nixos/modules/impermanence.nix

108 lines
3.6 KiB
Nix
Raw Normal View History

2023-07-23 17:28:58 +01:00
{ config, lib, ... }:
let
cfg = config.custom.impermanence;
in
{
options.custom.impermanence = {
enable = lib.mkEnableOption "impermanence";
base = lib.mkOption {
type = lib.types.str;
default = "/data";
};
cache = {
enable = lib.mkEnableOption "impermanence.cache";
path = lib.mkOption {
type = lib.types.str;
default = "/cache";
};
};
2023-07-23 17:28:58 +01:00
users = lib.mkOption {
type = with lib.types; listOf str;
default = [ "root" config.custom.user ];
};
2023-07-26 21:05:14 +01:00
userExtraFiles = lib.mkOption {
type = with lib.types; attrsOf (listOf str);
default = { };
};
userExtraDirs = lib.mkOption {
type = with lib.types; attrsOf (listOf str);
default = { };
};
2023-07-23 17:28:58 +01:00
};
config = lib.mkIf cfg.enable {
fileSystems.${cfg.base}.neededForBoot = true;
2023-11-26 19:44:30 +00:00
services = {
openssh.hostKeys = [
{ path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
{ path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
];
matrix-synapse.dataDir = "${cfg.base}/system/var/lib/matrix-synapse";
2023-12-30 22:34:27 +00:00
gitea.stateDir = "${cfg.base}/system/var/lib/gitea";
2023-11-26 19:44:30 +00:00
};
2023-07-23 17:28:58 +01:00
environment.persistence = lib.mkMerge [
{
"${cfg.base}/system" = {
hideMounts = true;
2023-07-23 17:28:58 +01:00
directories = [
"/etc/nixos"
] ++ (lib.lists.optional config.services.tailscale.enable "/var/lib/tailscale") ++
(lib.lists.optional config.services.zigbee2mqtt.enable config.services.zigbee2mqtt.dataDir) ++
(lib.lists.optional config.services.postgresql.enable config.services.postgresql.dataDir) ++
(lib.lists.optional config.hardware.bluetooth.enable "/var/lib/bluetooth") ++
(lib.lists.optional config.custom.services.unifi.enable "/var/lib/unifi") ++
(lib.lists.optional (config.virtualisation.oci-containers.containers != { }) "/var/lib/containers") ++
(lib.lists.optional config.services.tang.enable "/var/lib/private/tang") ++
(lib.lists.optional config.services.caddy.enable "/var/lib/caddy") ++
(lib.lists.optional config.services.prometheus.enable "/var/lib/${config.services.prometheus.stateDir}") ++
(lib.lists.optional config.custom.services.isponsorblocktv.enable "${config.custom.services.isponsorblocktv.dataDir}") ++
(lib.lists.optional config.services.step-ca.enable "/var/lib/step-ca/db");
};
}
(lib.mkIf cfg.cache.enable {
"${cfg.cache.path}/system" = {
hideMounts = true;
directories = (lib.lists.optional config.services.postgresqlBackup.enable config.services.postgresqlBackup.location);
};
})
];
2023-07-23 17:28:58 +01:00
home-manager.users =
let
mkUser = (x: {
name = x;
value = {
2024-03-16 14:15:22 +00:00
home = {
persistence."/data/users/${x}" = {
allowOther = false;
2024-02-04 10:29:07 +00:00
2024-03-16 14:15:22 +00:00
files = cfg.userExtraFiles.${x} or [ ];
directories = cfg.userExtraDirs.${x} or [ ];
};
file.".zshrc".text = lib.mkForce ''
HISTFILE=/data/users/${x}/.zsh_history
'';
2023-07-23 17:28:58 +01:00
};
};
});
in
builtins.listToAttrs (builtins.map mkUser cfg.users);
2024-03-16 14:15:22 +00:00
systemd.tmpfiles.rules = lib.lists.flatten (builtins.map
2023-07-26 21:05:14 +01:00
(user:
2024-03-16 14:15:22 +00:00
let details = config.users.users.${user}; in [
"d /data/users/${user} 0700 ${user} ${details.group} - -"
"L ${details.home}/local - ${user} ${details.group} - /data/users/${user}"
])
cfg.users);
2023-07-23 17:28:58 +01:00
};
}