# Legacy impermanence module for defiant # This module contains all the impermanence configurations that were previously # handled by individual service modules on the main branch. It allows us to # merge the storage-refactor branch into main while keeping current functionality, # and then migrate services one at a time to the new automated impermanence system. # # To migrate a service to the new system: # 1. Remove the service's configuration from this file # 2. Set `impermanence.enable = true` for that service in configuration.nix # 3. Remove `impermanence.enable = false` from the service configuration { config, lib, ... }: { config = lib.mkIf config.storage.impermanence.enable { system.activationScripts = { "var-lib-private-permissions" = { deps = ["specialfs"]; text = '' mkdir -p /persist/system/root/var/lib/private chmod 0700 /persist/system/root/var/lib/private ''; }; }; environment.persistence."/persist/system/root" = { enable = true; hideMounts = true; directories = lib.mkMerge [ # PostgreSQL (lib.mkIf config.services.postgresql.enable [ { directory = "/var/lib/postgresql/16"; user = "postgres"; group = "postgres"; } ]) # Reverse Proxy (ACME) (lib.mkIf config.services.reverseProxy.enable [ { directory = "/var/lib/acme"; user = "acme"; group = "acme"; } ]) # Ollama (lib.mkIf config.services.ollama.enable [ { directory = "/var/lib/private/ollama"; user = config.services.ollama.user; group = config.services.ollama.group; mode = "0700"; } ]) # Tailscale (lib.mkIf config.services.tailscale.enable [ { directory = "/var/lib/tailscale"; user = "root"; group = "root"; } ]) # Syncthing (lib.mkIf config.services.syncthing.enable [ { directory = "/mnt/sync"; user = "syncthing"; group = "syncthing"; } { directory = "/etc/syncthing"; user = "syncthing"; group = "syncthing"; } ]) # Fail2ban (lib.mkIf config.services.fail2ban.enable [ { directory = "/var/lib/fail2ban"; user = "fail2ban"; group = "fail2ban"; } ]) # Jellyfin (data/cache only - media is on separate dataset) (lib.mkIf config.services.jellyfin.enable [ { directory = "/var/lib/jellyfin"; user = "jellyfin"; group = "jellyfin"; } { directory = "/var/cache/jellyfin"; user = "jellyfin"; group = "jellyfin"; } ]) # Immich (lib.mkIf config.services.immich.enable [ { directory = "/var/lib/immich"; user = "immich"; group = "immich"; } ]) # Forgejo (lib.mkIf config.services.forgejo.enable [ { directory = "/var/lib/forgejo"; user = "forgejo"; group = "forgejo"; } ]) # Actual (lib.mkIf config.services.actual.enable [ { directory = "/var/lib/private/actual"; user = "actual"; group = "actual"; } ]) # Home Assistant (lib.mkIf config.services.home-assistant.enable [ { directory = "/var/lib/hass"; user = "hass"; group = "hass"; } ]) # Paperless (lib.mkIf config.services.paperless.enable [ { directory = "/var/lib/paperless"; user = "paperless"; group = "paperless"; } ]) # Crab-hole (lib.mkIf config.services.crab-hole.enable [ { directory = "/var/lib/private/crab-hole"; user = "crab-hole"; group = "crab-hole"; } ]) # qBittorrent (config only - media is on separate dataset) (lib.mkIf config.services.qbittorrent.enable [ { directory = "/var/lib/qBittorrent/"; user = "qbittorrent"; group = "qbittorrent"; } ]) # Sonarr (lib.mkIf config.services.sonarr.enable [ { directory = "/var/lib/sonarr/.config/NzbDrone"; user = "sonarr"; group = "sonarr"; } ]) # Radarr (lib.mkIf config.services.radarr.enable [ { directory = "/var/lib/radarr/.config/Radarr"; user = "radarr"; group = "radarr"; } ]) # Bazarr (lib.mkIf config.services.bazarr.enable [ { directory = "/var/lib/bazarr"; user = "bazarr"; group = "bazarr"; } ]) # Lidarr (lib.mkIf config.services.lidarr.enable [ { directory = "/var/lib/lidarr/.config/Lidarr"; user = "lidarr"; group = "lidarr"; } ]) # Jackett (lib.mkIf config.services.jackett.enable [ { directory = "/var/lib/jackett/.config/Jackett"; user = "jackett"; group = "jackett"; } ]) # FlareSolverr (lib.mkIf config.services.flaresolverr.enable [ { directory = "/var/lib/flaresolverr"; user = "flaresolverr"; group = "flaresolverr"; } ]) ]; }; # Jellyfin media on separate dataset (matching main) environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable { enable = true; hideMounts = true; directories = [ { directory = config.services.jellyfin.media_directory; user = "jellyfin"; group = "jellyfin_media"; mode = "1770"; } ]; }; # qBittorrent media on separate dataset (matching main) environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable { enable = true; hideMounts = true; directories = [ { directory = config.services.qbittorrent.mediaDir; user = "qbittorrent"; group = "qbittorrent"; mode = "1775"; } ]; }; # /var/log persistence (matching main) environment.persistence."/persist/system/var/log" = { enable = true; hideMounts = true; directories = [ "/var/log" ]; }; }; }