mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

refactor: split "real" modules and "config" modules

Browse source
This commit is contained in:
oddlama 2024-05-25 17:56:30 +02:00
parent 045f15239a
commit cceae6c63c
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
60 changed files with 126 additions and 113 deletions
Download patch file Download diff file Expand all files Collapse all files

145
config/impermanence.nix Normal file
View file

@ -0,0 +1,145 @@
{
config,
lib,
...
}: let
inherit
(lib)
attrNames
flip
isAttrs
mapAttrs
mkMerge
mkOption
optionals
types
;
in {
# Give agenix access to the hostkey independent of impermanence activation
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
# Expose a home manager module for each user that allows extending
# environment.persistence.${sourceDir}.users.${userName} simply by
# specifying home.persistence.${sourceDir} in home manager.
home-manager.sharedModules = [
{
options.home.persistence = mkOption {
description = "Additional persistence config for the given source path";
default = {};
type = types.attrsOf (types.submodule {
options = {
files = mkOption {
description = "Additional files to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [];
};
directories = mkOption {
description = "Additional directories to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [];
};
};
});
};
}
];
# For each user that has a home-manager config, merge the locally defined
# persistence options that we defined above.
imports = let
mkUserFiles = map (x:
{parentDirectory.mode = "700";}
// (
if isAttrs x
then x
else {file = x;}
));
mkUserDirs = map (x:
{mode = "700";}
// (
if isAttrs x
then x
else {directory = x;}
));
in [
{
environment.persistence = mkMerge (
flip map
(attrNames config.home-manager.users)
(
user: let
hmUserCfg = config.home-manager.users.${user};
in
flip mapAttrs hmUserCfg.home.persistence
(_: sourceCfg: {
users.${user} = {
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};
})
)
);
}
];
# State that should be kept across reboots, but is otherwise
# NOT important information in any way that needs to be backed up.
fileSystems."/state".neededForBoot = true;
environment.persistence."/state" = {
hideMounts = true;
directories =
[
"/var/lib/systemd"
"/var/log"
"/var/spool"
#{ directory = "/tmp"; mode = "1777"; }
#{ directory = "/var/tmp"; mode = "1777"; }
]
++ optionals config.networking.wireless.iwd.enable [
{
directory = "/var/lib/iwd";
mode = "0700";
}
];
};
# State that should be kept forever, and backed up accordingly.
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
hideMounts = true;
files = [
# For ephemeral nixos-containers we cannot link the /etc/machine-id file,
# because it will be generated based on a stable container uuid.
(lib.mkIf (!config.boot.isContainer) "/etc/machine-id")
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
directories =
[
"/var/lib/nixos"
]
++ optionals config.security.acme.acceptTerms [
{
directory = "/var/lib/acme";
user = "acme";
group = "acme";
mode = "0755";
}
]
++ optionals config.services.printing.enable [
{
directory = "/var/lib/cups";
mode = "0700";
}
]
++ optionals config.services.postgresql.enable [
{
directory = "/var/lib/postgresql";
user = "postgres";
group = "postgres";
mode = "0700";
}
];
};
}