This allows the path to persistent storage to be defined through an
option in the submodule, not just by the submodule name, i.e. instead
of
```nix
environment.persistence."/persistent" = {
files = [ ... ]
directories = [ ... ]
};
```
you could specify
```nix
environment.persistence.main = {
persistentStoragePath = "/persistent";
files = [ ... ]
directories = [ ... ]
};
```
which is good for readability and when you want to split the config
between multiple files.
Fixes#117.
The logic for detecting whether a file or directory is specified
multiple times was not updated to account for the recent
file/filePath and directory/dirPath changes. This can lead to spurious
failures like the following if the same home-relative path is persisted
for different users:
Failed assertions:
- environment.persistence:
The following directories were specified two or more
times:
.cache
.config
.local/share
.local/state
.gnupg
.ssh
In addition, the assertion may falsely not trigger in the contrived
situation where the same entity is persisted both in a per-user
configuration (using the relative path) and the global configuration
(using the absolute path).
Fix these situations by checking the absolute paths again using
filePath and dirPath.
Construct directory items for all parent directories of the user
specified files and directories, assigning better default permissions
and ownership to each and removing this responsibility from the
create-directories script.
This means that all parent directories of root directories will now
have the default permissions and ownership, not inherit them from the
child. User directories are assigned default user ownership. The home
directory itself is handled specially to make sure it is owned by the
user, not readable by anyone else and its parent gets default root
ownership.
To illustrate this with an example, here is a directory specification
and the ownership and permissions that could potentially be assigned
to the parent directories, given none of them yet exist in persistent
storage:
environment.persistence."/persistent" = {
users.talyz = {
directories = [
{ directory = ".local/share/secret"; mode = "0500"; }
];
};
};
Before:
/home talyz:talyz 0500
/home/talyz talyz:talyz 0500
/home/talyz/.local talyz:talyz 0500
/home/talyz/.local/share talyz:talyz 0500
/home/talyz/.local/share/secret talyz:talyz 0500
After:
/home root:root 0755
/home/talyz talyz:talyz 0700
/home/talyz/.local talyz:talyz 0755
/home/talyz/.local/share talyz:talyz 0755
/home/talyz/.local/share/secret talyz:talyz 0500
This adds the new internal options `home`, `filePath` and
`dirPath`. Whereas previously `file` and `directory` would be
rewritten to the full path for user files and directories, they now
keep the value specified by the user. The new `filePath` and `dirPath`
options fill their previous use where the full path is required. In
addition, the new `home` option can be used to get the path to the
user's home directory for a specific file or directory item; for root
items it's set to `null`.
The `/var/lib/nixos` directory contains the uid and gid map for entities
without a static id. Not persisting them means your user and group ids
could change between reboots, which is likely undesirable.
When cross-compiling, `patchShebangs` requires the host platform's bash
to be present in the HOST_PATH environment variable. However, by default
when using `pkgs.runCommand`, only the build platform's bash is
implicitly added to the PATH. The result is that the shebang is not
replaced, and the script fails to run because the activation scripts
don't have `bash` in their environment.
By explicitly adding `pkgs.bash` to the build inputs, this ensures the
HOST_PATH is populated and makes `patchShebangs` work as expected.
This is done to reduce the risk of build errors, isolate each run of
the script and reduce the amount of replicated code.
- Make the file mount script generated by `mkMountScript` a discrete
script and only generate its invocations.
- Wrap the script invocations in scripts.
In addition to the currently set bash options, set `noglob` and
`inherit_errexit`.
- `noglob` disables filename expansion, which could happen in the for
loop where we do path splitting if the path contains characters
recognized by bash as wildcards, such as `?` or `*`.
- `inherit_errexit` makes subshells inherit the status of the
`errexit` option.
Previously, paths were split on bash's default delimiters (space, tab
and newline) with slashes converted to space. This meant paths
containing any such delimiters were incorrectly handled.
Fix this by temporarily replacing bash's default delimiters with `/`,
making sure this is the only character we split on.
Set the permissions for user directories and files properly when
converting them from string to submodule. Previously, they would use
the root default of `root:root`.
Fixes#74.
Allow the owner and mode to be set when directories are created in
persistent storage by the `create-directories.bash` script. Very
useful for directories used to store secrets.
Also, make sure the user directories are created with reasonable
defaults, i.e. owned by the user and its group, not by `root:root`.
Allow user files and directories to be specified as follows:
environment.persistence."/persistent" = {
users.talyz = {
files = [
".screenrc"
];
directories = [
"Downloads"
];
};
};
This provides an alternative to the home-manager module and may even
deprecate it in the future.
Implement support for a submodule representation for files and
directories. Strings are automatically converted to appropriate
submodule representations and each file and directory is handled based
only on their respective submodule's attributes. This means that for
most files, a string will suffice, but if more advanced options need
to be set for the specific files or directories, a submodule can be
used instead. It also, arguably, simplifies the implementation a bit.
