gendry: switch to impermanence

2023-07-26 21:05:14 +01:00 · 2023-07-26 21:05:14 +01:00 · 39be74d976
commit 39be74d976
parent 5962a245c9
4 changed files with 31 additions and 73 deletions
--- a/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix
+++ b/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/default.nix
@ -6,7 +6,6 @@
    ../../modules/spotify/default.nix
    ./bluetooth.nix
    ./hardware-configuration.nix
-    ./persist.nix
  ];

  config = {
@ -18,6 +17,18 @@
    boot.loader.systemd-boot.enable = true;
    boot.loader.efi.canTouchEfiVariables = true;

+    ## Impermanence
+    custom.impermanence = {
+      enable = true;
+      userExtraFiles.jake = [
+        ".ssh/id_rsa"
+        ".ssh/id_ecdsa"
+      ];
+      userExtraDirs.jake = [
+        ".local/share/PrismLauncher"
+      ];
+    };
+
    ## Desktop
    custom.desktop.awesome.enable = true;

--- a/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/hardware-configuration.nix
+++ b/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/hardware-configuration.nix
@ -18,6 +18,7 @@
    {
      device = "tmpfs";
      fsType = "tmpfs";
+      options = [ "mode=0755" ];
    };

  fileSystems."/nix" =
--- a/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/persist.nix
+++ b/hosts/gendry.jakehillion-terminals.ts.hillion.co.uk/persist.nix
@ -1,69 +0,0 @@
-{ config, pkgs, lib, ... }:
-
-{
-  # Persist files (due to tmpfs root)
-  ## Set root tmpfs to 0755
-  fileSystems."/".options = [ "mode=0755" ];
-
-  ## Require data at boot (to have access to host keys for agenix)
-  fileSystems."/data".neededForBoot = true;
-
-  ## OpenSSH Host Keys (SSH + agenix secrets)
-  services.openssh = {
-    hostKeys = [
-      {
-        path = "/data/system/etc/ssh/ssh_host_ed25519_key";
-        type = "ed25519";
-      }
-      {
-        path = "/data/system/etc/ssh/ssh_host_rsa_key";
-        type = "rsa";
-        bits = 4096;
-      }
-    ];
-  };
-
-  ## Persistent directories and symlinks
-  systemd.tmpfiles.rules = [
-    ### Persistent home subdirectories
-    "L /root/local - - - - /data/users/root"
-    "L /home/jake/local - - - - /data/users/jake"
-
-    ### Persistent SSH keys
-    "L /home/jake/.ssh/id_rsa - - - - /data/users/jake/.ssh/id_rsa"
-    "L /home/jake/.ssh/id_ecdsa - - - - /data/users/jake/.ssh/id_ecdsa"
-
-    ### Persistent spotify-tui
-    "d /home/jake/.config/ 0700 jake users - -"
-    "d /home/jake/.config/spotify-tui/ 0700 jake users - -"
-    "L /home/jake/.config/spotify-tui/.spotify_token_cache.json - - - - /data/users/jake/.config/spotify-tui/.spotify_token_cache.json"
-    "L /home/jake/.config/spotify-tui/client.yml - - - - /data/users/jake/.config/spotify-tui/client.yml"
-  ];
-
-  ## Persistent /etc/nixos
-  fileSystems."/etc/nixos" = {
-    device = "/data/users/root/repos/nixos";
-    options = [ "bind" ];
-  };
-
-  ## Persistent zsh history
-  programs.zsh.histFile = lib.mkForce "$HOME/local/.zsh_history";
-
-  ## Tailscale
-  fileSystems."/var/lib/tailscale" = {
-    device = "/data/system/var/lib/tailscale";
-    options = [ "bind" ];
-  };
-
-  ## Bluetooth
-  fileSystems."/var/lib/bluetooth" = {
-    device = "/data/system/var/lib/bluetooth";
-    options = [ "bind" ];
-  };
-
-  ## Minecraft
-  fileSystems."/home/jake/.local/share/PrismLauncher" = {
-    device = "/data/users/jake/.local/share/PrismLauncher";
-    options = [ "bind" ];
-  };
-}
--- a/modules/impermanence.nix
+++ b/modules/impermanence.nix
@ -17,6 +17,15 @@ in
      type = with lib.types; listOf str;
      default = [ "root" config.custom.user ];
    };
+
+    userExtraFiles = lib.mkOption {
+      type = with lib.types; attrsOf (listOf str);
+      default = { };
+    };
+    userExtraDirs = lib.mkOption {
+      type = with lib.types; attrsOf (listOf str);
+      default = { };
+    };
  };

  config = lib.mkIf cfg.enable {
@ -33,7 +42,8 @@ in
      directories = [
        "/etc/nixos"
      ] ++ (listIf config.custom.tailscale.enable [ "/var/lib/tailscale" ]) ++
-      (listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]);
+      (listIf config.services.zigbee2mqtt.enable [ config.services.zigbee2mqtt.dataDir ]) ++
+      (listIf config.hardware.bluetooth.enable [ "/var/lib/bluetooth" ]);
    };

    home-manager.users =
@ -44,13 +54,18 @@ in
            home.persistence."/data/users/${x}" = {
              files = [
                ".zsh_history"
-              ];
+              ] ++ cfg.userExtraFiles.${x} or [ ];
+
+              directories = cfg.userExtraDirs.${x} or [ ];
            };
          };
        });
      in
      builtins.listToAttrs (builtins.map mkUser cfg.users);

-    systemd.tmpfiles.rules = builtins.map (x: "L ${config.users.users.${x}.home}/local - - - - /data/users/${x}") cfg.users;
+    systemd.tmpfiles.rules = builtins.map
+      (user:
+        let details = config.users.users.${user}; in "L ${details.home}/local - ${user} ${details.group} - /data/users/${user}")
+      cfg.users;
  };
 }