diff --git a/configurations/nixos/defiant/configuration.nix b/configurations/nixos/defiant/configuration.nix index 011f00d..bb5f450 100644 --- a/configurations/nixos/defiant/configuration.nix +++ b/configurations/nixos/defiant/configuration.nix @@ -52,13 +52,13 @@ } { folder = "users"; - user = "users"; + user = "root"; group = "users"; } ]; nfs = { enable = true; - directories = ["leyla" "eve"]; + directories = ["leyla" "eve" "ester"]; }; }; reverse_proxy = { diff --git a/modules/home-manager-modules/default.nix b/modules/home-manager-modules/default.nix index ef9bf0a..22736d2 100644 --- a/modules/home-manager-modules/default.nix +++ b/modules/home-manager-modules/default.nix @@ -4,5 +4,6 @@ ./flipperzero.nix ./i18n.nix ./openssh.nix + ./impermanence.nix ]; } diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix new file mode 100644 index 0000000..4768b7e --- /dev/null +++ b/modules/home-manager-modules/impermanence.nix @@ -0,0 +1,10 @@ +{config, ...}: { + home.persistence."/persistent/home/${config.home.username}" = { + directories = [ + ".ssh" + "desktop" + "downloads" + "documents" + ]; + }; +} diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix index e6e1ecc..a187226 100644 --- a/modules/nixos-modules/impermanence.nix +++ b/modules/nixos-modules/impermanence.nix @@ -26,12 +26,13 @@ ]; boot.initrd.postResumeCommands = lib.mkAfter '' - zfs rollback -r rpool/local/system/root@blank - 1 ''; + zfs rollback -r rpool/local/system/root@blank + ''; fileSystems = { "/".neededForBoot = true; "/persist/system/root".neededForBoot = true; + "/persist/system/var/log".neededForBoot = true; }; host.storage.pool.extraDatasets = { @@ -81,13 +82,18 @@ }; }; + environment.persistence."/persist/system/var/log" = { + enable = true; + hideMounts = true; + directories = [ + "/var/log" + ]; + }; + environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = [ - "/etc/ssh" - - "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" diff --git a/modules/nixos-modules/server/network_storage/default.nix b/modules/nixos-modules/server/network_storage/default.nix index 11019cb..fecc05f 100644 --- a/modules/nixos-modules/server/network_storage/default.nix +++ b/modules/nixos-modules/server/network_storage/default.nix @@ -21,7 +21,7 @@ in { type = lib.types.listOf (lib.types.submodule ({config, ...}: { options = { folder = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what is the name of this export directory"; }; bind = lib.mkOption { @@ -30,12 +30,12 @@ in { default = null; }; user = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what user owns this directory"; default = "nouser"; }; group = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what group owns this directory"; default = "nogroup"; }; @@ -57,11 +57,11 @@ in { # create any folders that we need to have for our exports systemd.tmpfiles.rules = [ - "d ${config.host.network_storage.export_directory} 2775 root root -" + "d ${config.host.network_storage.export_directory} 2770 root root -" ] ++ ( builtins.map ( - directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" + directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}" ) config.host.network_storage.directories ); diff --git a/modules/nixos-modules/server/reverse_proxy.nix b/modules/nixos-modules/server/reverse_proxy.nix index 311724b..7eecdd0 100644 --- a/modules/nixos-modules/server/reverse_proxy.nix +++ b/modules/nixos-modules/server/reverse_proxy.nix @@ -6,7 +6,7 @@ options.host.reverse_proxy = { enable = lib.mkEnableOption "turn on the reverse proxy"; hostname = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "what host name are we going to be proxying from"; }; forceSSL = lib.mkOption { @@ -23,7 +23,7 @@ type = lib.types.attrsOf (lib.types.submodule ({...}: { options = { target = lib.mkOption { - type = lib.types.string; + type = lib.types.str; description = "where should this host point to"; }; websockets = lib.mkEnableOption "should websockets be proxied"; diff --git a/modules/nixos-modules/ssh.nix b/modules/nixos-modules/ssh.nix index 0360cfc..17593aa 100644 --- a/modules/nixos-modules/ssh.nix +++ b/modules/nixos-modules/ssh.nix @@ -1,13 +1,28 @@ -{...}: { - services = { - openssh = { - enable = true; - ports = [22]; - settings = { - PasswordAuthentication = false; - UseDns = true; - X11Forwarding = false; +{ + lib, + config, + ... +}: { + config = lib.mkMerge [ + { + services = { + openssh = { + enable = true; + ports = [22]; + settings = { + PasswordAuthentication = false; + UseDns = true; + X11Forwarding = false; + }; + }; }; - }; - }; + } + (lib.mkIf config.host.impermanence.enable { + environment.persistence."/persist/system/root" = { + directories = [ + "/etc/ssh" + ]; + }; + }) + ]; } diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index 1799f81..e2a8074 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -272,6 +272,15 @@ in { normalUsers ) ) + ( + builtins.listToAttrs ( + builtins.map (user: + lib.attrsets.nameValuePair "/home/${user.name}" { + neededForBoot = true; + }) + normalUsers + ) + ) ]; environment.persistence."/persist/system/root" = {