diff --git a/configurations/home-manager/leyla/default.nix b/configurations/home-manager/leyla/default.nix index 20b04c7..8a37754 100644 --- a/configurations/home-manager/leyla/default.nix +++ b/configurations/home-manager/leyla/default.nix @@ -12,7 +12,7 @@ ]; config = { - impermanence.enable = osConfig.storage.impermanence.enable; + impermanence.enable = osConfig.host.impermanence.enable; # Home Manager needs a bit of information about you and the paths it should # manage. diff --git a/configurations/home-manager/leyla/impermanence.nix b/configurations/home-manager/leyla/impermanence.nix index c61d693..ce81c81 100644 --- a/configurations/home-manager/leyla/impermanence.nix +++ b/configurations/home-manager/leyla/impermanence.nix @@ -4,7 +4,7 @@ ... }: { config = lib.mkIf (config.impermanence.enable) { - home.persistence."/persist/home" = { + home.persistence."/persist/home/leyla" = { directories = [ "desktop" "downloads" @@ -14,6 +14,7 @@ ".bash_history" # keep shell history around "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files ]; + allowOther = true; }; }; } diff --git a/flake.lock b/flake.lock index 6b33266..3c1f2ad 100644 --- a/flake.lock +++ b/flake.lock @@ -147,25 +147,16 @@ } }, "impermanence": { - "inputs": { - "home-manager": [ - "home-manager" - ], - "nixpkgs": [ - "nixpkgs" - ] - }, "locked": { - "lastModified": 1762761176, - "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=", - "owner": "jan-leila", + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", "repo": "impermanence", - "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "type": "github" }, "original": { - "owner": "jan-leila", - "ref": "home-manager-v2", + "owner": "nix-community", "repo": "impermanence", "type": "github" } diff --git a/flake.nix b/flake.nix index f0b9d67..6f85fa3 100644 --- a/flake.nix +++ b/flake.nix @@ -36,9 +36,7 @@ # delete your darlings impermanence = { - url = "github:jan-leila/impermanence/home-manager-v2"; - inputs.nixpkgs.follows = "nixpkgs"; - inputs.home-manager.follows = "home-manager"; + url = "github:nix-community/impermanence"; }; nix-darwin = { diff --git a/modules/home-manager-modules/impermanence.nix b/modules/home-manager-modules/impermanence.nix index 67f0ee4..6c75edd 100644 --- a/modules/home-manager-modules/impermanence.nix +++ b/modules/home-manager-modules/impermanence.nix @@ -18,16 +18,17 @@ in { (lib.mkIf config.impermanence.enable { assertions = [ { - assertion = osConfig.storage.impermanence.enable; + assertion = osConfig.host.impermanence.enable; message = "impermanence can not be enabled for a user when it is not enabled for the system"; } ]; }) # If impermanence is not enabled for this user but system impermanence is enabled, # persist the entire home directory as fallback - (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { - home.persistence."/persist/home" = { + (lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { + home.persistence."/persist/home/${config.home.username}" = { directories = ["."]; + allowOther = true; }; }) ]; diff --git a/modules/home-manager-modules/openssh.nix b/modules/home-manager-modules/openssh.nix index 213ad67..afc98dd 100644 --- a/modules/home-manager-modules/openssh.nix +++ b/modules/home-manager-modules/openssh.nix @@ -96,7 +96,7 @@ } ) (lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { files = lib.lists.flatten ( builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys ); diff --git a/modules/home-manager-modules/programs/anki.nix b/modules/home-manager-modules/programs/anki.nix index 739245e..c2f93ea 100644 --- a/modules/home-manager-modules/programs/anki.nix +++ b/modules/home-manager-modules/programs/anki.nix @@ -1,13 +1,15 @@ { lib, config, + osConfig, ... }: { - config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) { - home.persistence."/persist/home" = { + config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ - ".local/share/Anki2" + "${config.xdg.dataHome}/Anki2/" ]; + allowOther = true; }; }; } diff --git a/modules/home-manager-modules/programs/bitwarden.nix b/modules/home-manager-modules/programs/bitwarden.nix index c752669..e305b6c 100644 --- a/modules/home-manager-modules/programs/bitwarden.nix +++ b/modules/home-manager-modules/programs/bitwarden.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Bitwarden" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/bruno.nix b/modules/home-manager-modules/programs/bruno.nix index 768299b..8ad5e63 100644 --- a/modules/home-manager-modules/programs/bruno.nix +++ b/modules/home-manager-modules/programs/bruno.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/bruno/" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/calibre.nix b/modules/home-manager-modules/programs/calibre.nix index 14e48dc..dbe6e2b 100644 --- a/modules/home-manager-modules/programs/calibre.nix +++ b/modules/home-manager-modules/programs/calibre.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/calibre" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/davinci-resolve.nix b/modules/home-manager-modules/programs/davinci-resolve.nix index 49c7c47..6c4526f 100644 --- a/modules/home-manager-modules/programs/davinci-resolve.nix +++ b/modules/home-manager-modules/programs/davinci-resolve.nix @@ -16,11 +16,12 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.configHome}/blackmagic" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/dbeaver.nix b/modules/home-manager-modules/programs/dbeaver.nix index abc7c29..8b6c41a 100644 --- a/modules/home-manager-modules/programs/dbeaver.nix +++ b/modules/home-manager-modules/programs/dbeaver.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/DBeaverData/" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/discord.nix b/modules/home-manager-modules/programs/discord.nix index c62de57..d5d7192 100644 --- a/modules/home-manager-modules/programs/discord.nix +++ b/modules/home-manager-modules/programs/discord.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/discord/" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/firefox.nix b/modules/home-manager-modules/programs/firefox.nix index 282c022..8841887 100644 --- a/modules/home-manager-modules/programs/firefox.nix +++ b/modules/home-manager-modules/programs/firefox.nix @@ -22,10 +22,11 @@ # Extension configuration ".mozilla/firefox/${profile}/extension-settings.json" ]; + allowOther = true; }; in { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { - home.persistence."/persist/home" = lib.mkMerge ( + home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( ( lib.attrsets.mapAttrsToList (profile: _: buildProfilePersistence profile) diff --git a/modules/home-manager-modules/programs/freecad.nix b/modules/home-manager-modules/programs/freecad.nix index c546794..89668de 100644 --- a/modules/home-manager-modules/programs/freecad.nix +++ b/modules/home-manager-modules/programs/freecad.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/FreeCAD" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/gimp.nix b/modules/home-manager-modules/programs/gimp.nix index c127234..925a2d9 100644 --- a/modules/home-manager-modules/programs/gimp.nix +++ b/modules/home-manager-modules/programs/gimp.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/GIMP" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/idea.nix b/modules/home-manager-modules/programs/idea.nix index 438e345..e59e7b2 100644 --- a/modules/home-manager-modules/programs/idea.nix +++ b/modules/home-manager-modules/programs/idea.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ # configuration "${config.xdg.configHome}/JetBrains/" diff --git a/modules/home-manager-modules/programs/inkscape.nix b/modules/home-manager-modules/programs/inkscape.nix index 8cef5cb..a26ddec 100644 --- a/modules/home-manager-modules/programs/inkscape.nix +++ b/modules/home-manager-modules/programs/inkscape.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/inkscape" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/kdenlive.nix b/modules/home-manager-modules/programs/kdenlive.nix index a130fb8..05327d1 100644 --- a/modules/home-manager-modules/programs/kdenlive.nix +++ b/modules/home-manager-modules/programs/kdenlive.nix @@ -23,11 +23,12 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/kdenliverc" "${config.xdg.dataHome}/kdenlive" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/krita.nix b/modules/home-manager-modules/programs/krita.nix index 869b10b..3ba5560 100644 --- a/modules/home-manager-modules/programs/krita.nix +++ b/modules/home-manager-modules/programs/krita.nix @@ -16,11 +16,12 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/kritarc" "${config.xdg.dataHome}/krita" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/libreoffice.nix b/modules/home-manager-modules/programs/libreoffice.nix index 924d2a1..93163e7 100644 --- a/modules/home-manager-modules/programs/libreoffice.nix +++ b/modules/home-manager-modules/programs/libreoffice.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/libreoffice" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/makemkv.nix b/modules/home-manager-modules/programs/makemkv.nix index e158c07..e92c3d3 100644 --- a/modules/home-manager-modules/programs/makemkv.nix +++ b/modules/home-manager-modules/programs/makemkv.nix @@ -30,7 +30,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ ".MakeMKV" ]; diff --git a/modules/home-manager-modules/programs/mapillary-uploader.nix b/modules/home-manager-modules/programs/mapillary-uploader.nix index 7fb416e..df1f093 100644 --- a/modules/home-manager-modules/programs/mapillary-uploader.nix +++ b/modules/home-manager-modules/programs/mapillary-uploader.nix @@ -17,11 +17,12 @@ in { } ( mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/obs.nix b/modules/home-manager-modules/programs/obs.nix index 5e226cc..bfdba90 100644 --- a/modules/home-manager-modules/programs/obs.nix +++ b/modules/home-manager-modules/programs/obs.nix @@ -6,10 +6,11 @@ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/obs-studio" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/obsidian.nix b/modules/home-manager-modules/programs/obsidian.nix index 91b59b3..824563d 100644 --- a/modules/home-manager-modules/programs/obsidian.nix +++ b/modules/home-manager-modules/programs/obsidian.nix @@ -6,7 +6,7 @@ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/obsidian" ]; diff --git a/modules/home-manager-modules/programs/olympus.nix b/modules/home-manager-modules/programs/olympus.nix index 2be0084..0e38eec 100644 --- a/modules/home-manager-modules/programs/olympus.nix +++ b/modules/home-manager-modules/programs/olympus.nix @@ -23,11 +23,12 @@ in { } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/olympus" "${config.xdg.dataHome}/olympus" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/openrgb.nix b/modules/home-manager-modules/programs/openrgb.nix index 94636fc..c9d5e14 100644 --- a/modules/home-manager-modules/programs/openrgb.nix +++ b/modules/home-manager-modules/programs/openrgb.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/OpenRGB" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/picard.nix b/modules/home-manager-modules/programs/picard.nix index a6a7887..bc37b86 100644 --- a/modules/home-manager-modules/programs/picard.nix +++ b/modules/home-manager-modules/programs/picard.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/MusicBrainz" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/prostudiomasters.nix b/modules/home-manager-modules/programs/prostudiomasters.nix index 3653ae4..5345169 100644 --- a/modules/home-manager-modules/programs/prostudiomasters.nix +++ b/modules/home-manager-modules/programs/prostudiomasters.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/ProStudioMasters" ]; diff --git a/modules/home-manager-modules/programs/protonvpn.nix b/modules/home-manager-modules/programs/protonvpn.nix index d04c012..513a610 100644 --- a/modules/home-manager-modules/programs/protonvpn.nix +++ b/modules/home-manager-modules/programs/protonvpn.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/Proton" diff --git a/modules/home-manager-modules/programs/qbittorrent.nix b/modules/home-manager-modules/programs/qbittorrent.nix index 37fd464..61d13c0 100644 --- a/modules/home-manager-modules/programs/qbittorrent.nix +++ b/modules/home-manager-modules/programs/qbittorrent.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qBittorrent" ]; diff --git a/modules/home-manager-modules/programs/qflipper.nix b/modules/home-manager-modules/programs/qflipper.nix index 8261f5e..8b42766 100644 --- a/modules/home-manager-modules/programs/qflipper.nix +++ b/modules/home-manager-modules/programs/qflipper.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/qFlipper" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/signal.nix b/modules/home-manager-modules/programs/signal.nix index 3dae867..7db23a7 100644 --- a/modules/home-manager-modules/programs/signal.nix +++ b/modules/home-manager-modules/programs/signal.nix @@ -16,7 +16,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/Signal" ]; diff --git a/modules/home-manager-modules/programs/steam.nix b/modules/home-manager-modules/programs/steam.nix index 98b970f..fd98cb6 100644 --- a/modules/home-manager-modules/programs/steam.nix +++ b/modules/home-manager-modules/programs/steam.nix @@ -18,13 +18,14 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ { directory = "${config.xdg.dataHome}/Steam"; method = "symlink"; } ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/tor-browser.nix b/modules/home-manager-modules/programs/tor-browser.nix index e13dd4c..c3b085d 100644 --- a/modules/home-manager-modules/programs/tor-browser.nix +++ b/modules/home-manager-modules/programs/tor-browser.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.dataHome}/torbrowser" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/ungoogled-chromium.nix b/modules/home-manager-modules/programs/ungoogled-chromium.nix index 8ca8ec0..ef6a881 100644 --- a/modules/home-manager-modules/programs/ungoogled-chromium.nix +++ b/modules/home-manager-modules/programs/ungoogled-chromium.nix @@ -16,10 +16,11 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/chromium" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/via.nix b/modules/home-manager-modules/programs/via.nix index acf2d8c..0aa58e4 100644 --- a/modules/home-manager-modules/programs/via.nix +++ b/modules/home-manager-modules/programs/via.nix @@ -16,11 +16,12 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ "${config.xdg.configHome}/via" "${config.xdg.dataHome}/via" ]; + allowOther = true; }; } ) diff --git a/modules/home-manager-modules/programs/vmware-workstation.nix b/modules/home-manager-modules/programs/vmware-workstation.nix index 30ae692..8e9d406 100644 --- a/modules/home-manager-modules/programs/vmware-workstation.nix +++ b/modules/home-manager-modules/programs/vmware-workstation.nix @@ -17,7 +17,7 @@ } ( lib.mkIf config.impermanence.enable { - home.persistence."/persist/home" = { + home.persistence."/persist${config.home.homeDirectory}" = { directories = [ { directory = ".vmware"; @@ -28,6 +28,7 @@ method = "symlink"; } ]; + allowOther = true; }; } ) diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix index 4f231bf..33b4706 100644 --- a/modules/nixos-modules/storage/impermanence.nix +++ b/modules/nixos-modules/storage/impermanence.nix @@ -80,15 +80,6 @@ in { programs.fuse.userAllowOther = true; - fileSystems = - lib.mapAttrs' ( - datasetName: dataset: - lib.nameValuePair "/${datasetName}" { - neededForBoot = true; - } - ) - config.storage.impermanence.datasets; - environment.persistence = lib.mapAttrs (datasetName: dataset: { enable = true; @@ -110,6 +101,7 @@ in { }) (lib.filterAttrs (_: fileConfig: fileConfig.enable) dataset.files); }) config.storage.impermanence.datasets; + # TODO: need for boot on filesystems } (lib.mkIf config.storage.zfs.enable { storage.zfs.datasets = diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix index e9f740b..d6a2a2b 100644 --- a/modules/nixos-modules/storage/storage.nix +++ b/modules/nixos-modules/storage/storage.nix @@ -35,19 +35,17 @@ }; } (lib.mkIf (!config.storage.impermanence.enable) { - storage.zfs.rootDataset = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/"; - }; - compression = "lz4"; - acltype = "posixacl"; - relatime = "on"; - xattr = "sa"; - snapshot = { - autoSnapshot = true; - blankSnapshot = true; + # TODO: create datasets for systemd.services..storage.impermanence.datasets + storage.zfs.datasets = { + "persist/system/root" = { + type = "zfs_fs"; + mount = { + enable = false; + mountPoint = "/"; + }; + snapshot = { + autoSnapshot = true; + }; }; }; }) @@ -72,8 +70,8 @@ storage.impermanence.datasets = { "persist/system/root" = { mount = { - enable = true; - mountPoint = "/persist/system/root"; + enable = false; + mountPoint = "/"; }; directories = { "/var/lib/nixos".enable = true; @@ -83,12 +81,6 @@ "/etc/machine-id".enable = true; }; }; - "persist/home" = { - mount = { - enable = true; - mountPoint = "/persist/home"; - }; - }; }; # TODO: home-manager.users..storage.impermanence.enable diff --git a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix index 0104b88..7154e90 100644 --- a/modules/nixos-modules/storage/submodules/impermanenceDataset.nix +++ b/modules/nixos-modules/storage/submodules/impermanenceDataset.nix @@ -14,14 +14,14 @@ args @ {lib, ...}: {name, ...}: let owner = { name = lib.mkOption { type = lib.types.str; - default = "root"; + default = "nouser"; }; permissions = pathPermissions; }; group = { name = lib.mkOption { type = lib.types.str; - default = "root"; + default = "nogroup"; }; permissions = pathPermissions; }; diff --git a/modules/nixos-modules/users.nix b/modules/nixos-modules/users.nix index bf45ac9..3385a83 100644 --- a/modules/nixos-modules/users.nix +++ b/modules/nixos-modules/users.nix @@ -400,52 +400,74 @@ in { }; } (lib.mkIf config.storage.impermanence.enable (lib.mkMerge [ - (lib.mkIf config.storage.zfs.enable (lib.mkMerge [ - { - # sops age key needs to be available to pre persist for user generation - storage.zfs.datasets = lib.mkMerge [ - { - "local/system/sops" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = SOPS_AGE_KEY_DIRECTORY; - }; - atime = "off"; - relatime = "off"; - }; - } - (lib.mkMerge ( - builtins.map (user: { - "local/home/${user.name}" = { - type = "zfs_fs"; - mount = { - enable = true; - mountPoint = "/home/${user.name}"; - }; - snapshot.blankSnapshot = true; - }; - }) - normalUsers - )) - ]; - - # Post resume commands to rollback user home datasets to blank snapshots - boot.initrd.postResumeCommands = lib.mkAfter ( - lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") - normalUsers) - ); - - # Create persist home directories with proper permissions - systemd = { - tmpfiles.rules = - builtins.map ( - user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" - ) - normalUsers; + (lib.mkIf config.storage.zfs.enable { + storage.zfs.datasets."persist/system/sops" = { + type = "zfs_fs"; + mount = { + enable = true; + mountPoint = SOPS_AGE_KEY_DIRECTORY; }; - } - ])) + atime = "off"; + relatime = "off"; + }; + }) ])) + # (lib.mkIf config.host.impermanence.enable { + # boot.initrd.postResumeCommands = lib.mkAfter ( + # lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/local/home/${user.name}@blank") + # normalUsers) + # ); + + # systemd = { + # tmpfiles.rules = + # builtins.map ( + # user: "d /persist/home/${user.name} 700 ${user.name} ${user.name} -" + # ) + # normalUsers; + # }; + + # fileSystems = lib.mkMerge [ + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/persist/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ( + # builtins.listToAttrs ( + # builtins.map (user: + # lib.attrsets.nameValuePair "/home/${user.name}" { + # neededForBoot = true; + # }) + # normalUsers + # ) + # ) + # ]; + + # host.storage.pool.extraDatasets = lib.mkMerge ( + # ( + # builtins.map (user: { + # "local/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/home/${user.name}"; + # options = { + # canmount = "on"; + # }; + # postCreateHook = '' + # zfs snapshot rpool/local/home/${user.name}@blank + # ''; + # }; + # "persist/home/${user.name}" = { + # type = "zfs_fs"; + # mountpoint = "/persist/home/${user.name}"; + # }; + # }) + # normalUsers + # ) + # ); + # }) ]; }