made impermanence config work slightly better

2024-12-25 18:21:10 -06:00 · 2024-12-25 18:21:10 -06:00 · 48dc0b1150
parent 2d5e37b1eb
commit 48dc0b1150
8 changed files with 66 additions and 25 deletions
--- a/configurations/nixos/defiant/configuration.nix
+++ b/configurations/nixos/defiant/configuration.nix
@ -52,13 +52,13 @@
        }
        {
          folder = "users";
-          user = "users";
+          user = "root";
          group = "users";
        }
      ];
      nfs = {
        enable = true;
-        directories = ["leyla" "eve"];
+        directories = ["leyla" "eve" "ester"];
      };
    };
    reverse_proxy = {
--- a/modules/home-manager-modules/default.nix
+++ b/modules/home-manager-modules/default.nix
@ -4,5 +4,6 @@
    ./flipperzero.nix
    ./i18n.nix
    ./openssh.nix
+    ./impermanence.nix
  ];
 }
--- a/modules/home-manager-modules/impermanence.nix
+++ b/modules/home-manager-modules/impermanence.nix
@ -0,0 +1,10 @@
+{config, ...}: {
+  home.persistence."/persistent/home/${config.home.username}" = {
+    directories = [
+      ".ssh"
+      "desktop"
+      "downloads"
+      "documents"
+    ];
+  };
+}
--- a/modules/nixos-modules/impermanence.nix
+++ b/modules/nixos-modules/impermanence.nix
@ -26,12 +26,13 @@
        ];

        boot.initrd.postResumeCommands = lib.mkAfter ''
-                    zfs rollback -r rpool/local/system/root@blank
-          1        '';
+          zfs rollback -r rpool/local/system/root@blank
+        '';

        fileSystems = {
          "/".neededForBoot = true;
          "/persist/system/root".neededForBoot = true;
+          "/persist/system/var/log".neededForBoot = true;
        };

        host.storage.pool.extraDatasets = {
@ -81,13 +82,18 @@
          };
        };

+        environment.persistence."/persist/system/var/log" = {
+          enable = true;
+          hideMounts = true;
+          directories = [
+            "/var/log"
+          ];
+        };
+
        environment.persistence."/persist/system/root" = {
          enable = true;
          hideMounts = true;
          directories = [
-            "/etc/ssh"
-
-            "/var/log"
            "/var/lib/nixos"
            "/var/lib/systemd/coredump"

--- a/modules/nixos-modules/server/network_storage/default.nix
+++ b/modules/nixos-modules/server/network_storage/default.nix
@ -21,7 +21,7 @@ in {
        type = lib.types.listOf (lib.types.submodule ({config, ...}: {
          options = {
            folder = lib.mkOption {
-              type = lib.types.string;
+              type = lib.types.str;
              description = "what is the name of this export directory";
            };
            bind = lib.mkOption {
@ -30,12 +30,12 @@ in {
              default = null;
            };
            user = lib.mkOption {
-              type = lib.types.string;
+              type = lib.types.str;
              description = "what user owns this directory";
              default = "nouser";
            };
            group = lib.mkOption {
-              type = lib.types.string;
+              type = lib.types.str;
              description = "what group owns this directory";
              default = "nogroup";
            };
@ -57,11 +57,11 @@ in {
      # create any folders that we need to have for our exports
      systemd.tmpfiles.rules =
        [
-          "d ${config.host.network_storage.export_directory} 2775 root root -"
+          "d ${config.host.network_storage.export_directory} 2770 root root -"
        ]
        ++ (
          builtins.map (
-            directory: "d ${directory._directory} 2775 ${directory.user} ${directory.group}"
+            directory: "d ${directory._directory} 2770 ${directory.user} ${directory.group}"
          )
          config.host.network_storage.directories
        );
--- a/modules/nixos-modules/server/reverse_proxy.nix
+++ b/modules/nixos-modules/server/reverse_proxy.nix
@ -6,7 +6,7 @@
  options.host.reverse_proxy = {
    enable = lib.mkEnableOption "turn on the reverse proxy";
    hostname = lib.mkOption {
-      type = lib.types.string;
+      type = lib.types.str;
      description = "what host name are we going to be proxying from";
    };
    forceSSL = lib.mkOption {
@ -23,7 +23,7 @@
      type = lib.types.attrsOf (lib.types.submodule ({...}: {
        options = {
          target = lib.mkOption {
-            type = lib.types.string;
+            type = lib.types.str;
            description = "where should this host point to";
          };
          websockets = lib.mkEnableOption "should websockets be proxied";
--- a/modules/nixos-modules/ssh.nix
+++ b/modules/nixos-modules/ssh.nix
@ -1,13 +1,28 @@
-{...}: {
-  services = {
-    openssh = {
-      enable = true;
-      ports = [22];
-      settings = {
-        PasswordAuthentication = false;
-        UseDns = true;
-        X11Forwarding = false;
+{
+  lib,
+  config,
+  ...
+}: {
+  config = lib.mkMerge [
+    {
+      services = {
+        openssh = {
+          enable = true;
+          ports = [22];
+          settings = {
+            PasswordAuthentication = false;
+            UseDns = true;
+            X11Forwarding = false;
+          };
+        };
      };
-    };
-  };
+    }
+    (lib.mkIf config.host.impermanence.enable {
+      environment.persistence."/persist/system/root" = {
+        directories = [
+          "/etc/ssh"
+        ];
+      };
+    })
+  ];
 }
--- a/modules/nixos-modules/users.nix
+++ b/modules/nixos-modules/users.nix
@ -272,6 +272,15 @@ in {
            normalUsers
          )
        )
+        (
+          builtins.listToAttrs (
+            builtins.map (user:
+              lib.attrsets.nameValuePair "/home/${user.name}" {
+                neededForBoot = true;
+              })
+            normalUsers
+          )
+        )
      ];

      environment.persistence."/persist/system/root" = {