feat: added sops dataset to users.nix
This commit is contained in:
parent
4d7d11e0c8
commit
318a0a9748
1 changed files with 67 additions and 71 deletions
|
|
@ -399,79 +399,75 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
(lib.mkIf config.host.impermanence.enable {
|
(lib.mkIf config.storage.impermanence.enable (lib.mkMerge [
|
||||||
boot.initrd.postResumeCommands = lib.mkAfter (
|
(lib.mkIf config.storage.zfs.enable {
|
||||||
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank")
|
storage.zfs.datasets."persist/system/sops" = {
|
||||||
normalUsers)
|
type = "zfs_fs";
|
||||||
);
|
mount = {
|
||||||
|
enable = true;
|
||||||
|
mountPoint = SOPS_AGE_KEY_DIRECTORY;
|
||||||
|
};
|
||||||
|
atime = "off";
|
||||||
|
relatime = "off";
|
||||||
|
};
|
||||||
|
})
|
||||||
|
]))
|
||||||
|
# (lib.mkIf config.host.impermanence.enable {
|
||||||
|
# boot.initrd.postResumeCommands = lib.mkAfter (
|
||||||
|
# lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank")
|
||||||
|
# normalUsers)
|
||||||
|
# );
|
||||||
|
|
||||||
systemd = {
|
# systemd = {
|
||||||
tmpfiles.rules =
|
# tmpfiles.rules =
|
||||||
builtins.map (
|
# builtins.map (
|
||||||
user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -"
|
# user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -"
|
||||||
)
|
# )
|
||||||
normalUsers;
|
# normalUsers;
|
||||||
};
|
# };
|
||||||
|
|
||||||
fileSystems = lib.mkMerge [
|
# fileSystems = lib.mkMerge [
|
||||||
{
|
# (
|
||||||
${SOPS_AGE_KEY_DIRECTORY}.neededForBoot = true;
|
# builtins.listToAttrs (
|
||||||
}
|
# builtins.map (user:
|
||||||
(
|
# lib.attrsets.nameValuePair "/persist/home/${user.name}" {
|
||||||
builtins.listToAttrs (
|
# neededForBoot = true;
|
||||||
builtins.map (user:
|
# })
|
||||||
lib.attrsets.nameValuePair "/persist/home/${user.name}" {
|
# normalUsers
|
||||||
neededForBoot = true;
|
# )
|
||||||
})
|
# )
|
||||||
normalUsers
|
# (
|
||||||
)
|
# builtins.listToAttrs (
|
||||||
)
|
# builtins.map (user:
|
||||||
(
|
# lib.attrsets.nameValuePair "/home/${user.name}" {
|
||||||
builtins.listToAttrs (
|
# neededForBoot = true;
|
||||||
builtins.map (user:
|
# })
|
||||||
lib.attrsets.nameValuePair "/home/${user.name}" {
|
# normalUsers
|
||||||
neededForBoot = true;
|
# )
|
||||||
})
|
# )
|
||||||
normalUsers
|
# ];
|
||||||
)
|
|
||||||
)
|
|
||||||
];
|
|
||||||
|
|
||||||
host.storage.pool.extraDatasets = lib.mkMerge (
|
# host.storage.pool.extraDatasets = lib.mkMerge (
|
||||||
[
|
# (
|
||||||
{
|
# builtins.map (user: {
|
||||||
# sops age key needs to be available to pre persist for user generation
|
# "local/home/${user.name}" = {
|
||||||
"local/system/sops" = {
|
# type = "zfs_fs";
|
||||||
type = "zfs_fs";
|
# mountpoint = "/home/${user.name}";
|
||||||
mountpoint = SOPS_AGE_KEY_DIRECTORY;
|
# options = {
|
||||||
options = {
|
# canmount = "on";
|
||||||
atime = "off";
|
# };
|
||||||
relatime = "off";
|
# postCreateHook = ''
|
||||||
canmount = "on";
|
# zfs snapshot rpool/local/home/${user.name}@blank
|
||||||
};
|
# '';
|
||||||
};
|
# };
|
||||||
}
|
# "persist/home/${user.name}" = {
|
||||||
]
|
# type = "zfs_fs";
|
||||||
++ (
|
# mountpoint = "/persist/home/${user.name}";
|
||||||
builtins.map (user: {
|
# };
|
||||||
"local/home/${user.name}" = {
|
# })
|
||||||
type = "zfs_fs";
|
# normalUsers
|
||||||
mountpoint = "/home/${user.name}";
|
# )
|
||||||
options = {
|
# );
|
||||||
canmount = "on";
|
# })
|
||||||
};
|
|
||||||
postCreateHook = ''
|
|
||||||
zfs snapshot rpool/local/home/${user.name}@blank
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
"persist/home/${user.name}" = {
|
|
||||||
type = "zfs_fs";
|
|
||||||
mountpoint = "/persist/home/${user.name}";
|
|
||||||
};
|
|
||||||
})
|
|
||||||
normalUsers
|
|
||||||
)
|
|
||||||
);
|
|
||||||
})
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue