feat: updated user configs to better match original config
This commit is contained in:
parent
1eb66d1c31
commit
f8edad75bf
3 changed files with 73 additions and 51 deletions
|
|
@ -399,53 +399,65 @@ in {
|
|||
};
|
||||
};
|
||||
}
|
||||
(lib.mkIf config.storage.impermanence.enable (lib.mkMerge [
|
||||
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
||||
{
|
||||
# sops age key needs to be available to pre persist for user generation
|
||||
storage.zfs.datasets = lib.mkMerge [
|
||||
{
|
||||
"persist/local/system/sops" = {
|
||||
type = "zfs_fs";
|
||||
mount = {
|
||||
enable = true;
|
||||
mountPoint = SOPS_AGE_KEY_DIRECTORY;
|
||||
};
|
||||
atime = "off";
|
||||
relatime = "off";
|
||||
};
|
||||
}
|
||||
(lib.mkMerge (
|
||||
builtins.map (user: {
|
||||
"ephemeral/home/${user.name}" = {
|
||||
type = "zfs_fs";
|
||||
mount = {
|
||||
enable = true;
|
||||
mountPoint = "/home/${user.name}";
|
||||
};
|
||||
snapshot.blankSnapshot = true;
|
||||
};
|
||||
})
|
||||
normalUsers
|
||||
))
|
||||
];
|
||||
|
||||
# Post resume commands to rollback user home datasets to blank snapshots
|
||||
boot.initrd.postResumeCommands = lib.mkAfter (
|
||||
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
|
||||
normalUsers)
|
||||
);
|
||||
|
||||
# Create persist home directories with proper permissions
|
||||
systemd = {
|
||||
tmpfiles.rules =
|
||||
builtins.map (
|
||||
user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
|
||||
)
|
||||
normalUsers;
|
||||
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
||||
{
|
||||
# sops age key needs to be available to pre persist for user generation
|
||||
storage.zfs.datasets."persist/local/system/sops" = {
|
||||
type = "zfs_fs";
|
||||
mount = {
|
||||
enable = true;
|
||||
mountPoint = SOPS_AGE_KEY_DIRECTORY;
|
||||
};
|
||||
}
|
||||
]))
|
||||
atime = "off";
|
||||
relatime = "off";
|
||||
};
|
||||
}
|
||||
(lib.mkIf (!config.storage.impermanence.enable) {
|
||||
storage.zfs.datasets = lib.mkMerge (
|
||||
builtins.map (user: {
|
||||
"persist/replicate/home/${user.name}" = {
|
||||
type = "zfs_fs";
|
||||
mount = {
|
||||
enable = true;
|
||||
mountPoint = "/home/${user.name}";
|
||||
};
|
||||
snapshot.autoSnapshot = true;
|
||||
};
|
||||
})
|
||||
normalUsers
|
||||
);
|
||||
})
|
||||
(lib.mkIf config.storage.impermanence.enable {
|
||||
storage.zfs.datasets = lib.mkMerge (
|
||||
builtins.map (user: {
|
||||
"ephemeral/home/${user.name}" = {
|
||||
type = "zfs_fs";
|
||||
mount = {
|
||||
enable = true;
|
||||
mountPoint = "/home/${user.name}";
|
||||
};
|
||||
snapshot.blankSnapshot = true;
|
||||
};
|
||||
})
|
||||
normalUsers
|
||||
);
|
||||
|
||||
# Post resume commands to rollback user home datasets to blank snapshots
|
||||
boot.initrd.postResumeCommands = lib.mkAfter (
|
||||
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
|
||||
normalUsers)
|
||||
);
|
||||
|
||||
# TODO: I don't think we need this anymore but I have not tested it
|
||||
# Create persist home directories with proper permissions
|
||||
# systemd = {
|
||||
# tmpfiles.rules =
|
||||
# builtins.map (
|
||||
# user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
|
||||
# )
|
||||
# normalUsers;
|
||||
# };
|
||||
})
|
||||
]))
|
||||
];
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue