Mirrors/impermanence
2
0
Fork 0
mirror of https://github.com/nix-community/impermanence synced 2024-11-13 23:27:15 +00:00
Code Issues Projects Releases Packages Wiki Activity
impermanence/nixos.nix

613 lines
21 KiB
Nix
Raw Normal View History

Add initial NixOS module
2020-06-04 21:42:16 +00:00
{ pkgs, config, lib, ... }:
let
all: Line up lib inherits vertically
2022-11-13 17:16:57 +00:00
inherit (lib)
attrNames
attrValues
zipAttrsWith
flatten
mkOption
mkDefault
mapAttrsToList
types
foldl'
unique
concatMapStrings
listToAttrs
escapeShellArg
escapeShellArgs
recursiveUpdate
all
filter
filterAttrs
concatStringsSep
concatMapStringsSep
isString
catAttrs
optional
literalExpression
;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
all: Line up lib inherits vertically
2022-11-13 17:16:57 +00:00
inherit (pkgs.callPackage ./lib.nix { })
splitPath
dirListToPath
concatPaths
sanitizeName
duplicates
;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
Add initial NixOS module
2020-06-04 21:42:16 +00:00
cfg = config.environment.persistence;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
users = config.users.users;
fix(nixos): allow eval to succeed when the module is unused
2022-01-31 19:32:01 +00:00
allPersistentStoragePaths = { directories = [ ]; files = [ ]; users = [ ]; }
// (zipAttrsWith (_name: flatten) (attrValues cfg));
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit (allPersistentStoragePaths) files directories;
Make bash scripts work in cross-compiled environments. When cross-compiling, `patchShebangs` requires the host platform's bash to be present in the HOST_PATH environment variable. However, by default when using `pkgs.runCommand`, only the build platform's bash is implicitly added to the PATH. The result is that the shebang is not replaced, and the script fails to run because the activation scripts don't have `bash` in their environment. By explicitly adding `pkgs.bash` to the build inputs, this ensures the HOST_PATH is populated and makes `patchShebangs` work as expected.
2022-07-17 16:57:32 +00:00
mountFile = pkgs.runCommand "impermanence-mount-file" { buildInputs = [ pkgs.bash ]; } ''
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
cp ${./mount-file.bash} $out
patchShebangs $out
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
'';
nixos: Fix bind mounts in VM build
2022-02-11 01:12:23 +00:00
# Create fileSystems bind mount entry.
mkBindMountNameValuePair = { directory, persistentStoragePath, ... }: {
name = concatPaths [ "/" directory ];
value = {
device = concatPaths [ persistentStoragePath directory ];
noCheck = true;
options = [ "bind" ]
++ optional cfg.${persistentStoragePath}.hideMounts "x-gvfs-hide";
nixos: Mount binds after the persistent storage path
2023-02-02 17:28:09 +00:00
depends = [ persistentStoragePath ];
nixos: Fix bind mounts in VM build
2022-02-11 01:12:23 +00:00
};
};
# Create all fileSystems bind mount entries for a specific
# persistent storage path.
bindMounts = listToAttrs (map mkBindMountNameValuePair directories);
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
{
options = {
environment.persistence = mkOption {
default = { };
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
type =
let
all: Line up lib inherits vertically
2022-11-13 17:16:57 +00:00
inherit (types)
attrsOf
bool
listOf
submodule
nullOr
path
either
str
coercedTo
;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
in
attrsOf (
submodule (
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
{ name, config, ... }:
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
let
persistentStoragePath = name;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
defaultPerms = {
mode = "0755";
user = "root";
group = "root";
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
commonOpts = {
options = {
persistentStoragePath = mkOption {
type = path;
default = persistentStoragePath;
description = ''
The path to persistent storage where the real
file should be stored.
'';
};
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
dirPermsOpts = {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
user = mkOption {
type = str;
description = ''
If the directory doesn't exist in persistent
storage it will be created and owned by the user
specified by this option.
'';
};
group = mkOption {
type = str;
description = ''
If the directory doesn't exist in persistent
storage it will be created and owned by the
group specified by this option.
'';
};
mode = mkOption {
type = str;
example = "0700";
description = ''
If the directory doesn't exist in persistent
storage it will be created with the mode
specified by this option.
'';
};
};
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
fileOpts = {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
options = {
file = mkOption {
type = str;
description = ''
The path to the file.
'';
};
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
parentDirectory = dirPermsOpts;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
dirOpts = {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
options = {
directory = mkOption {
type = str;
description = ''
The path to the directory.
'';
};
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
} // dirPermsOpts;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
rootFile = submodule [
commonOpts
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
fileOpts
{ parentDirectory = mkDefault defaultPerms; }
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
];
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
rootDir = submodule ([
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
commonOpts
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
dirOpts
] ++ (mapAttrsToList (n: v: { ${n} = mkDefault v; }) defaultPerms));
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
in
{
options =
{
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
users = mkOption {
type = attrsOf (
submodule (
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
{ name, config, ... }:
let
userDefaultPerms = {
inherit (defaultPerms) mode;
user = name;
group = users.${userDefaultPerms.user}.group;
};
userFile = submodule [
commonOpts
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
fileOpts
{ parentDirectory = mkDefault userDefaultPerms; }
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
];
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
userDir = submodule ([
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
commonOpts
nixos: Use mkDefault to set the default directory permissions This means we don't have to pass them around as function arguments, making things a bit cleaner.
2022-11-13 17:16:18 +00:00
dirOpts
] ++ (mapAttrsToList (n: v: { ${n} = mkDefault v; }) userDefaultPerms));
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
in
{
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
options =
{
# Needed because defining fileSystems
# based on values from users.users
# results in infinite recursion.
home = mkOption {
type = path;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
default = "/home/${userDefaultPerms.user}";
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
defaultText = "/home/<username>";
description = ''
The user's home directory. Only
useful for users with a custom home
directory path.
Cannot currently be automatically
deduced due to a limitation in
nixpkgs.
'';
};
files = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str userFile);
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
default = [ ];
example = [
".screenrc"
];
description = ''
Files that should be stored in
persistent storage.
'';
apply =
map (file:
if isString file then
{
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
inherit persistentStoragePath;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
file = concatPaths [ config.home file ];
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
parentDirectory = userDefaultPerms;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
}
else
file // {
file = concatPaths [ config.home file.file ];
});
};
directories = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str userDir);
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
default = [ ];
example = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
];
description = ''
Directories to bind mount to
persistent storage.
'';
apply =
map (directory:
if isString directory then
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
userDefaultPerms // {
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
directory = concatPaths [ config.home directory ];
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
inherit persistentStoragePath;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
}
else
directory // {
directory = concatPaths [ config.home directory.directory ];
});
};
};
}
)
);
default = { };
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
description = ''
A set of user submodules listing the files and
directories to link to their respective user's
home directories.
Each attribute name should be the name of the
user.
For detailed usage, check the <link
xlink:href="https://github.com/nix-community/impermanence">documentation</link>.
'';
example = literalExpression ''
{
talyz = {
directories = [
"Downloads"
"Music"
"Pictures"
"Documents"
"Videos"
"VirtualBox VMs"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
{ directory = ".nixops"; mode = "0700"; }
{ directory = ".local/share/keyrings"; mode = "0700"; }
".local/share/direnv"
];
files = [
".screenrc"
];
};
}
'';
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
files = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str rootFile);
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
default = [ ];
example = [
"/etc/machine-id"
"/etc/nix/id_rsa"
];
description = ''
Files that should be stored in persistent storage.
'';
apply =
map (file:
if isString file then
{
inherit file persistentStoragePath;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
parentDirectory = defaultPerms;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
}
else
file);
};
directories = mkOption {
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
type = listOf (either str rootDir);
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
default = [ ];
example = [
"/var/log"
"/var/lib/bluetooth"
nixos: Recommend persisting /var/lib/nixos The `/var/lib/nixos` directory contains the uid and gid map for entities without a static id. Not persisting them means your user and group ids could change between reboots, which is likely undesirable.
2023-02-02 16:23:19 +00:00
"/var/lib/nixos"
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
];
description = ''
Directories to bind mount to persistent storage.
'';
apply =
map (directory:
if isString directory then
nixos: Fix user permissions for string type files and directories Set the permissions for user directories and files properly when converting them from string to submodule. Previously, they would use the root default of `root:root`. Fixes #74.
2022-02-02 09:03:19 +00:00
defaultPerms // {
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit directory persistentStoragePath;
}
else
directory);
};
feat: Support Hiding of Bind Mounts This is done using `x-gvfs-hide` Mount Option
2022-02-04 02:40:08 +00:00
hideMounts = mkOption {
type = bool;
default = false;
example = true;
description = ''
Whether to hide bind mounts from showing up as mounted drives.
'';
};
nixos: Add an internal debugging option to aid script debugging
2022-02-16 12:40:17 +00:00
enableDebugging = mkOption {
type = bool;
default = false;
internal = true;
description = ''
Enable debug trace output when running
scripts. You only need to enable this if asked
to.
'';
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
};
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
config =
let
allUsers = zipAttrsWith (_name: flatten) (attrValues config.users);
in
{
files = allUsers.files or [ ];
directories = allUsers.directories or [ ];
};
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
}
)
);
nixos: Add description and examples
2020-12-13 15:16:35 +00:00
description = ''
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
A set of persistent storage location submodules listing the
files and directories to link to their respective persistent
storage location.
Each attribute name should be the full path to a persistent
storage location.
nixos: Add description and examples
2020-12-13 15:16:35 +00:00
For detailed usage, check the <link
xlink:href="https://github.com/nix-community/impermanence">documentation</link>.
'';
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
example = literalExpression ''
{
"/persistent" = {
directories = [
"/var/log"
"/var/lib/bluetooth"
nixos: Recommend persisting /var/lib/nixos The `/var/lib/nixos` directory contains the uid and gid map for entities without a static id. Not persisting them means your user and group ids could change between reboots, which is likely undesirable.
2023-02-02 16:23:19 +00:00
"/var/lib/nixos"
Add missing descriptions and improve existing ones Closes #81
2022-02-13 22:25:51 +00:00
"/var/lib/systemd/coredump"
"/etc/NetworkManager/system-connections"
{ directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
];
files = [
"/etc/machine-id"
{ file = "/etc/nix/id_rsa"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
];
};
users.talyz = { ... }; # See the dedicated example
}
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
nixos: Fix bind mounts in VM build
2022-02-11 01:12:23 +00:00
# Forward declare a dummy option for VM filesystems since the real one won't exist
# unless the VM module is actually imported.
virtualisation.fileSystems = mkOption { };
Add initial NixOS module
2020-06-04 21:42:16 +00:00
};
config = {
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
systemd.services =
Add initial NixOS module
2020-06-04 21:42:16 +00:00
let
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
mkPersistFileService = { file, persistentStoragePath, ... }:
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
let
targetFile = escapeShellArg (concatPaths [ persistentStoragePath file ]);
mountPoint = escapeShellArg file;
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
enableDebugging = escapeShellArg cfg.${persistentStoragePath}.enableDebugging;
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
in
{
"persist-${sanitizeName targetFile}" = {
description = "Bind mount or link ${targetFile} to ${mountPoint}";
wantedBy = [ "local-fs.target" ];
before = [ "local-fs.target" ];
refactor: utillinux -> util-linux
2022-01-31 02:22:23 +00:00
path = [ pkgs.util-linux ];
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
unitConfig.DefaultDependencies = false;
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
ExecStart = "${mountFile} ${mountPoint} ${targetFile} ${enableDebugging}";
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
ExecStop = pkgs.writeShellScript "unbindOrUnlink-${sanitizeName targetFile}" ''
set -eu
if [[ -L ${mountPoint} ]]; then
rm ${mountPoint}
else
umount ${mountPoint}
rm ${mountPoint}
fi
'';
};
};
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
foldl' recursiveUpdate { } (map mkPersistFileService files);
Add initial NixOS module
2020-06-04 21:42:16 +00:00
nixos: Fix bind mounts in VM build
2022-02-11 01:12:23 +00:00
fileSystems = bindMounts;
# So the mounts still make it into a VM built from `system.build.vm`
virtualisation.fileSystems = bindMounts;
Add initial NixOS module
2020-06-04 21:42:16 +00:00
system.activationScripts =
let
nixos: Extract the createDirectories script out into its own file
2020-12-13 13:15:58 +00:00
# Script to create directories in persistent and ephemeral
# storage. The directory structure's mode and ownership mirror
# those of persistentStoragePath/dir.
Make bash scripts work in cross-compiled environments. When cross-compiling, `patchShebangs` requires the host platform's bash to be present in the HOST_PATH environment variable. However, by default when using `pkgs.runCommand`, only the build platform's bash is implicitly added to the PATH. The result is that the shebang is not replaced, and the script fails to run because the activation scripts don't have `bash` in their environment. By explicitly adding `pkgs.bash` to the build inputs, this ensures the HOST_PATH is populated and makes `patchShebangs` work as expected.
2022-07-17 16:57:32 +00:00
createDirectories = pkgs.runCommand "impermanence-create-directories" { buildInputs = [ pkgs.bash ]; } ''
nixos: Extract the createDirectories script out into its own file
2020-12-13 13:15:58 +00:00
cp ${./create-directories.bash} $out
patchShebangs $out
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
nixos: Add an internal debugging option to aid script debugging
2022-02-16 12:40:17 +00:00
mkDirWithPerms = { directory, persistentStoragePath, user, group, mode }:
let
args = [
persistentStoragePath
directory
user
group
mode
cfg.${persistentStoragePath}.enableDebugging
];
in
''
${createDirectories} ${escapeShellArgs args}
'';
nixos: Write the directories creation script into store When user writes a long list of directories, the original code generates a very long activation script, which can cause an "Argument list too long" error. This try to fix the issue by writing the directories creation script into nix store as an executable instead of repeating it multiple times.
2020-11-12 09:55:46 +00:00
nixos: Add comments
2020-06-07 08:43:44 +00:00
# Build an activation script which creates all persistent
# storage directories we want to bind mount.
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
dirCreationScript =
nixos: Create directories of files in persistent storage
2020-12-13 13:45:29 +00:00
let
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
inherit directories;
fileDirectories = unique (map
(f:
{
directory = dirOf f.file;
inherit (f) persistentStoragePath;
nixos: Add support for custom permissions on created directories Allow the owner and mode to be set when directories are created in persistent storage by the `create-directories.bash` script. Very useful for directories used to store secrets. Also, make sure the user directories are created with reasonable defaults, i.e. owned by the user and its group, not by `root:root`.
2022-01-28 11:58:14 +00:00
} // f.parentDirectory)
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
files);
nixos: Create directories of files in persistent storage
2020-12-13 13:45:29 +00:00
in
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
pkgs.writeShellScript "impermanence-run-create-directories" ''
_status=0
trap "_status=1" ERR
${concatMapStrings mkDirWithPerms (directories ++ fileDirectories)}
exit $_status
'';
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
mkPersistFile = { file, persistentStoragePath, ... }:
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
let
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
mountPoint = file;
targetFile = concatPaths [ persistentStoragePath file ];
args = escapeShellArgs [
mountPoint
targetFile
cfg.${persistentStoragePath}.enableDebugging
];
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
in
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
''
${mountFile} ${args}
'';
nixos: Manage files using systemd services Manage files by creating a systemd oneshot service for each file. The service links or bind mounts the file as appropriate on start and removes the link or unmounts it when stopped. Whether a symlink or bind mount is used is determined by if the target exists - if it does, it's bind mounted, otherwise symlinked. To make sure files are available early enough, also run the start portion in the activation script. This lifts the restriction on files being placed in `/etc` and should finally close #1.
2021-08-29 18:02:47 +00:00
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
persistFileScript =
pkgs.writeShellScript "impermanence-persist-files" ''
_status=0
trap "_status=1" ERR
${concatMapStrings mkPersistFile files}
exit $_status
'';
Add initial NixOS module
2020-06-04 21:42:16 +00:00
in
nixos: Minimize the amount of text added to the activation script This is done to reduce the risk of build errors, isolate each run of the script and reduce the amount of replicated code. - Make the file mount script generated by `mkMountScript` a discrete script and only generate its invocations. - Wrap the script invocations in scripts.
2022-02-16 12:42:10 +00:00
{
"createPersistentStorageDirs" = {
deps = [ "users" "groups" ];
text = "${dirCreationScript}";
};
"persist-files" = {
deps = [ "createPersistentStorageDirs" ];
text = "${persistFileScript}";
};
};
Add initial NixOS module
2020-06-04 21:42:16 +00:00
assertions =
let
nixos: Only check file systems for neededForBoot Only assert that persistent paths are marked neededForBoot if they're file system roots. Fixes #12
2020-07-18 19:40:37 +00:00
markedNeededForBoot = cond: fs:
if config.fileSystems ? ${fs} then
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
config.fileSystems.${fs}.neededForBoot == cond
nixos: Only check file systems for neededForBoot Only assert that persistent paths are marked neededForBoot if they're file system roots. Fixes #12
2020-07-18 19:40:37 +00:00
else
cond;
nixos: Refactor the module to simplify future extensibility Implement support for a submodule representation for files and directories. Strings are automatically converted to appropriate submodule representations and each file and directory is handled based only on their respective submodule's attributes. This means that for most files, a string will suffice, but if more advanced options need to be set for the specific files or directories, a submodule can be used instead. It also, arguably, simplifies the implementation a bit.
2022-01-15 16:12:17 +00:00
persistentStoragePaths = attrNames cfg;
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
usersPerPath = allPersistentStoragePaths.users;
homeDirOffenders =
filterAttrs
(n: v: (v.home != config.users.users.${n}.home));
Format with nixpkgs-fmt
2020-06-05 17:37:07 +00:00
in
[
nixos: Add neededForBoot assertion
2020-06-08 16:40:35 +00:00
{
# Assert that all persistent storage volumes we use are
# marked with neededForBoot.
assertion = all (markedNeededForBoot true) persistentStoragePaths;
message =
let
offenders = filter (markedNeededForBoot false) persistentStoragePaths;
in
''
environment.persistence:
All filesystems used for persistent storage must
have the flag neededForBoot set to true.
Please fix or remove the following paths:
Add initial NixOS module
2020-06-04 21:42:16 +00:00
${concatStringsSep "\n " offenders}
'';
}
nixos: Implement support for user files and directories Allow user files and directories to be specified as follows: environment.persistence."/persistent" = { users.talyz = { files = [ ".screenrc" ]; directories = [ "Downloads" ]; }; }; This provides an alternative to the home-manager module and may even deprecate it in the future.
2022-01-16 17:59:03 +00:00
{
assertion = all (users: (homeDirOffenders users) == { }) usersPerPath;
message =
let
offendersPerPath = filter (users: (homeDirOffenders users) != { }) usersPerPath;
offendersText =
concatMapStringsSep
"\n "
(offenders:
concatMapStringsSep
"\n "
(n: "${n}: ${offenders.${n}.home} != ${config.users.users.${n}.home}")
(attrNames offenders))
offendersPerPath;
in
''
environment.persistence:
Users and home doesn't match:
${offendersText}
You probably want to set each
environment.persistence.<path>.users.<user>.home to
match the respective user's home directory as
defined by users.users.<user>.home.
'';
}
nixos: Assert that no duplicate files or directories are specified
2022-01-16 17:56:15 +00:00
{
assertion = duplicates (catAttrs "file" files) == [ ];
message =
let
offenders = duplicates (catAttrs "file" files);
in
''
environment.persistence:
The following files were specified two or more
times:
${concatStringsSep "\n " offenders}
'';
}
{
assertion = duplicates (catAttrs "directory" directories) == [ ];
message =
let
offenders = duplicates (catAttrs "directory" directories);
in
''
environment.persistence:
The following directories were specified two or more
times:
${concatStringsSep "\n " offenders}
'';
}
Add initial NixOS module
2020-06-04 21:42:16 +00:00
];
};
}
Reference in a new issue Copy permalink