jan-leila/nix-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

made impermanence config work slightly better

Browse source
This commit is contained in:
Leyla Becker 2024-12-25 18:21:10 -06:00
parent 2d5e37b1eb
commit 48dc0b1150
8 changed files with 66 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
configurations/nixos/defiant/configuration.nix
View file

@ -52,13 +52,13 @@
} }
{ {
folder = "users"; folder = "users";
user = "users"; user = "root";
group = "users"; group = "users";
} }
]; ];
nfs = { nfs = {
enable = true; enable = true;
directories = ["leyla" "eve"]; directories = ["leyla" "eve" "ester"];
}; };
}; };
reverse_proxy = { reverse_proxy = {

1
modules/home-manager-modules/default.nix
View file

@ -4,5 +4,6 @@
./flipperzero.nix ./flipperzero.nix
./i18n.nix ./i18n.nix
./openssh.nix ./openssh.nix
./impermanence.nix
]; ];
} }

10
modules/home-manager-modules/impermanence.nix Normal file
View file

@ -0,0 +1,10 @@
{config, ...}: {
home.persistence."/persistent/home/${config.home.username}" = {
directories = [
".ssh"
"desktop"
"downloads"
"documents"
];
};
}

16
modules/nixos-modules/impermanence.nix
View file

@ -26,12 +26,13 @@
]; ];
boot.initrd.postResumeCommands = lib.mkAfter '' boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank zfs rollback -r rpool/local/system/root@blank
1 ''; '';
fileSystems = { fileSystems = {
"/".neededForBoot = true; "/".neededForBoot = true;
"/persist/system/root".neededForBoot = true; "/persist/system/root".neededForBoot = true;
"/persist/system/var/log".neededForBoot = true;
}; };
host.storage.pool.extraDatasets = { host.storage.pool.extraDatasets = {
@ -81,13 +82,18 @@
}; };
}; };
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
];
};
environment.persistence."/persist/system/root" = { environment.persistence."/persist/system/root" = {
enable = true; enable = true;
hideMounts = true; hideMounts = true;
directories = [ directories = [
"/etc/ssh"
"/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"

10
modules/nixos-modules/server/network_storage/default.nix
View file

@ -21,7 +21,7 @@ in {
type = lib.types.listOf (lib.types.submodule ({config, ...}: { type = lib.types.listOf (lib.types.submodule ({config, ...}: {
options = { options = {
folder = lib.mkOption { folder = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "what is the name of this export directory"; description = "what is the name of this export directory";
}; };
bind = lib.mkOption { bind = lib.mkOption {
@ -30,12 +30,12 @@ in {
default = null; default = null;
}; };
user = lib.mkOption { user = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "what user owns this directory"; description = "what user owns this directory";
default = "nouser"; default = "nouser";
}; };
group = lib.mkOption { group = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "what group owns this directory"; description = "what group owns this directory";
default = "nogroup"; default = "nogroup";
}; };
@ -57,11 +57,11 @@ in {
# create any folders that we need to have for our exports # create any folders that we need to have for our exports
systemd.tmpfiles.rules = systemd.tmpfiles.rules =
[ [
"d ${config.host.network_storage.export_directory} 2775 root root -" "d ${config.host.network_storage.export_directory} 2770 root root -"
] ]
++ ( ++ (
builtins.map ( builtins.map (
directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}" directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}"
) )
config.host.network_storage.directories config.host.network_storage.directories
); );

4
modules/nixos-modules/server/reverse_proxy.nix
View file

@ -6,7 +6,7 @@
options.host.reverse_proxy = { options.host.reverse_proxy = {
enable = lib.mkEnableOption "turn on the reverse proxy"; enable = lib.mkEnableOption "turn on the reverse proxy";
hostname = lib.mkOption { hostname = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "what host name are we going to be proxying from"; description = "what host name are we going to be proxying from";
}; };
forceSSL = lib.mkOption { forceSSL = lib.mkOption {
@ -23,7 +23,7 @@
type = lib.types.attrsOf (lib.types.submodule ({...}: { type = lib.types.attrsOf (lib.types.submodule ({...}: {
options = { options = {
target = lib.mkOption { target = lib.mkOption {
type = lib.types.string; type = lib.types.str;
description = "where should this host point to"; description = "where should this host point to";
}; };
websockets = lib.mkEnableOption "should websockets be proxied"; websockets = lib.mkEnableOption "should websockets be proxied";

37
modules/nixos-modules/ssh.nix
View file

@ -1,13 +1,28 @@
{...}: { {
services = { lib,
openssh = { config,
enable = true; ...
ports = [22]; }: {
settings = { config = lib.mkMerge [
PasswordAuthentication = false; {
UseDns = true; services = {
X11Forwarding = false; openssh = {
enable = true;
ports = [22];
settings = {
PasswordAuthentication = false;
UseDns = true;
X11Forwarding = false;
};
};
}; };
}; }
}; (lib.mkIf config.host.impermanence.enable {
environment.persistence."/persist/system/root" = {
directories = [
"/etc/ssh"
];
};
})
];
} }

9
modules/nixos-modules/users.nix
View file

@ -272,6 +272,15 @@ in {
normalUsers normalUsers
) )
) )
(
builtins.listToAttrs (
builtins.map (user:
lib.attrsets.nameValuePair "/home/${user.name}" {
neededForBoot = true;
})
normalUsers
)
)
]; ];
environment.persistence."/persist/system/root" = { environment.persistence."/persist/system/root" = {