jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

storage-refactor #9

Open
jan-leila wants to merge 40 commits from storage-refactor into main
pull from: storage-refactor
merge into: jan-leila:main
Conversation 0 Commits 40 Files changed 118 +1663 -1370
118 changed files with 1663 additions and 1370 deletions
Download patch file Download diff file Expand all files Collapse all files

2
configurations/home-manager/leyla/default.nix
View file

@ -12,7 +12,7 @@
]; ];
config = { config = {
impermanence.enable = osConfig.host.impermanence.enable; impermanence.enable = osConfig.storage.impermanence.enable;
# Home Manager needs a bit of information about you and the paths it should # Home Manager needs a bit of information about you and the paths it should
# manage. # manage.

3
configurations/home-manager/leyla/impermanence.nix
View file

@ -4,7 +4,7 @@
... ...
}: { }: {
config = lib.mkIf (config.impermanence.enable) { config = lib.mkIf (config.impermanence.enable) {
home.persistence."/persist/home/leyla" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"desktop" "desktop"
"downloads" "downloads"
@ -14,7 +14,6 @@
".bash_history" # keep shell history around ".bash_history" # keep shell history around
"${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files "${config.xdg.dataHome}/recently-used.xbel" # gnome recently viewed files
]; ];
allowOther = true;
}; };
}; };
} }

85
configurations/nixos/defiant/configuration.nix
View file

@ -33,44 +33,6 @@
isPrincipleUser = true; isPrincipleUser = true;
}; };
}; };
impermanence.enable = true;
storage = {
enable = true;
encryption = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "noreply@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = {
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
bootDrives = ["nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"];
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
cache = [
"nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F"
];
};
};
network_storage = { network_storage = {
enable = true; enable = true;
directories = [ directories = [
@ -104,6 +66,53 @@
}; };
}; };
storage = {
zfs = {
enable = true;
notifications = {
enable = true;
host = "smtp.protonmail.ch";
port = 587;
to = "leyla@jan-leila.com";
user = "noreply@jan-leila.com";
tokenFile = config.sops.secrets."services/zfs_smtp_token".path;
};
pool = {
encryption = {
enable = true;
};
vdevs = [
[
"ata-ST18000NE000-3G6101_ZVTCXVEB"
"ata-ST18000NE000-3G6101_ZVTCXWSC"
"ata-ST18000NE000-3G6101_ZVTD10EH"
"ata-ST18000NT001-3NF101_ZVTE0S3Q"
"ata-ST18000NT001-3NF101_ZVTEF27J"
"ata-ST18000NE000-3G6101_ZVTJ7359"
]
[
"ata-ST4000NE001-2MA101_WS2275P3"
"ata-ST4000NE001-2MA101_WS227B9F"
"ata-ST4000NE001-2MA101_WS227CEW"
"ata-ST4000NE001-2MA101_WS227CYN"
"ata-ST4000NE001-2MA101_WS23TBWV"
"ata-ST4000NE001-2MA101_WS23TC5F"
]
];
# We are having to boot off of the nvm cache drive because I cant figure out how to boot via the HBA
cache = [
{
device = "nvme-Samsung_SSD_990_PRO_4TB_S7KGNU0X907881F";
boot = true;
}
];
};
};
impermanence = {
enable = true;
};
};
systemd.network = { systemd.network = {
enable = true; enable = true;

14
configurations/nixos/emergent/configuration.nix
View file

@ -59,12 +59,22 @@
hardware = { hardware = {
piperMouse.enable = true; piperMouse.enable = true;
}; };
};
storage = { storage = {
zfs = {
enable = true; enable = true;
pool = { pool = {
mode = ""; mode = "stripe";
drives = ["wwn-0x5000039fd0cf05eb"]; vdevs = [
[
{
device = "wwn-0x5000039fd0cf05eb";
boot = true;
}
]
];
cache = [];
}; };
}; };
}; };

19
flake.lock generated
View file

@ -147,16 +147,25 @@
} }
}, },
"impermanence": { "impermanence": {
"inputs": {
"home-manager": [
"home-manager"
],
"nixpkgs": [
"nixpkgs"
]
},
"locked": { "locked": {
"lastModified": 1737831083, "lastModified": 1762761176,
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", "narHash": "sha256-i3gM8fUozQrgZIbwVNlTuhLqPSl56zxAYpsQpQ9Lhro=",
"owner": "nix-community", "owner": "jan-leila",
"repo": "impermanence", "repo": "impermanence",
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", "rev": "ffbe1ca47cf4b3008c3aa5c49cdae294d8c8058a",
"type": "github" "type": "github"
}, },
"original": { "original": {
"owner": "nix-community", "owner": "jan-leila",
"ref": "home-manager-v2",
"repo": "impermanence", "repo": "impermanence",
"type": "github" "type": "github"
} }

4
flake.nix
View file

@ -36,7 +36,9 @@
# delete your darlings # delete your darlings
impermanence = { impermanence = {
url = "github:nix-community/impermanence"; url = "github:jan-leila/impermanence/home-manager-v2";
inputs.nixpkgs.follows = "nixpkgs";
inputs.home-manager.follows = "home-manager";
}; };
nix-darwin = { nix-darwin = {

7
modules/home-manager-modules/impermanence.nix
View file

@ -18,17 +18,16 @@ in {
(lib.mkIf config.impermanence.enable { (lib.mkIf config.impermanence.enable {
assertions = [ assertions = [
{ {
assertion = osConfig.host.impermanence.enable; assertion = osConfig.storage.impermanence.enable;
message = "impermanence can not be enabled for a user when it is not enabled for the system"; message = "impermanence can not be enabled for a user when it is not enabled for the system";
} }
]; ];
}) })
# If impermanence is not enabled for this user but system impermanence is enabled, # If impermanence is not enabled for this user but system impermanence is enabled,
# persist the entire home directory as fallback # persist the entire home directory as fallback
(lib.mkIf (osConfig.host.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) { (lib.mkIf (osConfig.storage.impermanence.enable && !cfg.enable && cfg.fallbackPersistence.enable) {
home.persistence."/persist/home/${config.home.username}" = { home.persistence."/persist/replicate/home" = {
directories = ["."]; directories = ["."];
allowOther = true;
}; };
}) })
]; ];

2
modules/home-manager-modules/openssh.nix
View file

@ -96,7 +96,7 @@
} }
) )
(lib.mkIf config.impermanence.enable { (lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
files = lib.lists.flatten ( files = lib.lists.flatten (
builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys builtins.map (hostKey: [".ssh/${hostKey.path}" ".ssh/${hostKey.path}.pub"]) config.programs.openssh.hostKeys
); );

8
modules/home-manager-modules/programs/anki.nix
View file

@ -1,15 +1,13 @@
{ {
lib, lib,
config, config,
osConfig,
... ...
}: { }: {
config = lib.mkIf (config.programs.anki.enable && osConfig.host.impermanence.enable) { config = lib.mkIf (config.programs.anki.enable && config.impermanence.enable) {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.dataHome}/Anki2/" ".local/share/Anki2"
]; ];
allowOther = true;
}; };
}; };
} }

3
modules/home-manager-modules/programs/bitwarden.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/Bitwarden" "${config.xdg.configHome}/Bitwarden"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/bruno.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/bruno/" "${config.xdg.configHome}/bruno/"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/calibre.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/calibre" "${config.xdg.configHome}/calibre"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/davinci-resolve.nix
View file

@ -16,12 +16,11 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.dataHome}/DaVinciResolve" "${config.xdg.dataHome}/DaVinciResolve"
"${config.xdg.configHome}/blackmagic" "${config.xdg.configHome}/blackmagic"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/dbeaver.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.dataHome}/DBeaverData/" "${config.xdg.dataHome}/DBeaverData/"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/discord.nix
View file

@ -6,11 +6,10 @@
config = lib.mkIf config.programs.discord.enable (lib.mkMerge [ config = lib.mkIf config.programs.discord.enable (lib.mkMerge [
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/discord/" "${config.xdg.configHome}/discord/"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/firefox.nix
View file

@ -22,11 +22,10 @@
# Extension configuration # Extension configuration
".mozilla/firefox/${profile}/extension-settings.json" ".mozilla/firefox/${profile}/extension-settings.json"
]; ];
allowOther = true;
}; };
in { in {
config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) { config = lib.mkIf (config.programs.firefox.enable && config.impermanence.enable) {
home.persistence."/persist${config.home.homeDirectory}" = lib.mkMerge ( home.persistence."/persist/replicate/home" = lib.mkMerge (
( (
lib.attrsets.mapAttrsToList lib.attrsets.mapAttrsToList
(profile: _: buildProfilePersistence profile) (profile: _: buildProfilePersistence profile)

3
modules/home-manager-modules/programs/freecad.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/FreeCAD" "${config.xdg.configHome}/FreeCAD"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/gimp.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/GIMP" "${config.xdg.configHome}/GIMP"
]; ];
allowOther = true;
}; };
} }
) )

2
modules/home-manager-modules/programs/idea.nix
View file

@ -16,7 +16,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
# configuration # configuration
"${config.xdg.configHome}/JetBrains/" "${config.xdg.configHome}/JetBrains/"

3
modules/home-manager-modules/programs/inkscape.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/inkscape" "${config.xdg.configHome}/inkscape"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/kdenlive.nix
View file

@ -23,12 +23,11 @@ in {
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/kdenliverc" "${config.xdg.configHome}/kdenliverc"
"${config.xdg.dataHome}/kdenlive" "${config.xdg.dataHome}/kdenlive"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/krita.nix
View file

@ -16,12 +16,11 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/kritarc" "${config.xdg.configHome}/kritarc"
"${config.xdg.dataHome}/krita" "${config.xdg.dataHome}/krita"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/libreoffice.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/libreoffice" "${config.xdg.configHome}/libreoffice"
]; ];
allowOther = true;
}; };
} }
) )

2
modules/home-manager-modules/programs/makemkv.nix
View file

@ -30,7 +30,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
".MakeMKV" ".MakeMKV"
]; ];

3
modules/home-manager-modules/programs/mapillary-uploader.nix
View file

@ -17,12 +17,11 @@ in {
} }
( (
mkIf config.impermanence.enable { mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/mapillary-uploader" "${config.xdg.configHome}/mapillary-uploader"
"${config.xdg.dataHome}/mapillary-uploader" "${config.xdg.dataHome}/mapillary-uploader"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/obs.nix
View file

@ -6,11 +6,10 @@
config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [ config = lib.mkIf config.programs.obs-studio.enable (lib.mkMerge [
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/obs-studio" "${config.xdg.configHome}/obs-studio"
]; ];
allowOther = true;
}; };
} }
) )

2
modules/home-manager-modules/programs/obsidian.nix
View file

@ -6,7 +6,7 @@
config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [ config = lib.mkIf config.programs.obsidian.enable (lib.mkMerge [
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/obsidian" "${config.xdg.configHome}/obsidian"
]; ];

3
modules/home-manager-modules/programs/olympus.nix
View file

@ -23,12 +23,11 @@ in {
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/olympus" "${config.xdg.configHome}/olympus"
"${config.xdg.dataHome}/olympus" "${config.xdg.dataHome}/olympus"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/openrgb.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/OpenRGB" "${config.xdg.configHome}/OpenRGB"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/picard.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/MusicBrainz" "${config.xdg.configHome}/MusicBrainz"
]; ];
allowOther = true;
}; };
} }
) )

2
modules/home-manager-modules/programs/prostudiomasters.nix
View file

@ -16,7 +16,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/ProStudioMasters" "${config.xdg.configHome}/ProStudioMasters"
]; ];

2
modules/home-manager-modules/programs/protonvpn.nix
View file

@ -16,7 +16,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/protonvpn" "${config.xdg.configHome}/protonvpn"
"${config.xdg.configHome}/Proton" "${config.xdg.configHome}/Proton"

2
modules/home-manager-modules/programs/qbittorrent.nix
View file

@ -16,7 +16,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/qBittorrent" "${config.xdg.configHome}/qBittorrent"
]; ];

3
modules/home-manager-modules/programs/qflipper.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/qFlipper" "${config.xdg.configHome}/qFlipper"
]; ];
allowOther = true;
}; };
} }
) )

2
modules/home-manager-modules/programs/signal.nix
View file

@ -16,7 +16,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/Signal" "${config.xdg.configHome}/Signal"
]; ];

3
modules/home-manager-modules/programs/steam.nix
View file

@ -18,14 +18,13 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
{ {
directory = "${config.xdg.dataHome}/Steam"; directory = "${config.xdg.dataHome}/Steam";
method = "symlink"; method = "symlink";
} }
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/tor-browser.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.dataHome}/torbrowser" "${config.xdg.dataHome}/torbrowser"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/ungoogled-chromium.nix
View file

@ -16,11 +16,10 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/chromium" "${config.xdg.configHome}/chromium"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/via.nix
View file

@ -16,12 +16,11 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
"${config.xdg.configHome}/via" "${config.xdg.configHome}/via"
"${config.xdg.dataHome}/via" "${config.xdg.dataHome}/via"
]; ];
allowOther = true;
}; };
} }
) )

3
modules/home-manager-modules/programs/vmware-workstation.nix
View file

@ -17,7 +17,7 @@
} }
( (
lib.mkIf config.impermanence.enable { lib.mkIf config.impermanence.enable {
home.persistence."/persist${config.home.homeDirectory}" = { home.persistence."/persist/replicate/home" = {
directories = [ directories = [
{ {
directory = ".vmware"; directory = ".vmware";
@ -28,7 +28,6 @@
method = "symlink"; method = "symlink";
} }
]; ];
allowOther = true;
}; };
} }
) )

9
modules/nixos-modules/default.nix
View file

@ -8,14 +8,13 @@
./desktop.nix ./desktop.nix
./ssh.nix ./ssh.nix
./i18n.nix ./i18n.nix
./sync.nix ./sync
./impermanence.nix ./ollama
./disko.nix
./ollama.nix
./ai.nix ./ai.nix
./tailscale.nix ./tailscale
./steam.nix ./steam.nix
./server ./server
./storage
]; ];
nixpkgs.config.permittedInsecurePackages = [ nixpkgs.config.permittedInsecurePackages = [

267
modules/nixos-modules/disko.nix
View file

@ -1,267 +0,0 @@
{
lib,
pkgs,
config,
inputs,
...
}: let
# there currently is a bug with disko that causes long disk names to be generated improperly this hash function should alleviate it when used for disk names instead of what we are defaulting to
# max gpt length is 36 and disk adds formats it like disk-xxxx-zfs which means we need to be 9 characters under that
hashDisk = drive: (builtins.substring 0 27 (builtins.hashString "sha256" drive));
vdevs =
builtins.map (
disks:
builtins.map (disk: lib.attrsets.nameValuePair (hashDisk disk) disk) disks
)
config.host.storage.pool.vdevs;
cache =
builtins.map (
disk: lib.attrsets.nameValuePair (hashDisk disk) disk
)
config.host.storage.pool.cache;
datasets = config.host.storage.pool.datasets // config.host.storage.pool.extraDatasets;
in {
options.host.storage = {
enable = lib.mkEnableOption "are we going create zfs disks with disko on this device";
encryption = lib.mkEnableOption "is the vdev going to be encrypted";
notifications = {
enable = lib.mkEnableOption "are notifications enabled";
host = lib.mkOption {
type = lib.types.str;
description = "what is the host that we are going to send the email to";
};
port = lib.mkOption {
type = lib.types.port;
description = "what port is the host using to receive mail on";
};
to = lib.mkOption {
type = lib.types.str;
description = "what account is the email going to be sent to";
};
user = lib.mkOption {
type = lib.types.str;
description = "what user is the email going to be set from";
};
tokenFile = lib.mkOption {
type = lib.types.str;
description = "file containing the password to be used by msmtp for notifications";
};
};
pool = {
mode = lib.mkOption {
type = lib.types.str;
default = "raidz2";
description = "what level of redundancy should this pool have";
};
# list of drives in pool that will have a boot partition put onto them
bootDrives = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "list of disks that are going to have a boot partition installed on them";
default = lib.lists.flatten config.host.storage.pool.vdevs;
};
# shorthand for vdevs if you only have 1 vdev
drives = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "list of drives that are going to be in the vdev";
default = [];
};
# list of all drives in each vdev
vdevs = lib.mkOption {
type = lib.types.listOf (lib.types.listOf lib.types.str);
description = "list of disks that are going to be in";
default = [config.host.storage.pool.drives];
};
# list of cache drives for pool
cache = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "list of drives that are going to be used as cache";
default = [];
};
# Default datasets that are needed to make a functioning system
datasets = lib.mkOption {
type = lib.types.attrsOf (inputs.disko.lib.subType {
types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;};
});
default = {
"local" = {
type = "zfs_fs";
options.canmount = "off";
};
# nix directory needs to be available pre persist and doesn't need to be snapshotted or backed up
"local/system/nix" = {
type = "zfs_fs";
mountpoint = "/nix";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
# dataset for root that gets rolled back on every boot
"local/system/root" = {
type = "zfs_fs";
mountpoint = "/";
options = {
canmount = "on";
};
postCreateHook = ''
zfs snapshot rpool/local/system/root@blank
'';
};
};
};
extraDatasets = lib.mkOption {
type = lib.types.attrsOf (inputs.disko.lib.subType {
types = {inherit (inputs.disko.lib.types) zfs_fs zfs_volume;};
});
description = "List of datasets to define";
default = {};
};
};
};
config = lib.mkIf config.host.storage.enable {
programs.msmtp = lib.mkIf config.host.storage.notifications.enable {
enable = true;
setSendmail = true;
defaults = {
aliases = "/etc/aliases";
port = config.host.storage.notifications.port;
tls_trust_file = "/etc/ssl/certs/ca-certificates.crt";
tls = "on";
auth = "login";
tls_starttls = "off";
};
accounts = {
zfs_notifications = {
auth = true;
tls = true;
host = config.host.storage.notifications.host;
passwordeval = "cat ${config.host.storage.notifications.tokenFile}";
user = config.host.storage.notifications.user;
from = config.host.storage.notifications.user;
};
};
};
services.zfs = {
autoScrub.enable = true;
autoSnapshot.enable = true;
zed = lib.mkIf config.host.storage.notifications.enable {
enableMail = true;
settings = {
ZED_DEBUG_LOG = "/tmp/zed.debug.log";
ZED_EMAIL_ADDR = [config.host.storage.notifications.to];
ZED_EMAIL_PROG = "${pkgs.msmtp}/bin/msmtp";
ZED_EMAIL_OPTS = "-a zfs_notifications @ADDRESS@";
ZED_NOTIFY_INTERVAL_SECS = 3600;
ZED_NOTIFY_VERBOSE = true;
ZED_USE_ENCLOSURE_LEDS = true;
ZED_SCRUB_AFTER_RESILVER = true;
};
};
};
disko.devices = {
disk = (
builtins.listToAttrs (
builtins.map
(drive:
lib.attrsets.nameValuePair (drive.name) {
type = "disk";
device = "/dev/disk/by-id/${drive.value}";
content = {
type = "gpt";
partitions = {
ESP = lib.mkIf (builtins.elem drive.value config.host.storage.pool.bootDrives) {
# The 2GB here for the boot partition might be a bit overkill we probably only need like 1/4th of that but storage is cheap
size = "2G";
type = "EF00";
content = {
type = "filesystem";
format = "vfat";
mountpoint = "/boot";
mountOptions = ["umask=0077"];
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "rpool";
};
};
};
};
})
(
(lib.lists.flatten vdevs) ++ cache
)
)
);
zpool = {
rpool = {
type = "zpool";
mode = {
topology = {
type = "topology";
vdev = (
builtins.map (disks: {
mode = config.host.storage.pool.mode;
members =
builtins.map (disk: disk.name) disks;
})
vdevs
);
cache = builtins.map (disk: disk.name) cache;
};
};
options = {
ashift = "12";
autotrim = "on";
};
rootFsOptions =
{
canmount = "off";
mountpoint = "none";
xattr = "sa";
acltype = "posixacl";
relatime = "on";
compression = "lz4";
"com.sun:auto-snapshot" = "false";
}
// (
lib.attrsets.optionalAttrs config.host.storage.encryption {
encryption = "on";
keyformat = "hex";
keylocation = "prompt";
}
);
datasets = lib.mkMerge [
(
lib.attrsets.mapAttrs (name: value: {
type = value.type;
options = value.options;
mountpoint = value.mountpoint;
postCreateHook = value.postCreateHook;
})
datasets
)
];
};
};
};
};
}

134
modules/nixos-modules/impermanence.nix
View file

@ -1,134 +0,0 @@
{
config,
lib,
...
}: {
# options.storage = {
# zfs = {
# # TODO: enable option
# # when this option is enabled we need to configure and enable disko things
# # TODO: we need some way of managing notifications
# # TODO: we need options to configure zfs pools
# # we should have warnings when the configured pool is missing drives
# # TODO: dataset option that is a submodule that adds datasets to the system
# # warnings for when a dataset was created in the past on a system but it is now missing some of the options defined for it
# # TODO: pools and datasets need to be passed to disko
# };
# impermanence = {
# # TODO: enable option
# # TODO: datasets option that is a submodule that will be used to define what datasets to add to the storage system
# # We should by default create the `local`, `local/system/nix`, `local/system/root`, `persist` `persist/system/root`, and `persist/system/var/log` datasets
# # Then we should make a dataset for user folders local and persist
# # We should also create datasets for systemd modules that have have impermanence enabled for them
# # we need to figure out what options a dataset can have in zfs
# };
# # TODO: we should have an impermanence module for home manager that proxies its values namespaced to the user down here that matches the same interface
# # TODO: we should have a way of enabling impermanence for a systemd config
# # these should have an option to put their folder into their own dataset (this needs to support private vs non private)
# # options for features that can be added to the dataset
# };
options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device";
config = lib.mkMerge [
{
assertions = [
{
assertion = !(config.host.impermanence.enable && !config.host.storage.enable);
message = ''
Disko storage must be enabled to use impermanence.
'';
}
];
}
(
lib.mkIf config.host.impermanence.enable {
assertions = [
{
assertion = config.host.impermanence.enable && config.host.storage.enable;
message = "Impermanence can not be used without managed host storage.";
}
];
# fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254
system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"];
system.activationScripts = {
"var-lib-private-permissions" = {
deps = ["specialfs"];
text = ''
mkdir -p /persist/system/root/var/lib/private
chmod 0700 /persist/system/root/var/lib/private
'';
};
};
programs.fuse.userAllowOther = true;
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
'';
fileSystems = {
"/".neededForBoot = true;
"/persist/system/root".neededForBoot = true;
"/persist/system/var/log".neededForBoot = true;
};
host.storage.pool.extraDatasets = {
# persist datasets are datasets that contain information that we would like to keep around
"persist" = {
type = "zfs_fs";
options.canmount = "off";
options = {
"com.sun:auto-snapshot" = "true";
};
};
# this is where root data actually lives
"persist/system/root" = {
type = "zfs_fs";
mountpoint = "/persist/system/root";
};
"persist/system/var/log" = {
type = "zfs_fs";
mountpoint = "/persist/system/var/log";
# logs should be append only so we shouldn't need to snapshot them
options = {
"com.sun:auto-snapshot" = "false";
};
};
};
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
];
};
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
"/var/lib/nixos"
"/var/lib/systemd/coredump"
];
files = [
"/etc/machine-id"
];
};
# TODO: this should live in leylas home manager configuration
security.sudo.extraConfig = "Defaults lecture=never";
}
)
];
}

6
modules/nixos-modules/ollama/default.nix Normal file
View file

@ -0,0 +1,6 @@
{...}: {
imports = [
./ollama.nix
./storage.nix
];
}

14
modules/nixos-modules/ollama.nix → modules/nixos-modules/ollama/ollama.nix
View file

@ -27,20 +27,6 @@
allowedUDPPorts = ports; allowedUDPPorts = ports;
}; };
})) }))
(lib.mkIf config.host.impermanence.enable {
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = "/var/lib/private/ollama";
user = config.services.ollama.user;
group = config.services.ollama.group;
mode = "0700";
}
];
};
})
] ]
); );
} }

37
modules/nixos-modules/ollama/storage.nix Normal file
View file

@ -0,0 +1,37 @@
{
config,
lib,
...
}: {
options = {
services.ollama.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.ollama.enable && config.storage.impermanence.enable;
};
};
config = lib.mkIf (config.services.ollama.enable) {
storage.datasets.replicate."system/root" = {
directories."/var/lib/private/ollama" = lib.mkIf config.services.ollama.impermanence.enable {
enable = true;
owner.name = config.services.ollama.user;
group.name = config.services.ollama.group;
owner.permissions = {
read = true;
write = true;
execute = false;
};
group.permissions = {
read = false;
write = false;
execute = false;
};
other.permissions = {
read = false;
write = false;
execute = false;
};
};
};
};
}

2
modules/nixos-modules/server/actual/default.nix
View file

@ -3,6 +3,6 @@
./actual.nix ./actual.nix
./proxy.nix ./proxy.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
} }

37
modules/nixos-modules/server/actual/impermanence.nix
View file

@ -1,37 +0,0 @@
{
lib,
config,
...
}: let
const = import ./const.nix;
dataDirectory = const.dataDirectory;
in {
options.services.actual = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.actual.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.actual.impermanence.enable {
assertions = [
{
assertion = config.services.actual.settings.dataDir == dataDirectory;
message = "actual data location does not match persistence\nconfig directory: ${config.services.actual.settings.dataDir}\npersistence directory: ${dataDirectory}";
}
{
assertion = config.systemd.services.actual.serviceConfig.DynamicUser or false;
message = "actual systemd service must have DynamicUser enabled to use private directory";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataDirectory;
user = "actual";
group = "actual";
}
];
};
};
}

22
modules/nixos-modules/server/actual/storage.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
config,
...
}: let
const = import ./const.nix;
dataDirectory = const.dataDirectory;
in {
options.services.actual.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.actual.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.actual.enable {
storage.datasets.replicate."system/root" = {
directories."${dataDirectory}" = lib.mkIf config.services.actual.impermanence.enable {
owner.name = "actual";
group.name = "actual";
};
};
};
}

2
modules/nixos-modules/server/bazarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/bazarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
bazarr_data_directory = "/var/lib/bazarr";
in {
options.services.bazarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.bazarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.bazarr.impermanence.enable {
assertions = [
{
assertion = config.services.bazarr.dataDir == bazarr_data_directory;
message = "bazarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = bazarr_data_directory;
user = "bazarr";
group = "bazarr";
}
];
};
};
}

21
modules/nixos-modules/server/bazarr/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
bazarr_data_directory = "/var/lib/bazarr";
in {
options.services.bazarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.bazarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.bazarr.enable {
storage.datasets.replicate."system/root" = {
directories."${bazarr_data_directory}" = lib.mkIf config.services.bazarr.impermanence.enable {
owner.name = "bazarr";
group.name = "bazarr";
};
};
};
}

2
modules/nixos-modules/server/crab-hole/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./crab-hole.nix ./crab-hole.nix
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/crab-hole/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
workingDirectory = "/var/lib/private/crab-hole";
in {
options.services.crab-hole = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.crab-hole.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.crab-hole.impermanence.enable {
assertions = [
{
assertion =
config.systemd.services.crab-hole.serviceConfig.WorkingDirectory == (builtins.replaceStrings ["/private"] [""] workingDirectory);
message = "crab-hole working directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = workingDirectory;
user = "crab-hole";
group = "crab-hole";
}
];
};
};
}

21
modules/nixos-modules/server/crab-hole/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
workingDirectory = "/var/lib/private/crab-hole";
in {
options.services.crab-hole.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.crab-hole.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.crab-hole.enable {
storage.datasets.replicate."system/root" = {
directories."${workingDirectory}" = lib.mkIf config.services.crab-hole.impermanence.enable {
owner.name = "crab-hole";
group.name = "crab-hole";
};
};
};
}

2
modules/nixos-modules/server/fail2ban/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
} }

34
modules/nixos-modules/server/fail2ban/impermanence.nix
View file

@ -1,34 +0,0 @@
{
lib,
config,
...
}: let
dataFolder = "/var/lib/fail2ban";
dataFile = "fail2ban.sqlite3";
in {
options.services.fail2ban = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.fail2ban.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.fail2ban.impermanence.enable {
assertions = [
{
assertion = config.services.fail2ban.daemonSettings.Definition.dbfile == "${dataFolder}/${dataFile}";
message = "fail2ban data file does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataFolder;
user = "fail2ban";
group = "fail2ban";
}
];
};
};
}

22
modules/nixos-modules/server/fail2ban/storage.nix Normal file
View file

@ -0,0 +1,22 @@
{
lib,
config,
...
}: let
dataFolder = "/var/lib/fail2ban";
dataFile = "fail2ban.sqlite3";
in {
options.services.fail2ban.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.fail2ban.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.fail2ban.enable {
storage.datasets.replicate."system/root" = {
directories."${dataFolder}" = lib.mkIf config.services.fail2ban.impermanence.enable {
owner.name = "fail2ban";
group.name = "fail2ban";
};
};
};
}

2
modules/nixos-modules/server/flaresolverr/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

26
modules/nixos-modules/server/flaresolverr/impermanence.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
...
}: {
options.services.flaresolverr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.flaresolverr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.flaresolverr.impermanence.enable {
# FlareSolverr typically doesn't need persistent storage as it's a proxy service
# but we'll add basic structure in case it's needed for logs or configuration
environment.persistence."/persist/system/root" = {
directories = [
{
directory = "/var/lib/flaresolverr";
user = "flaresolverr";
group = "flaresolverr";
}
];
};
};
}

19
modules/nixos-modules/server/flaresolverr/storage.nix Normal file
View file

@ -0,0 +1,19 @@
{
lib,
config,
...
}: {
options.services.flaresolverr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.flaresolverr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.flaresolverr.enable {
storage.datasets.replicate."system/root" = {
directories."/var/lib/flaresolverr" = lib.mkIf config.services.flaresolverr.impermanence.enable {
owner.name = "flaresolverr";
group.name = "flaresolverr";
};
};
};
}

2
modules/nixos-modules/server/forgejo/default.nix
View file

@ -4,6 +4,6 @@
./proxy.nix ./proxy.nix
./database.nix ./database.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
} }

35
modules/nixos-modules/server/forgejo/impermanence.nix
View file

@ -1,35 +0,0 @@
{
lib,
config,
...
}: let
stateDir = "/var/lib/forgejo";
in {
options.services.forgejo = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.forgejo.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.forgejo.impermanence.enable {
assertions = [
{
assertion = config.services.forgejo.stateDir == stateDir;
message = "forgejo state directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = stateDir;
user = "forgejo";
group = "forgejo";
}
];
};
};
}

21
modules/nixos-modules/server/forgejo/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
stateDir = "/var/lib/forgejo";
in {
options.services.forgejo.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.forgejo.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.forgejo.enable {
storage.datasets.replicate."system/root" = {
directories."${stateDir}" = lib.mkIf config.services.forgejo.impermanence.enable {
owner.name = "forgejo";
group.name = "forgejo";
};
};
};
}

2
modules/nixos-modules/server/home-assistant/default.nix
View file

@ -4,7 +4,7 @@
./proxy.nix ./proxy.nix
./database.nix ./database.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
./extensions ./extensions
]; ];
} }

26
modules/nixos-modules/server/home-assistant/impermanence.nix
View file

@ -1,26 +0,0 @@
{
lib,
config,
...
}: let
configDir = "/var/lib/hass";
in
lib.mkIf (config.host.impermanence.enable && config.services.home-assistant.enable) {
assertions = [
{
assertion = config.services.home-assistant.configDir == configDir;
message = "home assistant config directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = configDir;
user = "hass";
group = "hass";
}
];
};
}

21
modules/nixos-modules/server/home-assistant/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
configDir = "/var/lib/hass";
in {
options.services.home-assistant.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.home-assistant.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.home-assistant.enable {
storage.datasets.replicate."system/root" = {
directories."${configDir}" = lib.mkIf config.services.home-assistant.impermanence.enable {
owner.name = "hass";
group.name = "hass";
};
};
};
}

2
modules/nixos-modules/server/immich/default.nix
View file

@ -3,7 +3,7 @@
./proxy.nix ./proxy.nix
./database.nix ./database.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
# NOTE: This shouldn't be needed now that we are out of testing # NOTE: This shouldn't be needed now that we are out of testing

32
modules/nixos-modules/server/immich/impermanence.nix
View file

@ -1,32 +0,0 @@
{
lib,
config,
...
}: let
mediaLocation = "/var/lib/immich";
in {
options.services.immich = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.immich.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.immich.impermanence.enable {
assertions = [
{
assertion = config.services.immich.mediaLocation == mediaLocation;
message = "immich media location does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = mediaLocation;
user = "immich";
group = "immich";
}
];
};
};
}

21
modules/nixos-modules/server/immich/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
mediaLocation = "/var/lib/immich";
in {
options.services.immich.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.immich.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.immich.enable {
storage.datasets.replicate."system/root" = {
directories."${mediaLocation}" = lib.mkIf config.services.immich.impermanence.enable {
owner.name = "immich";
group.name = "immich";
};
};
};
}

2
modules/nixos-modules/server/jackett/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/jackett/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
jackett_data_directory = "/var/lib/jackett/.config/Jackett";
in {
options.services.jackett = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jackett.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.jackett.impermanence.enable {
assertions = [
{
assertion = config.services.jackett.dataDir == jackett_data_directory;
message = "jackett data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = jackett_data_directory;
user = "jackett";
group = "jackett";
}
];
};
};
}

21
modules/nixos-modules/server/jackett/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
jackett_data_directory = "/var/lib/jackett/.config/Jackett";
in {
options.services.jackett.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jackett.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.jackett.enable {
storage.datasets.replicate."system/root" = {
directories."${jackett_data_directory}" = lib.mkIf config.services.jackett.impermanence.enable {
owner.name = "jackett";
group.name = "jackett";
};
};
};
}

2
modules/nixos-modules/server/jellyfin/default.nix
View file

@ -3,6 +3,6 @@
./jellyfin.nix ./jellyfin.nix
./proxy.nix ./proxy.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
} }

73
modules/nixos-modules/server/jellyfin/impermanence.nix
View file

@ -1,73 +0,0 @@
{
lib,
config,
...
}: let
jellyfin_data_directory = "/var/lib/jellyfin";
jellyfin_cache_directory = "/var/cache/jellyfin";
in {
options.services.jellyfin = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jellyfin.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.jellyfin.impermanence.enable {
fileSystems."/persist/system/jellyfin".neededForBoot = true;
host.storage.pool.extraDatasets = {
# sops age key needs to be available to pre persist for user generation
"persist/system/jellyfin" = {
type = "zfs_fs";
mountpoint = "/persist/system/jellyfin";
options = {
atime = "off";
relatime = "off";
canmount = "on";
};
};
};
assertions = [
{
assertion = config.services.jellyfin.dataDir == jellyfin_data_directory;
message = "jellyfin data directory does not match persistence";
}
{
assertion = config.services.jellyfin.cacheDir == jellyfin_cache_directory;
message = "jellyfin cache directory does not match persistence";
}
];
environment.persistence = {
"/persist/system/root" = {
directories = [
{
directory = jellyfin_data_directory;
user = "jellyfin";
group = "jellyfin";
}
{
directory = jellyfin_cache_directory;
user = "jellyfin";
group = "jellyfin";
}
];
};
"/persist/system/jellyfin" = {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.jellyfin.media_directory;
user = "jellyfin";
group = "jellyfin_media";
mode = "1770";
}
];
};
};
};
}

56
modules/nixos-modules/server/jellyfin/storage.nix Normal file
View file

@ -0,0 +1,56 @@
{
lib,
config,
...
}: let
jellyfin_data_directory = "/var/lib/jellyfin";
jellyfin_cache_directory = "/var/cache/jellyfin";
in {
options.services.jellyfin.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.jellyfin.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.jellyfin.enable {
storage.datasets.replicate = {
"system/root" = {
directories = {
"${jellyfin_data_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin";
};
"${jellyfin_cache_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin";
};
};
};
"system/media" = {
mount = "/persist/replicate/system/media";
directories."${config.services.jellyfin.media_directory}" = lib.mkIf config.services.jellyfin.impermanence.enable {
enable = true;
owner.name = "jellyfin";
group.name = "jellyfin_media";
owner.permissions = {
read = true;
write = true;
execute = true;
};
group.permissions = {
read = true;
write = true;
execute = true;
};
other.permissions = {
read = false;
write = false;
execute = false;
};
};
};
};
};
}

2
modules/nixos-modules/server/lidarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/lidarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr";
in {
options.services.lidarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.lidarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.lidarr.impermanence.enable {
assertions = [
{
assertion = config.services.lidarr.dataDir == lidarr_data_directory;
message = "lidarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = lidarr_data_directory;
user = "lidarr";
group = "lidarr";
}
];
};
};
}

21
modules/nixos-modules/server/lidarr/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
lidarr_data_directory = "/var/lib/lidarr/.config/Lidarr";
in {
options.services.lidarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.lidarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.lidarr.enable {
storage.datasets.replicate."system/root" = {
directories."${lidarr_data_directory}" = lib.mkIf config.services.lidarr.impermanence.enable {
owner.name = "lidarr";
group.name = "lidarr";
};
};
};
}

2
modules/nixos-modules/server/network_storage/network_storage.nix
View file

@ -74,7 +74,7 @@ in {
); );
} }
# (lib.mkIf config.host.impermanence.enable { # (lib.mkIf config.host.impermanence.enable {
# environment.persistence."/persist/system/root" = { # environment.persistence."/persist/replicate/system/root" = {
# enable = true; # enable = true;
# hideMounts = true; # hideMounts = true;
# directories = [ # directories = [

2
modules/nixos-modules/server/panoramax/default.nix
View file

@ -2,7 +2,7 @@
imports = [ imports = [
./proxy.nix ./proxy.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
./panoramax.nix ./panoramax.nix
./database.nix ./database.nix
]; ];

20
modules/nixos-modules/server/panoramax/impermanence.nix
View file

@ -1,20 +0,0 @@
{
lib,
config,
...
}: {
options.services.panoramax = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.panoramax.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.panoramax.impermanence.enable {
# TODO: configure impermanence for panoramax data
# This would typically include directories like:
# - /var/lib/panoramax
# - panoramax storage directories
# - any cache or temporary directories that need to persist
};
}

19
modules/nixos-modules/server/panoramax/storage.nix Normal file
View file

@ -0,0 +1,19 @@
{
lib,
config,
...
}: {
options.services.panoramax.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.panoramax.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.panoramax.enable {
storage.datasets.replicate."system/root" = {
directories."/var/lib/panoramax" = lib.mkIf config.services.panoramax.impermanence.enable {
owner.name = "panoramax";
group.name = "panoramax";
};
};
};
}

2
modules/nixos-modules/server/paperless/default.nix
View file

@ -4,6 +4,6 @@
./proxy.nix ./proxy.nix
./database.nix ./database.nix
./fail2ban.nix ./fail2ban.nix
./impermanence.nix ./storage.nix
]; ];
} }

32
modules/nixos-modules/server/paperless/impermanence.nix
View file

@ -1,32 +0,0 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/paperless";
in {
options.services.paperless = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.paperless.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.paperless.impermanence.enable {
assertions = [
{
assertion = config.services.paperless.dataDir == dataDir;
message = "paperless data location does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = dataDir;
user = "paperless";
group = "paperless";
}
];
};
};
}

21
modules/nixos-modules/server/paperless/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/paperless";
in {
options.services.paperless.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.paperless.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.paperless.enable {
storage.datasets.replicate."system/root" = {
directories."${dataDir}" = lib.mkIf config.services.paperless.impermanence.enable {
owner.name = "paperless";
group.name = "paperless";
};
};
};
}

2
modules/nixos-modules/server/postgres/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./postgres.nix ./postgres.nix
./impermanence.nix ./storage.nix
]; ];
} }

27
modules/nixos-modules/server/postgres/impermanence.nix
View file

@ -1,27 +0,0 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/postgresql/16";
in {
config = lib.mkIf (config.services.postgresql.enable && config.host.impermanence.enable) {
assertions = [
{
assertion = config.services.postgresql.dataDir == dataDir;
message = "postgres data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = dataDir;
user = "postgres";
group = "postgres";
}
];
};
};
}

21
modules/nixos-modules/server/postgres/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
config,
lib,
...
}: let
dataDir = "/var/lib/postgresql/16";
in {
options.services.postgresql.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.postgresql.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.postgresql.enable {
storage.datasets.replicate."system/root" = {
directories."${dataDir}" = lib.mkIf config.services.postgresql.impermanence.enable {
owner.name = "postgres";
group.name = "postgres";
};
};
};
}

2
modules/nixos-modules/server/qbittorent/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./qbittorent.nix ./qbittorent.nix
./impermanence.nix ./storage.nix
]; ];
} }

61
modules/nixos-modules/server/qbittorent/impermanence.nix
View file

@ -1,61 +0,0 @@
{
lib,
config,
...
}: let
qbittorent_profile_directory = "/var/lib/qBittorrent/";
in {
options.services.qbittorrent = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.qbittorrent.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.qbittorrent.impermanence.enable {
fileSystems."/persist/system/qbittorrent".neededForBoot = true;
host.storage.pool.extraDatasets = {
# sops age key needs to be available to pre persist for user generation
"persist/system/qbittorrent" = {
type = "zfs_fs";
mountpoint = "/persist/system/qbittorrent";
options = {
canmount = "on";
};
};
};
assertions = [
{
assertion = config.services.qbittorrent.profileDir == qbittorent_profile_directory;
message = "qbittorrent data directory does not match persistence";
}
];
environment.persistence = {
"/persist/system/root" = {
directories = [
{
directory = qbittorent_profile_directory;
user = "qbittorrent";
group = "qbittorrent";
}
];
};
"/persist/system/qbittorrent" = {
enable = true;
hideMounts = true;
directories = [
{
directory = config.services.qbittorrent.mediaDir;
user = "qbittorrent";
group = "qbittorrent";
mode = "1775";
}
];
};
};
};
}

46
modules/nixos-modules/server/qbittorent/storage.nix Normal file
View file

@ -0,0 +1,46 @@
{
lib,
config,
...
}: let
qbittorent_profile_directory = "/var/lib/qBittorrent/";
in {
options.services.qbittorrent.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.qbittorrent.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.qbittorrent.enable {
storage.datasets.replicate = {
"system/root" = {
directories."${qbittorent_profile_directory}" = lib.mkIf config.services.qbittorrent.impermanence.enable {
owner.name = "qbittorrent";
group.name = "qbittorrent";
};
};
"system/media" = {
mount = "/persist/replicate/system/media";
directories."${config.services.qbittorrent.mediaDir}" = lib.mkIf config.services.qbittorrent.impermanence.enable {
owner.name = "qbittorrent";
group.name = "qbittorrent";
owner.permissions = {
read = true;
write = true;
execute = true;
};
group.permissions = {
read = true;
write = true;
execute = true;
};
other.permissions = {
read = true;
write = false;
execute = true;
};
};
};
};
};
}

2
modules/nixos-modules/server/radarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/radarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
radarr_data_directory = "/var/lib/radarr/.config/Radarr";
in {
options.services.radarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.radarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.radarr.impermanence.enable {
assertions = [
{
assertion = config.services.radarr.dataDir == radarr_data_directory;
message = "radarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = radarr_data_directory;
user = "radarr";
group = "radarr";
}
];
};
};
}

21
modules/nixos-modules/server/radarr/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
radarr_data_directory = "/var/lib/radarr/.config/Radarr";
in {
options.services.radarr.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.radarr.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.radarr.enable {
storage.datasets.replicate."system/root" = {
directories."${radarr_data_directory}" = lib.mkIf config.services.radarr.impermanence.enable {
owner.name = "radarr";
group.name = "radarr";
};
};
};
}

2
modules/nixos-modules/server/reverseProxy/default.nix
View file

@ -1,6 +1,6 @@
{...}: { {...}: {
imports = [ imports = [
./reverseProxy.nix ./reverseProxy.nix
./impermanence.nix ./storage.nix
]; ];
} }

21
modules/nixos-modules/server/reverseProxy/impermanence.nix
View file

@ -1,21 +0,0 @@
{
lib,
config,
...
}: let
dataDir = "/var/lib/acme";
in {
config = lib.mkIf (config.host.impermanence.enable && config.services.reverseProxy.enable) {
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
directories = [
{
directory = dataDir;
user = "acme";
group = "acme";
}
];
};
};
}

21
modules/nixos-modules/server/reverseProxy/storage.nix Normal file
View file

@ -0,0 +1,21 @@
{
lib,
config,
...
}: let
dataDir = "/var/lib/acme";
in {
options.services.reverseProxy.impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.reverseProxy.enable && config.storage.impermanence.enable;
};
config = lib.mkIf config.services.reverseProxy.enable {
storage.datasets.replicate."system/root" = {
directories."${dataDir}" = lib.mkIf config.services.reverseProxy.impermanence.enable {
owner.name = "acme";
group.name = "acme";
};
};
};
}

2
modules/nixos-modules/server/sonarr/default.nix
View file

@ -1,5 +1,5 @@
{...}: { {...}: {
imports = [ imports = [
./impermanence.nix ./storage.nix
]; ];
} }

33
modules/nixos-modules/server/sonarr/impermanence.nix
View file

@ -1,33 +0,0 @@
{
lib,
config,
...
}: let
sonarr_data_directory = "/var/lib/sonarr/.config/NzbDrone";
in {
options.services.sonarr = {
impermanence.enable = lib.mkOption {
type = lib.types.bool;
default = config.services.sonarr.enable && config.host.impermanence.enable;
};
};
config = lib.mkIf config.services.sonarr.impermanence.enable {
assertions = [
{
assertion = config.services.sonarr.dataDir == sonarr_data_directory;
message = "sonarr data directory does not match persistence";
}
];
environment.persistence."/persist/system/root" = {
directories = [
{
directory = sonarr_data_directory;
user = "sonarr";
group = "sonarr";
}
];
};
};
}

Some files were not shown because too many files have changed in this diff Show more