Lithospherical/nix-config
1
0
Fork 0
forked from jan-leila/nix-config
Code Pull requests Activity

made impermanence config work slightly better

Browse source
This commit is contained in:
Leyla Becker 2024-12-25 18:21:10 -06:00
parent 2d5e37b1eb
commit 48dc0b1150
8 changed files with 66 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

1
modules/home-manager-modules/default.nix
View file

@ -4,5 +4,6 @@
./flipperzero.nix
./i18n.nix
./openssh.nix
./impermanence.nix
];
}

10
modules/home-manager-modules/impermanence.nix Normal file
View file

@ -0,0 +1,10 @@
{config, ...}: {
home.persistence."/persistent/home/${config.home.username}" = {
directories = [
".ssh"
"desktop"
"downloads"
"documents"
];
};
}

16
modules/nixos-modules/impermanence.nix
View file

@ -26,12 +26,13 @@
];
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
1 '';
zfs rollback -r rpool/local/system/root@blank
'';
fileSystems = {
"/".neededForBoot = true;
"/persist/system/root".neededForBoot = true;
"/persist/system/var/log".neededForBoot = true;
};
host.storage.pool.extraDatasets = {
@ -81,13 +82,18 @@
};
};
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
];
};
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
"/etc/ssh"
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"

10
modules/nixos-modules/server/network_storage/default.nix
View file

@ -21,7 +21,7 @@ in {
type = lib.types.listOf (lib.types.submodule ({config, ...}: {
options = {
folder = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
description = "what is the name of this export directory";
};
bind = lib.mkOption {
@ -30,12 +30,12 @@ in {
default = null;
};
user = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
description = "what user owns this directory";
default = "nouser";
};
group = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
description = "what group owns this directory";
default = "nogroup";
};
@ -57,11 +57,11 @@ in {
# create any folders that we need to have for our exports
systemd.tmpfiles.rules =
[
"d ${config.host.network_storage.export_directory} 2775 root root -"
"d ${config.host.network_storage.export_directory} 2770 root root -"
]
++ (
builtins.map (
directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}"
directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}"
)
config.host.network_storage.directories
);

4
modules/nixos-modules/server/reverse_proxy.nix
View file

@ -6,7 +6,7 @@
options.host.reverse_proxy = {
enable = lib.mkEnableOption "turn on the reverse proxy";
hostname = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
description = "what host name are we going to be proxying from";
};
forceSSL = lib.mkOption {
@ -23,7 +23,7 @@
type = lib.types.attrsOf (lib.types.submodule ({...}: {
options = {
target = lib.mkOption {
type = lib.types.string;
type = lib.types.str;
description = "where should this host point to";
};
websockets = lib.mkEnableOption "should websockets be proxied";

37
modules/nixos-modules/ssh.nix
View file

@ -1,13 +1,28 @@
{...}: {
services = {
openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
UseDns = true;
X11Forwarding = false;
{
lib,
config,
...
}: {
config = lib.mkMerge [
{
services = {
openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
UseDns = true;
X11Forwarding = false;
};
};
};
};
};
}
(lib.mkIf config.host.impermanence.enable {
environment.persistence."/persist/system/root" = {
directories = [
"/etc/ssh"
];
};
})
];
}

9
modules/nixos-modules/users.nix
View file

@ -272,6 +272,15 @@ in {
normalUsers
)
)
(
builtins.listToAttrs (
builtins.map (user:
lib.attrsets.nameValuePair "/home/${user.name}" {
neededForBoot = true;
})
normalUsers
)
)
];
environment.persistence."/persist/system/root" = {