mjallen/nix-config
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
Files
9f1c57ddf2c4dbdd2b92bae37be8fd142cd290e7
nix-config/modules/nixos/impermanence/default.nix
mjallen18 3c1b5d5072 stuff
2025-09-05 11:19:35 -05:00

88 lines
2.2 KiB
Nix
Executable File
Raw Blame History

{
config,
lib,
namespace,
...
}:
with lib;
let
inherit (lib.${namespace}) mkOpt;
cfg = config.${namespace}.impermanence;
in
{
options.${namespace}.impermanence = {
enable = mkEnableOption "enable impermanence";
persistencePath = mkOption {
type = types.str;
default = "/nix/persist/system";
description = "Path to the persistence directory";
};
# extraDirectories = mkOpt (types.listOf types.path) [ ] "Extra directory paths to add to impermanence";
extraDirectories = mkOpt (types.listOf (
types.either types.str (
types.submodule {
options = {
directory = mkOption {
type = types.str;
description = "Directory path";
};
user = mkOption {
type = types.str;
default = "root";
description = "Directory owner";
};
group = mkOption {
type = types.str;
default = "root";
description = "Directory group";
};
mode = mkOption {
type = types.str;
default = "u=rwx,g=rx,o=";
description = "Directory permissions";
};
};
}
)
)) [ ] "Extra directory paths to add to impermanence";
extraFiles = mkOpt (types.listOf types.path) [ ] "Extra file paths to add to impermanence";
};
config = mkIf cfg.enable {
environment.persistence."/nix/persist/system" = {
hideMounts = true;
directories = [
"/var/lib/bluetooth"
"/var/lib/iwd"
"/var/lib/nixos"
"/var/lib/libvirt"
"/var/lib/waydroid"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
"/var/lib/tailscale"
{
directory = "/etc/nix";
user = "root";
group = "root";
mode = "u=rwx,g=rx,o=rx";
}
{
directory = "/var/lib/private";
mode = "u=rwx,g=rx,o=";
}
]
++ cfg.extraDirectories;
files = [
"/etc/machine-id"
]
++ cfg.extraFiles;
};
security.sudo.extraConfig = ''
# rollback results in sudo lectures after each reboot
Defaults lecture = never
'';
};
}
Reference in New Issue View Git Blame Copy Permalink