Mirrors/impermanence
2
0
Fork 0
mirror of https://github.com/nix-community/impermanence synced 2024-11-13 23:27:15 +00:00
Code Issues Projects Releases Packages Wiki Activity
impermanence/nixos.nix

546 lines
20 KiB
Nix
Raw Normal View History

Add initial NixOS module
2020-06-04 21:42:16 +00:00
{ pkgs, config, lib, ... }:
let
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit (lib) attrNames attrValues zipAttrsWith flatten mkOption
types foldl' unique noDepEntry concatMapStrings listToAttrs
escapeShellArg escapeShellArgs replaceStrings recursiveUpdate all
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
filter filterAttrs concatStringsSep concatMapStringsSep isString
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
catAttrs optional literalExpression;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit (pkgs.callPackage ./lib.nix { }) splitPath dirListToPath
nixos: Assert that no duplicate files or directories are specified
2022-01-16 17:56:15 +00:00
concatPaths sanitizeName duplicates;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
Add initial NixOS module
2020-06-04 21:42:16 +00:00
cfg = config.environment.persistence;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
users = config.users.users;
fix(nixos): allow eval to succeed when the module is unused
2022-01-31 19:32:01 +00:00
allPersistentStoragePaths = { directories = [ ]; files = [ ]; users = [ ]; }
// (zipAttrsWith (_name: flatten) (attrValues cfg));
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit (allPersistentStoragePaths) files directories;
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
mkMountScript = mountPoint: targetFile: ''
if [[ -L ${mountPoint} && $(readlink -f ${mountPoint}) == ${targetFile} ]]; then
echo "${mountPoint} already links to ${targetFile}, ignoring"
elif mount | grep -F ${mountPoint}' ' >/dev/null && ! mount | grep -F ${mountPoint}/ >/dev/null; then
echo "mount already exists at ${mountPoint}, ignoring"
elif [[ -e ${mountPoint} ]]; then
echo "A file already exists at ${mountPoint}!" >&2
exit 1
elif [[ -e ${targetFile} ]]; then
touch ${mountPoint}
mount -o bind ${targetFile} ${mountPoint}
else
ln -s ${targetFile} ${mountPoint}
fi
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
{
options = {
environment.persistence = mkOption {
default = { };
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
type =
let
feat: Support Hiding of Bind Mounts This is done using `x-gvfs-hide` Mount Option
2022-02-04 02:40:08 +00:00
inherit (types) attrsOf bool listOf submodule path either str;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
in
attrsOf (
submodule (
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
{ name, config, ... }:
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
let
persistentStoragePath = name;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
defaultPerms = {
mode = "0755";
user = "root";
group = "root";
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
commonOpts = {
options = {
persistentStoragePath = mkOption {
type = path;
default = persistentStoragePath;
description = ''
The path to persistent storage where the real
file should be stored.
'';
};
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
dirPermsOpts = { user, group, mode }: {
user = mkOption {
type = str;
default = user;
description = ''
If the directory doesn't exist in persistent
storage it will be created and owned by the user
specified by this option.
'';
};
group = mkOption {
type = str;
default = group;
description = ''
If the directory doesn't exist in persistent
storage it will be created and owned by the
group specified by this option.
'';
};
mode = mkOption {
type = str;
default = mode;
example = "0700";
description = ''
If the directory doesn't exist in persistent
storage it will be created with the mode
specified by this option.
'';
};
};
fileOpts = perms: {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
options = {
file = mkOption {
type = str;
description = ''
The path to the file.
'';
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
parentDirectory = dirPermsOpts perms;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
dirOpts = perms: {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
options = {
directory = mkOption {
type = str;
description = ''
The path to the directory.
'';
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
} // (dirPermsOpts perms);
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
rootFile = submodule [
commonOpts
(fileOpts defaultPerms)
];
rootDir = submodule [
commonOpts
(dirOpts defaultPerms)
];
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
in
{
options =
{
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
users = mkOption {
type = attrsOf (
submodule (
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
{ name, config, ... }:
let
userDefaultPerms = {
inherit (defaultPerms) mode;
user = name;
group = users.${userDefaultPerms.user}.group;
};
userFile = submodule [
commonOpts
(fileOpts userDefaultPerms)
];
userDir = submodule [
commonOpts
(dirOpts userDefaultPerms)
];
in
{
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
options =
{
# Needed because defining fileSystems
# based on values from users.users
# results in infinite recursion.
home = mkOption {
type = path;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
default = "/home/${userDefaultPerms.user}";
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
defaultText = "/home/<username>";
description = ''
The user's home directory. Only
useful for users with a custom home
directory path.
Cannot currently be automatically
deduced due to a limitation in
nixpkgs.
'';
};
files = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str userFile);
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
default = [ ];
example = [
".screenrc"
];
description = ''
Files that should be stored in
persistent storage.
'';
apply =
map (file:
if isString file then
{
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
inherit persistentStoragePath;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
file = concatPaths [ config.home file ];
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
parentDirectory = userDefaultPerms;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
}
else
file // {
file = concatPaths [ config.home file.file ];
});
};
directories = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str userDir);
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
default = [ ];
example = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
];
description = ''
Directories to bind mount to
persistent storage.
'';
apply =
map (directory:
if isString directory then
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
userDefaultPerms // {
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
directory = concatPaths [ config.home directory ];
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
inherit persistentStoragePath;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
}
else
directory // {
directory = concatPaths [ config.home directory.directory ];
});
};
};
}
)
);
default = { };
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
description = ''
A set of user submodules listing the files and
directories to link to their respective user's
home directories.
Each attribute name should be the name of the
user.
For detailed usage, check the <link
xlink:href="https://github.com/nix-community/impermanence">documentation</link>.
'';
example = literalExpression ''
{
talyz = {
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
"VirtualBox VMs"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".nixops"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
".local/share/direnv"
];
files = [
".screenrc"
];
};
}
'';
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
files = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str rootFile);
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
default = [ ];
example = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
description = ''
Files that should be stored in persistent storage.
'';
apply =
map (file:
if isString file then
{
inherit file persistentStoragePath;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
parentDirectory = defaultPerms;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
}
else
file);
};
directories = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str rootDir);
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
default = [ ];
example = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
description = ''
Directories to bind mount to persistent storage.
'';
apply =
map (directory:
if isString directory then
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
defaultPerms // {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit directory persistentStoragePath;
}
else
directory);
};
feat: Support Hiding of Bind Mounts This is done using `x-gvfs-hide` Mount Option
2022-02-04 02:40:08 +00:00
hideMounts = mkOption {
type = bool;
default = false;
example = true;
description = ''
Whether to hide bind mounts from showing up as mounted drives.
'';
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
config =
let
allUsers = zipAttrsWith (_name: flatten) (attrValues config.users);
in
{
files = allUsers.files or [ ];
directories = allUsers.directories or [ ];
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
}
)
);
nixos: Add description and examples
2020-12-13 15:16:35 +00:00
description = ''
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
A set of persistent storage location submodules listing the
files and directories to link to their respective persistent
storage location.
Each attribute name should be the full path to a persistent
storage location.
nixos: Add description and examples
2020-12-13 15:16:35 +00:00
For detailed usage, check the <link
xlink:href="https://github.com/nix-community/impermanence">documentation</link>.
'';
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
example = literalExpression ''
{
"/persistent" = {
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
];
files = [
"/etc/machine-id"
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
users.talyz = { ... }; # See the dedicated example
}
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
};
config = {
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
systemd.services =
Add initial NixOS module
2020-06-04 21:42:16 +00:00
let
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
mkPersistFileService = { file, persistentStoragePath, ... }:
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
let
targetFile = escapeShellArg (concatPaths [ persistentStoragePath file ]);
mountPoint = escapeShellArg file;
in
{
"persist-${sanitizeName targetFile}" = {
description = "Bind mount or link ${targetFile} to ${mountPoint}";
wantedBy = [ "local-fs.target" ];
before = [ "local-fs.target" ];
refactor: utillinux -> util-linux
2022-01-31 02:22:23 +00:00
path = [ pkgs.util-linux ];
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
unitConfig.DefaultDependencies = false;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
ExecStart = pkgs.writeShellScript "bindOrLink-${sanitizeName targetFile}" ''
set -eu
${mkMountScript mountPoint targetFile}
'';
ExecStop = pkgs.writeShellScript "unbindOrUnlink-${sanitizeName targetFile}" ''
set -eu
if [[ -L ${mountPoint} ]]; then
rm ${mountPoint}
else
umount ${mountPoint}
rm ${mountPoint}
fi
'';
};
};
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
foldl' recursiveUpdate { } (map mkPersistFileService files);
Add initial NixOS module
2020-06-04 21:42:16 +00:00
fileSystems =
let
nixos: Add comments
2020-06-07 08:43:44 +00:00
# Create fileSystems bind mount entry.
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
mkBindMountNameValuePair = { directory, persistentStoragePath, ... }: {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
name = concatPaths [ "/" directory ];
Add initial NixOS module
2020-06-04 21:42:16 +00:00
value = {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
device = concatPaths [ persistentStoragePath directory ];
Add initial NixOS module
2020-06-04 21:42:16 +00:00
noCheck = true;
feat: Support Hiding of Bind Mounts This is done using `x-gvfs-hide` Mount Option
2022-02-04 02:40:08 +00:00
options = [ "bind" ]
++ optional cfg.${persistentStoragePath}.hideMounts "x-gvfs-hide";
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
};
nixos: Add comments
2020-06-07 08:43:44 +00:00
# Create all fileSystems bind mount entries for a specific
# persistent storage path.
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
listToAttrs (map mkBindMountNameValuePair directories);
Add initial NixOS module
2020-06-04 21:42:16 +00:00
system.activationScripts =
let
nixos: Extract the createDirectories script out into its own file
2020-12-13 13:15:58 +00:00
# Script to create directories in persistent and ephemeral
# storage. The directory structure's mode and ownership mirror
# those of persistentStoragePath/dir.
createDirectories = pkgs.runCommand "impermanence-create-directories" { } ''
cp ${./create-directories.bash} $out
patchShebangs $out
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
mkDirWithPerms = { directory, persistentStoragePath, user, group, mode }: ''
${createDirectories} ${escapeShellArgs [persistentStoragePath directory user group mode]}
nixos: Write the directories creation script into store When user writes a long list of directories, the original code generates a very long activation script, which can cause an "Argument list too long" error. This try to fix the issue by writing the directories creation script into nix store as an executable instead of repeating it multiple times.
2020-11-12 09:55:46 +00:00
'';
nixos: Add comments
2020-06-07 08:43:44 +00:00
# Build an activation script which creates all persistent
# storage directories we want to bind mount.
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
dirCreationScripts =
nixos: Create directories of files in persistent storage
2020-12-13 13:45:29 +00:00
let
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit directories;
fileDirectories = unique (map
(f:
{
directory = dirOf f.file;
inherit (f) persistentStoragePath;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
} // f.parentDirectory)
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
files);
nixos: Create directories of files in persistent storage
2020-12-13 13:45:29 +00:00
in
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
{
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
"createPersistentStorageDirs" = {
deps = [ "users" "groups" ];
text = concatMapStrings mkDirWithPerms (directories ++ fileDirectories);
};
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
persistFileScript = { file, persistentStoragePath, ... }:
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
let
targetFile = escapeShellArg (concatPaths [ persistentStoragePath file ]);
mountPoint = escapeShellArg file;
in
{
"persist-${sanitizeName targetFile}" = {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
deps = [ "createPersistentStorageDirs" ];
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
text = mkMountScript mountPoint targetFile;
};
};
persistFileScripts =
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
foldl' recursiveUpdate { } (map persistFileScript files);
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
dirCreationScripts // persistFileScripts;
Add initial NixOS module
2020-06-04 21:42:16 +00:00
assertions =
let
nixos: Only check file systems for neededForBoot Only assert that persistent paths are marked neededForBoot if they're file system roots. Fixes #12
2020-07-18 19:40:37 +00:00
markedNeededForBoot = cond: fs:
if config.fileSystems ? ${fs} then
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
config.fileSystems.${fs}.neededForBoot == cond
nixos: Only check file systems for neededForBoot Only assert that persistent paths are marked neededForBoot if they're file system roots. Fixes #12
2020-07-18 19:40:37 +00:00
else
cond;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
persistentStoragePaths = attrNames cfg;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
usersPerPath = allPersistentStoragePaths.users;
homeDirOffenders =
filterAttrs
(n: v: (v.home != config.users.users.${n}.home));
Format with nixpkgs-fmt
2020-06-05 17:37:07 +00:00
in
[
nixos: Add neededForBoot assertion
2020-06-08 16:40:35 +00:00
{
# Assert that all persistent storage volumes we use are
# marked with neededForBoot.
assertion = all (markedNeededForBoot true) persistentStoragePaths;
message =
let
offenders = filter (markedNeededForBoot false) persistentStoragePaths;
in
''
environment.persistence:
All filesystems used for persistent storage must
have the flag neededForBoot set to true.
Please fix or remove the following paths:
Add initial NixOS module
2020-06-04 21:42:16 +00:00
${concatStringsSep "\n " offenders}
'';
}
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
{
assertion = all (users: (homeDirOffenders users) == { }) usersPerPath;
message =
let
offendersPerPath = filter (users: (homeDirOffenders users) != { }) usersPerPath;
offendersText =
concatMapStringsSep
"\n "
(offenders:
concatMapStringsSep
"\n "
(n: "${n}: ${offenders.${n}.home} != ${config.users.users.${n}.home}")
(attrNames offenders))
offendersPerPath;
in
''
environment.persistence:
Users and home doesn't match:
${offendersText}
You probably want to set each
environment.persistence.<path>.users.<user>.home to
match the respective user's home directory as
defined by users.users.<user>.home.
'';
}
nixos: Assert that no duplicate files or directories are specified
2022-01-16 17:56:15 +00:00
{
assertion = duplicates (catAttrs "file" files) == [ ];
message =
let
offenders = duplicates (catAttrs "file" files);
in
''
environment.persistence:
The following files were specified two or more
times:
${concatStringsSep "\n " offenders}
'';
}
{
assertion = duplicates (catAttrs "directory" directories) == [ ];
message =
let
offenders = duplicates (catAttrs "directory" directories);
in
''
environment.persistence:
The following directories were specified two or more
times:
${concatStringsSep "\n " offenders}
'';
}
Add initial NixOS module
2020-06-04 21:42:16 +00:00
];
};
}
Reference in a new issue Copy permalink