @@ in {
    };
  };

+  # TODO environment.persistence."/persist".directories = [
+  # TODO   {
+  # TODO     directory = "/var/lib/???";
+  # TODO     user = "???";
+  # TODO     group = "???";
+  # TODO     mode = "0700";
+  # TODO   }
+  # TODO ];
+
  services.paperless = {
    enable = true;
    address = "0.0.0.0";
--- a/hosts/ward/guests/vaultwarden.nix
+++ b/hosts/ward/guests/vaultwarden.nix
@ -18,6 +18,15 @@ in {
    group = "vaultwarden";
  };

+  environment.persistence."/persist".directories = [
+    {
+      directory = "/var/lib/vaultwarden";
+      user = "vaultwarden";
+      group = "vaultwarden";
+      mode = "0700";
+    }
+  ];
+
  nodes.sentinel = {
    networking.providedDomains.vaultwarden = vaultwardenDomain;