sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: allow defining impermanence dirs from home manager configs

Browse source
This commit is contained in:
oddlama 2023-09-04 21:23:40 +02:00
parent 0eb6ac95e4
commit 9f2a34d83b
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
5 changed files with 173 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

111
modules/config/impermanence.nix
View file

@ -2,10 +2,87 @@
config, config,
lib, lib,
... ...
}: { }: let
inherit
(lib)
attrNames
flip
isAttrs
mapAttrs
mkMerge
mkOption
optionals
types
;
in {
# Give agenix access to the hostkey independent of impermanence activation # Give agenix access to the hostkey independent of impermanence activation
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
# Expose a home manager module for each user that allows extending
# environment.persistence.${sourceDir}.users.${userName} simply by
# specifying home.persistence.${sourceDir} in home manager.
home-manager.sharedModules = [
{
options.home.persistence = mkOption {
description = "Additional persistence config for the given source path";
default = {};
type = types.attrsOf (types.submodule {
options = {
files = mkOption {
description = "Additional files to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [];
};
directories = mkOption {
description = "Additional directories to persist via NixOS impermanence.";
type = types.listOf (types.either types.attrs types.str);
default = [];
};
};
});
};
}
];
# For each user that has a home-manager config, merge the locally defined
# persistence options that we defined above.
imports = let
mkUserFiles = map (x:
{mode = "600";}
// (
if isAttrs x
then x
else {file = x;}
));
mkUserDirs = map (x:
{mode = "700";}
// (
if isAttrs x
then x
else {directory = x;}
));
in [
{
environment.persistence = mkMerge (
flip map
(attrNames config.home-manager.users)
(
user: let
hmUserCfg = config.home-manager.users.${user};
in
flip mapAttrs hmUserCfg.home.persistence
(_: sourceCfg: {
users.${user} = {
files = mkUserFiles sourceCfg.files;
directories = mkUserDirs sourceCfg.directories;
};
})
)
);
}
];
# State that should be kept across reboots, but is otherwise # State that should be kept across reboots, but is otherwise
# NOT important information in any way that needs to be backed up. # NOT important information in any way that needs to be backed up.
fileSystems."/state".neededForBoot = true; fileSystems."/state".neededForBoot = true;
@ -34,7 +111,7 @@
mode = "0755"; mode = "0755";
} }
] ]
++ lib.optionals config.networking.wireless.iwd.enable [ ++ optionals config.networking.wireless.iwd.enable [
{ {
directory = "/var/lib/iwd"; directory = "/var/lib/iwd";
user = "root"; user = "root";
@ -62,7 +139,7 @@
mode = "0755"; mode = "0755";
} }
] ]
++ lib.optionals config.security.acme.acceptTerms [ ++ optionals config.security.acme.acceptTerms [
{ {
directory = "/var/lib/acme"; directory = "/var/lib/acme";
user = "acme"; user = "acme";
@ -70,7 +147,7 @@
mode = "0755"; mode = "0755";
} }
] ]
++ lib.optionals config.services.printing.enable [ ++ optionals config.services.printing.enable [
{ {
directory = "/var/lib/cups"; directory = "/var/lib/cups";
user = "root"; user = "root";
@ -78,7 +155,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.fail2ban.enable [ ++ optionals config.services.fail2ban.enable [
{ {
directory = "/var/lib/fail2ban"; directory = "/var/lib/fail2ban";
user = "fail2ban"; user = "fail2ban";
@ -86,7 +163,7 @@
mode = "0750"; mode = "0750";
} }
] ]
++ lib.optionals config.services.postgresql.enable [ ++ optionals config.services.postgresql.enable [
{ {
directory = "/var/lib/postgresql"; directory = "/var/lib/postgresql";
user = "postgres"; user = "postgres";
@ -94,7 +171,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.gitea.enable [ ++ optionals config.services.gitea.enable [
{ {
directory = config.services.gitea.stateDir; directory = config.services.gitea.stateDir;
user = "gitea"; user = "gitea";
@ -102,7 +179,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.caddy.enable [ ++ optionals config.services.caddy.enable [
{ {
directory = config.services.caddy.dataDir; directory = config.services.caddy.dataDir;
user = "caddy"; user = "caddy";
@ -110,7 +187,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.loki.enable [ ++ optionals config.services.loki.enable [
{ {
directory = "/var/lib/loki"; directory = "/var/lib/loki";
user = "loki"; user = "loki";
@ -118,7 +195,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.grafana.enable [ ++ optionals config.services.grafana.enable [
{ {
directory = config.services.grafana.dataDir; directory = config.services.grafana.dataDir;
user = "grafana"; user = "grafana";
@ -126,7 +203,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.kanidm.enableServer [ ++ optionals config.services.kanidm.enableServer [
{ {
directory = "/var/lib/kanidm"; directory = "/var/lib/kanidm";
user = "kanidm"; user = "kanidm";
@ -134,7 +211,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.vaultwarden.enable [ ++ optionals config.services.vaultwarden.enable [
{ {
directory = "/var/lib/vaultwarden"; directory = "/var/lib/vaultwarden";
user = "vaultwarden"; user = "vaultwarden";
@ -142,7 +219,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.influxdb2.enable [ ++ optionals config.services.influxdb2.enable [
{ {
directory = "/var/lib/influxdb2"; directory = "/var/lib/influxdb2";
user = "influxdb2"; user = "influxdb2";
@ -150,7 +227,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.telegraf.enable [ ++ optionals config.services.telegraf.enable [
{ {
directory = "/var/lib/telegraf"; directory = "/var/lib/telegraf";
user = "telegraf"; user = "telegraf";
@ -158,7 +235,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.adguardhome.enable [ ++ optionals config.services.adguardhome.enable [
{ {
directory = "/var/lib/private/AdGuardHome"; directory = "/var/lib/private/AdGuardHome";
user = "root"; user = "root";
@ -166,7 +243,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.esphome.enable [ ++ optionals config.services.esphome.enable [
{ {
directory = "/var/lib/private/esphome"; directory = "/var/lib/private/esphome";
user = "root"; user = "root";
@ -174,7 +251,7 @@
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.home-assistant.enable [ ++ optionals config.services.home-assistant.enable [
{ {
directory = config.services.home-assistant.configDir; directory = config.services.home-assistant.configDir;
user = "hass"; user = "hass";

1
users/common/default.nix
View file

@ -4,6 +4,7 @@
./git.nix ./git.nix
./htop.nix ./htop.nix
./impermanence.nix
./neovim.nix ./neovim.nix
./shell ./shell
./utils.nix ./utils.nix

52
users/common/impermanence.nix Normal file
View file

@ -0,0 +1,52 @@
{
config,
nixosConfig,
...
}: {
home.persistence."/state".files =
[
# nothing yet ...
]
++ optionals config.programs.ssh.enable [
".ssh/known_hosts"
];
home.persistence."/state".directories =
[
".cache/fontconfig"
".cache/nix" # nix eval cache
".cache/nix-index"
]
++ optionals config.programs.firefox.enable [
".cache/mozilla"
]
++ optionals config.programs.direnv.enable [
".local/share/direnv"
]
++ optionals config.programs.neovim.enable [
".local/share/nvim"
".local/state/nvim"
".cache/nvim"
]
++ optionals nixosConfig.hardware.nvidia.enable [
".cache/nvidia" # GLCache
]
++ optionals nixosConfig.services.pipewire.enable [
".local/state/wireplumber"
];
home.persistence."/persist".directories =
[
".local/share/nix" # Repl history
]
++ optionals config.programs.firefox.enable [
".mozilla"
]
++ optionals config.programs.atuin.enable [
".local/share/atuin"
]
++ optionals nixosConfig.programs.steam.enable [
".local/share/Steam"
".steam"
];
}

33
users/myuser/default.nix
View file

@ -1,14 +1,9 @@
{ {
config, config,
lib,
pkgs, pkgs,
... ...
}: let }: let
myuser = config.repo.secrets.global.myuser.name; myuser = config.repo.secrets.global.myuser.name;
mkUserDirs = map (directory: {
inherit directory;
mode = "700";
});
in { in {
users.groups.${myuser}.gid = config.users.users.${myuser}.uid; users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
users.users.${myuser} = { users.users.${myuser} = {
@ -25,40 +20,12 @@ in {
# Needed for gtk # Needed for gtk
programs.dconf.enable = true; programs.dconf.enable = true;
# TODO age.secrets = mapAttrs user.hmConfig.cfg.age.secrets users
age.secrets.my-gpg-pubkey-yubikey = { age.secrets.my-gpg-pubkey-yubikey = {
rekeyFile = ./yubikey.gpg.age; rekeyFile = ./yubikey.gpg.age;
group = myuser; group = myuser;
mode = "640"; mode = "640";
}; };
# TODO numlock default on in sway and kernel console
# TODO make dataset for safe/persist/ and automount it
# TODO modularized based on hmConfig
environment.persistence."/state".users.${myuser}.directories = mkUserDirs [
".cache/fontconfig"
".cache/mozilla"
".cache/nix" # nix eval cache
".cache/nix-index"
".cache/nvidia" # GLCache
".cache/nvim"
".local/share/nvim"
".local/state/direnv"
".local/state/nix"
".local/state/nvim"
".local/state/wireplumber"
"Downloads"
];
environment.persistence."/persist".users.${myuser}.directories = mkUserDirs [
".mozilla"
".config/discord" # Bad Discord! BAD! Saves state in ,config tststs
".config/Signal" # L take, electron.
".local/share/atuin"
".local/share/nix" # Repl history
"projects"
];
home-manager.users.${myuser} = { home-manager.users.${myuser} = {
imports = [ imports = [
../common ../common

40
users/myuser/graphical/default.nix
View file

@ -4,21 +4,33 @@
./sway.nix ./sway.nix
]; ];
home.packages = with pkgs; [ home = {
discord packages = with pkgs; [
firefox discord
thunderbird firefox
signal-desktop thunderbird
chromium signal-desktop
zathura chromium
feh zathura
]; feh
];
# TODO VP9 hardware video decoding blocklisted # TODO VP9 hardware video decoding blocklisted
# TODO gpg switch to sk # TODO gpg switch to sk
home.shellAliases = { shellAliases = {
p = "cd ~/projects"; p = "cd ~/projects";
zf = "zathura --fork"; zf = "zathura --fork";
};
persistence."/persist".directories = [
".config/discord" # Bad Discord! BAD! Saves its state in .config tststs
".config/Signal" # L take, electron.
"projects"
];
persistence."/state".directories = [
"Downloads"
];
}; };
} }