mirrors_public/oddlama_nix-config
1
1
Fork 1
mirror of https://github.com/oddlama/nix-config.git synced 2025-10-10 23:00:39 +02:00
Code Activity

chore: only add agenix-rekey and nix-import-encrypted persistent folders to dev machines

Browse source
This commit is contained in:
oddlama 2023-10-02 20:07:27 +02:00
parent 2710a1be16
commit e33476a7f5
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
2 changed files with 9 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

7
modules/config/impermanence.nix
View file

@ -90,16 +90,11 @@ in {
hideMounts = true;
directories =
[
{
directory = "/var/tmp/agenix-rekey";
mode = "1777";
}
"/var/tmp/nix-import-encrypted" # Decrypted repo-secrets can be kept
"/var/lib/systemd"
"/var/log"
"/var/spool"
#{ directory = "/tmp"; mode = "1777"; }
#{ directory = "/var/tmp"; mode = "1777"; }
"/var/spool"
]
++ optionals config.networking.wireless.iwd.enable [
{

8
modules/optional/dev/default.nix
View file

@ -18,6 +18,14 @@ lib.optionalAttrs (!minimal) {
# Add the agenix-rekey sandbox path permanently to avoid adding myself to trusted-users
nix.settings.extra-sandbox-paths = ["/var/tmp/agenix-rekey"];
environment.persistence."/state".directories = [
{
directory = "/var/tmp/agenix-rekey";
mode = "1777";
}
"/var/tmp/nix-import-encrypted" # Decrypted repo-secrets can be kept
];
services.nixseparatedebuginfod = {
enable = true;
# We need a system-level user to be able to use nix.settings.allowed-users with it.