jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: fixed merge incompatibilities

Browse source
This commit is contained in:
Leyla Becker 2026-03-07 12:03:09 -06:00
parent fa0adaa511
commit 1145703cfe
9 changed files with 259 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configurations/home-manager/eve/packages.nix
View file

@ -60,7 +60,7 @@ in {
bitwarden.enable = true; bitwarden.enable = true;
discord.enable = true; discord.enable = true;
makemkv.enable = true; makemkv.enable = true;
signal-desktop-bin.enable = true; signal-desktop.enable = true;
steam.enable = true; steam.enable = true;
piper.enable = hardware.piperMouse.enable; piper.enable = hardware.piperMouse.enable;
krita.enable = true; krita.enable = true;

2
configurations/home-manager/leyla/packages/default.nix
View file

@ -50,7 +50,7 @@ in {
android-studio.enable = true; android-studio.enable = true;
makemkv.enable = true; makemkv.enable = true;
discord.enable = true; discord.enable = true;
signal-desktop-bin.enable = true; signal-desktop.enable = true;
calibre.enable = true; calibre.enable = true;
obsidian.enable = true; obsidian.enable = true;
jetbrains.idea-oss.enable = true; jetbrains.idea-oss.enable = true;

1
configurations/nixos/defiant/configuration.nix
View file

@ -67,7 +67,6 @@
}; };
storage = { storage = {
generateBase = false;
zfs = { zfs = {
enable = true; enable = true;
notifications = { notifications = {

97
configurations/nixos/defiant/legacy-impermanence.nix
View file

@ -1,19 +1,32 @@
# Legacy impermanence module for defiant # Legacy impermanence module for defiant
# This module contains all the impermanence configurations that were previously # See legacy-storage.nix for the full incremental migration plan.
# handled by individual service modules on the main branch. It allows us to
# merge the storage-refactor branch into main while keeping current functionality,
# and then migrate services one at a time to the new automated impermanence system.
# #
# To migrate a service to the new system: # This file is consumed in two phases:
# 1. Remove the service's configuration from this file #
# 2. Set `impermanence.enable = true` for that service in configuration.nix # Phase 3 (after generateBase is enabled):
# 3. Remove `impermanence.enable = false` from the service configuration # Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be
# handled automatically by storage.nix, ssh.nix, and the impermanence module:
# - var-lib-private-permissions activation script
# - /etc/machine-id
# - SSH host keys
# - /var/lib/nixos
# - /var/lib/systemd/coredump
# - /persist/system/var/log persistence block
#
# Phase 4 (migrate services one at a time, any order):
# For each service:
# 1. Remove the service's section marked [PHASE 4] from this file
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# For jellyfin/qbittorrent, also remove the separate media persistence blocks.
#
# Phase 5: Delete this file once empty.
{ {
config, config,
lib, lib,
... ...
}: { }: {
config = lib.mkIf config.storage.impermanence.enable { config = lib.mkIf config.storage.impermanence.enable {
# [PHASE 3] Remove this activation script after enabling generateBase
system.activationScripts = { system.activationScripts = {
"var-lib-private-permissions" = { "var-lib-private-permissions" = {
deps = ["specialfs"]; deps = ["specialfs"];
@ -27,8 +40,28 @@
environment.persistence."/persist/system/root" = { environment.persistence."/persist/system/root" = {
enable = true; enable = true;
hideMounts = true; hideMounts = true;
# [PHASE 3] Remove this files block after enabling generateBase
files = lib.mkMerge [
["/etc/machine-id"]
# SSH host keys
(lib.mkIf config.services.openssh.enable (
lib.lists.flatten (
builtins.map (hostKey: [
hostKey.path
"${hostKey.path}.pub"
])
config.services.openssh.hostKeys
)
))
];
directories = lib.mkMerge [ directories = lib.mkMerge [
# PostgreSQL # [PHASE 3] Remove these system directories after enabling generateBase
[
"/var/lib/nixos"
"/var/lib/systemd/coredump"
]
# [PHASE 4] PostgreSQL
(lib.mkIf config.services.postgresql.enable [ (lib.mkIf config.services.postgresql.enable [
{ {
directory = "/var/lib/postgresql/16"; directory = "/var/lib/postgresql/16";
@ -37,7 +70,7 @@
} }
]) ])
# Reverse Proxy (ACME) # [PHASE 4] Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [ (lib.mkIf config.services.reverseProxy.enable [
{ {
directory = "/var/lib/acme"; directory = "/var/lib/acme";
@ -46,7 +79,7 @@
} }
]) ])
# Ollama # [PHASE 4] Ollama
(lib.mkIf config.services.ollama.enable [ (lib.mkIf config.services.ollama.enable [
{ {
directory = "/var/lib/private/ollama"; directory = "/var/lib/private/ollama";
@ -56,7 +89,7 @@
} }
]) ])
# Tailscale # [PHASE 4] Tailscale
(lib.mkIf config.services.tailscale.enable [ (lib.mkIf config.services.tailscale.enable [
{ {
directory = "/var/lib/tailscale"; directory = "/var/lib/tailscale";
@ -65,7 +98,7 @@
} }
]) ])
# Syncthing # [PHASE 4] Syncthing
(lib.mkIf config.services.syncthing.enable [ (lib.mkIf config.services.syncthing.enable [
{ {
directory = "/mnt/sync"; directory = "/mnt/sync";
@ -79,7 +112,7 @@
} }
]) ])
# Fail2ban # [PHASE 4] Fail2ban
(lib.mkIf config.services.fail2ban.enable [ (lib.mkIf config.services.fail2ban.enable [
{ {
directory = "/var/lib/fail2ban"; directory = "/var/lib/fail2ban";
@ -88,7 +121,7 @@
} }
]) ])
# Jellyfin (data/cache only - media is on separate dataset) # [PHASE 4] Jellyfin (data/cache only - media is on separate dataset)
(lib.mkIf config.services.jellyfin.enable [ (lib.mkIf config.services.jellyfin.enable [
{ {
directory = "/var/lib/jellyfin"; directory = "/var/lib/jellyfin";
@ -102,7 +135,7 @@
} }
]) ])
# Immich # [PHASE 4] Immich
(lib.mkIf config.services.immich.enable [ (lib.mkIf config.services.immich.enable [
{ {
directory = "/var/lib/immich"; directory = "/var/lib/immich";
@ -111,7 +144,7 @@
} }
]) ])
# Forgejo # [PHASE 4] Forgejo
(lib.mkIf config.services.forgejo.enable [ (lib.mkIf config.services.forgejo.enable [
{ {
directory = "/var/lib/forgejo"; directory = "/var/lib/forgejo";
@ -120,7 +153,7 @@
} }
]) ])
# Actual # [PHASE 4] Actual
(lib.mkIf config.services.actual.enable [ (lib.mkIf config.services.actual.enable [
{ {
directory = "/var/lib/private/actual"; directory = "/var/lib/private/actual";
@ -129,7 +162,7 @@
} }
]) ])
# Home Assistant # [PHASE 4] Home Assistant
(lib.mkIf config.services.home-assistant.enable [ (lib.mkIf config.services.home-assistant.enable [
{ {
directory = "/var/lib/hass"; directory = "/var/lib/hass";
@ -138,7 +171,7 @@
} }
]) ])
# Paperless # [PHASE 4] Paperless
(lib.mkIf config.services.paperless.enable [ (lib.mkIf config.services.paperless.enable [
{ {
directory = "/var/lib/paperless"; directory = "/var/lib/paperless";
@ -147,7 +180,7 @@
} }
]) ])
# Crab-hole # [PHASE 4] Crab-hole
(lib.mkIf config.services.crab-hole.enable [ (lib.mkIf config.services.crab-hole.enable [
{ {
directory = "/var/lib/private/crab-hole"; directory = "/var/lib/private/crab-hole";
@ -156,7 +189,7 @@
} }
]) ])
# qBittorrent (config only - media is on separate dataset) # [PHASE 4] qBittorrent (config only - media is on separate dataset)
(lib.mkIf config.services.qbittorrent.enable [ (lib.mkIf config.services.qbittorrent.enable [
{ {
directory = "/var/lib/qBittorrent/"; directory = "/var/lib/qBittorrent/";
@ -165,7 +198,7 @@
} }
]) ])
# Sonarr # [PHASE 4] Sonarr
(lib.mkIf config.services.sonarr.enable [ (lib.mkIf config.services.sonarr.enable [
{ {
directory = "/var/lib/sonarr/.config/NzbDrone"; directory = "/var/lib/sonarr/.config/NzbDrone";
@ -174,7 +207,7 @@
} }
]) ])
# Radarr # [PHASE 4] Radarr
(lib.mkIf config.services.radarr.enable [ (lib.mkIf config.services.radarr.enable [
{ {
directory = "/var/lib/radarr/.config/Radarr"; directory = "/var/lib/radarr/.config/Radarr";
@ -183,7 +216,7 @@
} }
]) ])
# Bazarr # [PHASE 4] Bazarr
(lib.mkIf config.services.bazarr.enable [ (lib.mkIf config.services.bazarr.enable [
{ {
directory = "/var/lib/bazarr"; directory = "/var/lib/bazarr";
@ -192,7 +225,7 @@
} }
]) ])
# Lidarr # [PHASE 4] Lidarr
(lib.mkIf config.services.lidarr.enable [ (lib.mkIf config.services.lidarr.enable [
{ {
directory = "/var/lib/lidarr/.config/Lidarr"; directory = "/var/lib/lidarr/.config/Lidarr";
@ -201,7 +234,7 @@
} }
]) ])
# Jackett # [PHASE 4] Jackett
(lib.mkIf config.services.jackett.enable [ (lib.mkIf config.services.jackett.enable [
{ {
directory = "/var/lib/jackett/.config/Jackett"; directory = "/var/lib/jackett/.config/Jackett";
@ -210,7 +243,7 @@
} }
]) ])
# FlareSolverr # [PHASE 4] FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [ (lib.mkIf config.services.flaresolverr.enable [
{ {
directory = "/var/lib/flaresolverr"; directory = "/var/lib/flaresolverr";
@ -221,7 +254,8 @@
]; ];
}; };
# Jellyfin media on separate dataset (matching main) # [PHASE 4 - LAST] Jellyfin media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable {
enable = true; enable = true;
hideMounts = true; hideMounts = true;
@ -235,7 +269,8 @@
]; ];
}; };
# qBittorrent media on separate dataset (matching main) # [PHASE 4 - LAST] qBittorrent media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable {
enable = true; enable = true;
hideMounts = true; hideMounts = true;
@ -249,7 +284,7 @@
]; ];
}; };
# /var/log persistence (matching main) # [PHASE 3] /var/log persistence - handled by storage.nix after generateBase
environment.persistence."/persist/system/var/log" = { environment.persistence."/persist/system/var/log" = {
enable = true; enable = true;
hideMounts = true; hideMounts = true;

147
configurations/nixos/defiant/legacy-storage.nix
View file

@ -1,20 +1,131 @@
# Legacy storage configuration for defiant # Legacy storage configuration for defiant
# This file manually defines ZFS datasets matching the main branch structure # This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module. # to allow incremental migration to the new storage module (generateBase = true).
# #
# Datasets from main branch: # ============================================================================
# - local/ - ephemeral parent # INCREMENTAL MIGRATION PLAN
# - local/home/leyla - ephemeral user home # ============================================================================
# - local/system/nix - nix store #
# - local/system/root - root filesystem (rolled back on boot) # Current disk usage (for reference):
# - local/system/sops - sops age key # rpool/local/system/nix ~26G (renamed in place, no copy)
# - persist/ - persistent parent # rpool/local/system/sops ~328K (renamed in place, no copy)
# - persist/home/leyla - persistent user home # rpool/persist/system/jellyfin ~32T (renamed in place, no copy)
# - persist/system/jellyfin - jellyfin media # rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp)
# - persist/system/qbittorrent - qbittorrent media # rpool free space ~30T
# - persist/system/root - persistent root data #
# - persist/system/var/log - log persistence # Phase 1: Migrate base datasets on disk (boot from live USB or rescue)
# All operations in this phase are instant renames -- no data is copied.
#
# Unlock the pool:
# zfs load-key -a
#
# Step 1a: Move nix and sops out of local/ (they go to persist/local/)
# The -p flag auto-creates the parent datasets.
#
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops
#
# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it)
# zfs rename rpool/local rpool/ephemeral
# # This moves: local/system/root -> ephemeral/system/root
# # local/home/leyla -> ephemeral/home/leyla
#
# Step 1c: Recreate blank snapshots on ephemeral datasets
# zfs destroy rpool/ephemeral/system/root@blank
# zfs snapshot rpool/ephemeral/system/root@blank
# zfs destroy rpool/ephemeral/home/leyla@blank
# zfs snapshot rpool/ephemeral/home/leyla@blank
#
# Step 1d: Move persist/ children under persist/replicate/
# zfs create -o canmount=off rpool/persist/replicate
# zfs create -o canmount=off rpool/persist/replicate/system
# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root
# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var
# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home
# # Clean up the now-empty home parent
# zfs destroy rpool/persist/home
# # NOTE: Do NOT destroy rpool/persist/system -- it still contains
# # persist/system/jellyfin and persist/system/qbittorrent which are
# # migrated in Phase 2.
#
# Verify the new layout:
# zfs list -r rpool -o name,used,mountpoint
#
# Phase 2: Merge media into a single dataset (do this last)
# Strategy: Rename the jellyfin dataset to become the shared media dataset
# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy).
# This avoids duplicating the 32T jellyfin dataset.
#
# Step 2a: Rename jellyfin dataset to the shared media name
# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media
#
# Step 2b: Copy qbittorrent data into the media dataset
# This copies ~6.5T and may take several hours/days depending on disk speed.
# The qbittorrent data is not critical to back up so no snapshot needed.
#
# systemctl stop qbittorrent
# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/
#
# Step 2c: Verify the data and clean up
# ls -la /persist/replicate/system/media/
# zfs destroy rpool/persist/system/qbittorrent
# # persist/system should now be empty, clean it up:
# zfs destroy rpool/persist/system
#
# Phase 3: Enable generateBase
# In the nix config:
# - Delete this file (legacy-storage.nix) and remove its import from default.nix
# - Remove [PHASE 3] entries from legacy-impermanence.nix:
# - var-lib-private-permissions activation script
# - /etc/machine-id, SSH host keys (files block)
# - /var/lib/nixos, /var/lib/systemd/coredump (directories)
# - /persist/system/var/log persistence block
# These are now handled automatically by storage.nix and ssh.nix.
# Rebuild and verify:
# sudo nixos-rebuild switch --flake .#defiant
# # Verify mounts: findmnt -t fuse.bindfs,fuse
# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos
# # Verify boot: reboot and confirm system comes up cleanly
#
# Phase 4: Migrate services (one at a time, any order)
# For each service (except jellyfin/qbittorrent):
# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 4. Verify: systemctl status <service>, check the service's data is intact
# No data migration is needed -- the data already lives on the renamed
# dataset at the new path.
#
# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge):
# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix
# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix
# 3. Remove `impermanence.enable = false` for both in configuration.nix
# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 5. Verify: systemctl status jellyfin qbittorrent
#
# Phase 5: Cleanup
# Once all services are migrated and legacy-impermanence.nix is empty:
# - Delete legacy-impermanence.nix and remove its import from default.nix
# - Rebuild: sudo nixos-rebuild switch --flake .#defiant
#
# ============================================================================
#
# Current on-disk dataset layout:
# rpool/local/ - ephemeral parent
# rpool/local/home/leyla - ephemeral user home (rolled back on boot)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem (rolled back on boot)
# rpool/local/system/sops - sops age key
# rpool/persist/ - persistent parent
# rpool/persist/home/leyla - persistent user home
# rpool/persist/system/jellyfin - jellyfin media
# rpool/persist/system/qbittorrent - qbittorrent media
# rpool/persist/system/root - persistent root data
# rpool/persist/system/var/log - log persistence
{lib, ...}: { {lib, ...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching main's structure # Manually define ZFS datasets matching main's structure
storage.zfs.datasets = { storage.zfs.datasets = {
# Ephemeral datasets (local/) # Ephemeral datasets (local/)
@ -47,7 +158,7 @@
}; };
"local/system/sops" = { "local/system/sops" = {
type = "zfs_fs"; type = "zfs_fs";
mount = "/persist/sops"; mount = "/var/lib/sops-nix";
}; };
# Persistent datasets (persist/) # Persistent datasets (persist/)
@ -87,9 +198,10 @@
}; };
}; };
# Boot commands to rollback ephemeral root on boot # Boot commands to rollback ephemeral root and user homes on boot
boot.initrd.postResumeCommands = lib.mkAfter '' boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
''; '';
# FileSystems needed for boot # FileSystems needed for boot
@ -99,5 +211,8 @@
"/persist/system/var/log".neededForBoot = true; "/persist/system/var/log".neededForBoot = true;
"/persist/system/jellyfin".neededForBoot = true; "/persist/system/jellyfin".neededForBoot = true;
"/persist/system/qbittorrent".neededForBoot = true; "/persist/system/qbittorrent".neededForBoot = true;
"/var/lib/sops-nix".neededForBoot = true;
"/persist/home/leyla".neededForBoot = true;
"/home/leyla".neededForBoot = true;
}; };
} }

125
flake.lock generated
View file

@ -7,11 +7,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771881364, "lastModified": 1772867152,
"narHash": "sha256-A5uE/hMium5of/QGC6JwF5TGoDAfpNtW00T0s9u/PN8=", "narHash": "sha256-RIFgZ4O6Eg+5ysZ8Tqb3YvcqiRaNy440GEY22ltjRrs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "disko", "repo": "disko",
"rev": "a4cb7bf73f264d40560ba527f9280469f1f081c6", "rev": "eaafb89b56e948661d618eefd4757d9ea8d77514",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -28,11 +28,11 @@
}, },
"locked": { "locked": {
"dir": "pkgs/firefox-addons", "dir": "pkgs/firefox-addons",
"lastModified": 1771888219, "lastModified": 1772856163,
"narHash": "sha256-XlA/l99y1Qilmd8ttYJ9y5BSse9GKoQlt9hnY8H+EHM=", "narHash": "sha256-xD+d1+FVhKJ+oFYMTWOdVSBoXS4yeMyVZyDjMXqWEJE=",
"owner": "rycee", "owner": "rycee",
"repo": "nur-expressions", "repo": "nur-expressions",
"rev": "a347c1da78da64eeb78a0c9005bdaadace33e83c", "rev": "d358a550c7beac5f04fbc5a786e14af079606689",
"type": "gitlab" "type": "gitlab"
}, },
"original": { "original": {
@ -115,32 +115,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771851181, "lastModified": 1772845525,
"narHash": "sha256-gFgE6mGUftwseV3DUENMb0k0EiHd739lZexPo5O/sdQ=", "narHash": "sha256-Dp5Ir2u4jJDGCgeMRviHvEQDe+U37hMxp6RSNOoMMPc=",
"owner": "nix-community", "owner": "nix-community",
"repo": "home-manager", "repo": "home-manager",
"rev": "9a4b494b1aa1b93d8edf167f46dc8e0c0011280c", "rev": "27b93804fbef1544cb07718d3f0a451f4c4cd6c0",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "home-manager",
"type": "github"
}
},
"home-manager_2": {
"inputs": {
"nixpkgs": [
"impermanence",
"nixpkgs"
]
},
"locked": {
"lastModified": 1768598210,
"narHash": "sha256-kkgA32s/f4jaa4UG+2f8C225Qvclxnqs76mf8zvTVPg=",
"owner": "nix-community",
"repo": "home-manager",
"rev": "c47b2cc64a629f8e075de52e4742de688f930dc6",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -150,12 +129,20 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1769548169,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-03+JxvzmfwRu+5JafM0DLbxgHttOQZkUtDWBmeUkN8Y=",
"owner": "nix-community", "owner": "nix-community",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "7b1d382faf603b6d264f58627330f9faa5cba149",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -204,14 +191,14 @@
"mcp-nixos": { "mcp-nixos": {
"inputs": { "inputs": {
"flake-parts": "flake-parts", "flake-parts": "flake-parts",
"nixpkgs": "nixpkgs_2" "nixpkgs": "nixpkgs"
}, },
"locked": { "locked": {
"lastModified": 1769804089, "lastModified": 1772769318,
"narHash": "sha256-Wkot1j0cTx64xxjmLXzPubTckaZBSUJFhESEdOzPYas=", "narHash": "sha256-RAyOW5JMXRhiREqxFPOzw80fVsYVBnOPFgBSjnJ6gbY=",
"owner": "utensils", "owner": "utensils",
"repo": "mcp-nixos", "repo": "mcp-nixos",
"rev": "37a691ea4ea9c8bdcccfe174c6127847b8213fd3", "rev": "60c1efbba0de1268b42f1144c904e6c8a9627dde",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -227,11 +214,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771520882, "lastModified": 1772379624,
"narHash": "sha256-9SeTZ4Pwr730YfT7V8Azb8GFbwk1ZwiQDAwft3qAD+o=", "narHash": "sha256-NG9LLTWlz4YiaTAiRGChbrzbVxBfX+Auq4Ab/SWmk4A=",
"owner": "LnL7", "owner": "LnL7",
"repo": "nix-darwin", "repo": "nix-darwin",
"rev": "6a7fdcd5839ec8b135821179eea3b58092171bcf", "rev": "52d061516108769656a8bd9c6e811c677ec5b462",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -268,11 +255,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771901087, "lastModified": 1772850876,
"narHash": "sha256-b5eSke+C8UeR5Er+TZOzHCDStBJ68yyFlqAUc6fNBX0=", "narHash": "sha256-Ga19zlfMpakCY4GMwBSOljNLOF0nEYrYBXv0hP/d4rw=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "c22e7adea9adec98b3dc79be954ee17d56a232bd", "rev": "22f084d4c280dfc8a9d764f7b85af38e5d69c3dc",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -283,11 +270,11 @@
}, },
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1771423359, "lastModified": 1771969195,
"narHash": "sha256-yRKJ7gpVmXbX2ZcA8nFi6CMPkJXZGjie2unsiMzj3Ig=", "narHash": "sha256-qwcDBtrRvJbrrnv1lf/pREQi8t2hWZxVAyeMo7/E9sw=",
"owner": "NixOS", "owner": "NixOS",
"repo": "nixos-hardware", "repo": "nixos-hardware",
"rev": "740a22363033e9f1bb6270fbfb5a9574067af15b", "rev": "41c6b421bdc301b2624486e11905c9af7b8ec68e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -299,15 +286,15 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1768564909, "lastModified": 1767640445,
"narHash": "sha256-Kell/SpJYVkHWMvnhqJz/8DqQg2b6PguxVWOuadbHCc=", "narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=",
"owner": "nixos", "owner": "NixOS",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "e4bae1bd10c9c57b2cf517953ab70060a828ee6f", "rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nixos", "owner": "NixOS",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
@ -330,37 +317,21 @@
}, },
"nixpkgs_2": { "nixpkgs_2": {
"locked": { "locked": {
"lastModified": 1767640445, "lastModified": 1772773019,
"narHash": "sha256-UWYqmD7JFBEDBHWYcqE6s6c77pWdcU/i+bwD6XxMb8A=", "narHash": "sha256-E1bxHxNKfDoQUuvriG71+f+s/NT0qWkImXsYZNFFfCs=",
"owner": "NixOS", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "9f0c42f8bc7151b8e7e5840fb3bd454ad850d8c5", "rev": "aca4d95fce4914b3892661bcb80b8087293536c6",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "NixOS", "owner": "nixos",
"ref": "nixos-unstable", "ref": "nixos-unstable",
"repo": "nixpkgs", "repo": "nixpkgs",
"type": "github" "type": "github"
} }
}, },
"nixpkgs_3": { "nixpkgs_3": {
"locked": {
"lastModified": 1771369470,
"narHash": "sha256-0NBlEBKkN3lufyvFegY4TYv5mCNHbi5OmBDrzihbBMQ=",
"owner": "nixos",
"repo": "nixpkgs",
"rev": "0182a361324364ae3f436a63005877674cf45efb",
"type": "github"
},
"original": {
"owner": "nixos",
"ref": "nixos-unstable",
"repo": "nixpkgs",
"type": "github"
}
},
"nixpkgs_4": {
"locked": { "locked": {
"lastModified": 1759070547, "lastModified": 1759070547,
"narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=", "narHash": "sha256-JVZl8NaVRYb0+381nl7LvPE+A774/dRpif01FKLrYFQ=",
@ -378,7 +349,7 @@
}, },
"noita-entangled-worlds": { "noita-entangled-worlds": {
"inputs": { "inputs": {
"nixpkgs": "nixpkgs_4", "nixpkgs": "nixpkgs_3",
"rust-overlay": "rust-overlay", "rust-overlay": "rust-overlay",
"systems": "systems_2" "systems": "systems_2"
}, },
@ -410,7 +381,7 @@
"nix-syncthing": "nix-syncthing", "nix-syncthing": "nix-syncthing",
"nix-vscode-extensions": "nix-vscode-extensions", "nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs_3", "nixpkgs": "nixpkgs_2",
"noita-entangled-worlds": "noita-entangled-worlds", "noita-entangled-worlds": "noita-entangled-worlds",
"secrets": "secrets", "secrets": "secrets",
"sops-nix": "sops-nix" "sops-nix": "sops-nix"
@ -460,11 +431,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1771889317, "lastModified": 1772495394,
"narHash": "sha256-YV17Q5lEU0S9ppw08Y+cs4eEQJBuc79AzblFoHORLMU=", "narHash": "sha256-hmIvE/slLKEFKNEJz27IZ8BKlAaZDcjIHmkZ7GCEjfw=",
"owner": "Mic92", "owner": "Mic92",
"repo": "sops-nix", "repo": "sops-nix",
"rev": "b027513c32e5b39b59f64626b87fbe168ae02094", "rev": "1d9b98a29a45abe9c4d3174bd36de9f28755e3ff",
"type": "github" "type": "github"
}, },
"original": { "original": {

7
modules/home-manager-modules/impermanence.nix
View file

@ -26,8 +26,13 @@ in {
# If impermanence is not enabled for this user but system impermanence is enabled, # If impermanence is not enabled for this user but system impermanence is enabled,
# persist the entire home directory as fallback # persist the entire home directory as fallback
(lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) {
home.persistence."/persist/replicate/home" = { home.persistence."${
if osConfig.storage.generateBase
then "/persist/replicate/home"
else "/persist/home/${config.home.username}"
}" = {
directories = ["."]; directories = ["."];
allowOther = true;
}; };
}) })
]; ];

6
modules/home-manager-modules/programs/signal.nix
View file

@ -4,14 +4,14 @@
config, config,
... ...
}: { }: {
options.programs.signal-desktop-bin = { options.programs.signal-desktop = {
enable = lib.mkEnableOption "enable signal"; enable = lib.mkEnableOption "enable signal";
}; };
config = lib.mkIf config.programs.signal-desktop-bin.enable (lib.mkMerge [ config = lib.mkIf config.programs.signal-desktop.enable (lib.mkMerge [
{ {
home.packages = with pkgs; [ home.packages = with pkgs; [
signal-desktop-bin signal-desktop
]; ];
} }
( (

3
modules/nixos-modules/storage/impermanence.nix
View file

@ -81,6 +81,9 @@ in {
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
# Suppress sudo lecture on every boot since impermanence wipes the lecture status file
security.sudo.extraConfig = "Defaults lecture=never";
fileSystems = fileSystems =
lib.mapAttrs' ( lib.mapAttrs' (
datasetName: dataset: datasetName: dataset: