108 lines
2.9 KiB
Nix
Executable File
108 lines
2.9 KiB
Nix
Executable File
{
|
|
config,
|
|
lib,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
let
|
|
inherit (lib.${namespace}) mkOpt;
|
|
cfg = config.${namespace}.impermanence;
|
|
in
|
|
{
|
|
options.${namespace}.impermanence = {
|
|
enable = mkEnableOption "enable impermanence";
|
|
persistencePath = mkOption {
|
|
type = types.str;
|
|
default = "/nix/persist/system";
|
|
description = "Path to the persistence directory";
|
|
};
|
|
|
|
# extraDirectories = mkOpt (types.listOf types.path) [ ] "Extra directory paths to add to impermanence";
|
|
extraDirectories = mkOpt (types.listOf (
|
|
types.either types.str (
|
|
types.submodule {
|
|
options = {
|
|
directory = mkOption {
|
|
type = types.str;
|
|
description = "Directory path";
|
|
};
|
|
user = mkOption {
|
|
type = types.str;
|
|
default = "root";
|
|
description = "Directory owner";
|
|
};
|
|
group = mkOption {
|
|
type = types.str;
|
|
default = "root";
|
|
description = "Directory group";
|
|
};
|
|
mode = mkOption {
|
|
type = types.str;
|
|
default = "u=rwx,g=rx,o=";
|
|
description = "Directory permissions";
|
|
};
|
|
};
|
|
}
|
|
)
|
|
)) [ ] "Extra directory paths to add to impermanence";
|
|
extraFiles = mkOpt (types.listOf types.path) [ ] "Extra file paths to add to impermanence";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
# /etc must be available before the impermanence bind-mounts are set up.
|
|
fileSystems."/etc".neededForBoot = true;
|
|
|
|
assertions = [
|
|
{
|
|
assertion = lib.hasPrefix "/" cfg.persistencePath;
|
|
message = "mjallen.impermanence.persistencePath must be an absolute path (got \"${cfg.persistencePath}\").";
|
|
}
|
|
{
|
|
assertion = cfg.persistencePath != "/";
|
|
message = "mjallen.impermanence.persistencePath must not be the filesystem root \"/\".";
|
|
}
|
|
];
|
|
|
|
environment.persistence."/nix/persist/system" = {
|
|
hideMounts = true;
|
|
directories = [
|
|
"/var/lib/bluetooth"
|
|
"/var/lib/iwd"
|
|
"/var/lib/nixos"
|
|
"/var/lib/libvirt"
|
|
"/var/lib/waydroid"
|
|
"/var/lib/systemd/coredump"
|
|
"/etc/NetworkManager/system-connections"
|
|
"/var/lib/tailscale"
|
|
{
|
|
directory = "/var/lib/wallpapers";
|
|
user = "nobody";
|
|
group = "nobody";
|
|
mode = "u=rwx,g=rwx,o=rx";
|
|
}
|
|
{
|
|
directory = "/etc/nix";
|
|
user = "root";
|
|
group = "root";
|
|
mode = "u=rwx,g=rx,o=rx";
|
|
}
|
|
{
|
|
directory = "/var/lib/private";
|
|
mode = "u=rwx,g=rx,o=";
|
|
}
|
|
]
|
|
++ cfg.extraDirectories;
|
|
files = [
|
|
"/etc/machine-id"
|
|
]
|
|
++ cfg.extraFiles;
|
|
};
|
|
|
|
security.sudo.extraConfig = ''
|
|
# rollback results in sudo lectures after each reboot
|
|
Defaults lecture = never
|
|
'';
|
|
};
|
|
}
|