feat: updated user configs to better match original config
This commit is contained in:
parent
1eb66d1c31
commit
f8edad75bf
3 changed files with 73 additions and 51 deletions
|
|
@ -10,6 +10,16 @@
|
||||||
lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
||||||
{
|
{
|
||||||
storage.zfs.datasets = {
|
storage.zfs.datasets = {
|
||||||
|
"persist" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
};
|
||||||
|
"persist/local" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
};
|
||||||
|
"persist/replicate" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
};
|
||||||
|
|
||||||
"persist/local/nix" = {
|
"persist/local/nix" = {
|
||||||
type = "zfs_fs";
|
type = "zfs_fs";
|
||||||
mount = {
|
mount = {
|
||||||
|
|
@ -22,6 +32,7 @@
|
||||||
atime = "off";
|
atime = "off";
|
||||||
relatime = "off";
|
relatime = "off";
|
||||||
};
|
};
|
||||||
|
|
||||||
"persist/replicate/system/var/log" = {
|
"persist/replicate/system/var/log" = {
|
||||||
type = "zfs_fs";
|
type = "zfs_fs";
|
||||||
mount = {
|
mount = {
|
||||||
|
|
@ -54,6 +65,9 @@
|
||||||
'';
|
'';
|
||||||
|
|
||||||
storage.zfs.datasets = {
|
storage.zfs.datasets = {
|
||||||
|
"ephemeral" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
};
|
||||||
"ephemeral/system/root" = {
|
"ephemeral/system/root" = {
|
||||||
type = "zfs_fs";
|
type = "zfs_fs";
|
||||||
mount = {
|
mount = {
|
||||||
|
|
|
||||||
|
|
@ -73,11 +73,7 @@
|
||||||
snapshot = {
|
snapshot = {
|
||||||
# This option should set this option flag
|
# This option should set this option flag
|
||||||
# "com.sun:auto-snapshot" = "false";
|
# "com.sun:auto-snapshot" = "false";
|
||||||
autoSnapshot = lib.mkOption {
|
autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset";
|
||||||
type = lib.types.bool;
|
|
||||||
default = false;
|
|
||||||
description = "Enable automatic snapshots for this dataset";
|
|
||||||
};
|
|
||||||
# Creates a blank snapshot in the post create hook for rollback purposes
|
# Creates a blank snapshot in the post create hook for rollback purposes
|
||||||
blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook";
|
blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook";
|
||||||
};
|
};
|
||||||
|
|
|
||||||
|
|
@ -399,53 +399,65 @@ in {
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
(lib.mkIf config.storage.impermanence.enable (lib.mkMerge [
|
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
||||||
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
|
{
|
||||||
{
|
# sops age key needs to be available to pre persist for user generation
|
||||||
# sops age key needs to be available to pre persist for user generation
|
storage.zfs.datasets."persist/local/system/sops" = {
|
||||||
storage.zfs.datasets = lib.mkMerge [
|
type = "zfs_fs";
|
||||||
{
|
mount = {
|
||||||
"persist/local/system/sops" = {
|
enable = true;
|
||||||
type = "zfs_fs";
|
mountPoint = SOPS_AGE_KEY_DIRECTORY;
|
||||||
mount = {
|
|
||||||
enable = true;
|
|
||||||
mountPoint = SOPS_AGE_KEY_DIRECTORY;
|
|
||||||
};
|
|
||||||
atime = "off";
|
|
||||||
relatime = "off";
|
|
||||||
};
|
|
||||||
}
|
|
||||||
(lib.mkMerge (
|
|
||||||
builtins.map (user: {
|
|
||||||
"ephemeral/home/${user.name}" = {
|
|
||||||
type = "zfs_fs";
|
|
||||||
mount = {
|
|
||||||
enable = true;
|
|
||||||
mountPoint = "/home/${user.name}";
|
|
||||||
};
|
|
||||||
snapshot.blankSnapshot = true;
|
|
||||||
};
|
|
||||||
})
|
|
||||||
normalUsers
|
|
||||||
))
|
|
||||||
];
|
|
||||||
|
|
||||||
# Post resume commands to rollback user home datasets to blank snapshots
|
|
||||||
boot.initrd.postResumeCommands = lib.mkAfter (
|
|
||||||
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
|
|
||||||
normalUsers)
|
|
||||||
);
|
|
||||||
|
|
||||||
# Create persist home directories with proper permissions
|
|
||||||
systemd = {
|
|
||||||
tmpfiles.rules =
|
|
||||||
builtins.map (
|
|
||||||
user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
|
|
||||||
)
|
|
||||||
normalUsers;
|
|
||||||
};
|
};
|
||||||
}
|
atime = "off";
|
||||||
]))
|
relatime = "off";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
(lib.mkIf (!config.storage.impermanence.enable) {
|
||||||
|
storage.zfs.datasets = lib.mkMerge (
|
||||||
|
builtins.map (user: {
|
||||||
|
"persist/replicate/home/${user.name}" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
mount = {
|
||||||
|
enable = true;
|
||||||
|
mountPoint = "/home/${user.name}";
|
||||||
|
};
|
||||||
|
snapshot.autoSnapshot = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
normalUsers
|
||||||
|
);
|
||||||
|
})
|
||||||
|
(lib.mkIf config.storage.impermanence.enable {
|
||||||
|
storage.zfs.datasets = lib.mkMerge (
|
||||||
|
builtins.map (user: {
|
||||||
|
"ephemeral/home/${user.name}" = {
|
||||||
|
type = "zfs_fs";
|
||||||
|
mount = {
|
||||||
|
enable = true;
|
||||||
|
mountPoint = "/home/${user.name}";
|
||||||
|
};
|
||||||
|
snapshot.blankSnapshot = true;
|
||||||
|
};
|
||||||
|
})
|
||||||
|
normalUsers
|
||||||
|
);
|
||||||
|
|
||||||
|
# Post resume commands to rollback user home datasets to blank snapshots
|
||||||
|
boot.initrd.postResumeCommands = lib.mkAfter (
|
||||||
|
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
|
||||||
|
normalUsers)
|
||||||
|
);
|
||||||
|
|
||||||
|
# TODO: I don't think we need this anymore but I have not tested it
|
||||||
|
# Create persist home directories with proper permissions
|
||||||
|
# systemd = {
|
||||||
|
# tmpfiles.rules =
|
||||||
|
# builtins.map (
|
||||||
|
# user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
|
||||||
|
# )
|
||||||
|
# normalUsers;
|
||||||
|
# };
|
||||||
|
})
|
||||||
]))
|
]))
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue