This is done to reduce the risk of build errors, isolate each run of
the script and reduce the amount of replicated code.
- Make the file mount script generated by `mkMountScript` a discrete
script and only generate its invocations.
- Wrap the script invocations in scripts.
In addition to the currently set bash options, set `noglob` and
`inherit_errexit`.
- `noglob` disables filename expansion, which could happen in the for
loop where we do path splitting if the path contains characters
recognized by bash as wildcards, such as `?` or `*`.
- `inherit_errexit` makes subshells inherit the status of the
`errexit` option.
Previously, paths were split on bash's default delimiters (space, tab
and newline) with slashes converted to space. This meant paths
containing any such delimiters were incorrectly handled.
Fix this by temporarily replacing bash's default delimiters with `/`,
making sure this is the only character we split on.
Set the permissions for user directories and files properly when
converting them from string to submodule. Previously, they would use
the root default of `root:root`.
Fixes#74.
Allow the owner and mode to be set when directories are created in
persistent storage by the `create-directories.bash` script. Very
useful for directories used to store secrets.
Also, make sure the user directories are created with reasonable
defaults, i.e. owned by the user and its group, not by `root:root`.
Allow user files and directories to be specified as follows:
environment.persistence."/persistent" = {
users.talyz = {
files = [
".screenrc"
];
directories = [
"Downloads"
];
};
};
This provides an alternative to the home-manager module and may even
deprecate it in the future.
Implement support for a submodule representation for files and
directories. Strings are automatically converted to appropriate
submodule representations and each file and directory is handled based
only on their respective submodule's attributes. This means that for
most files, a string will suffice, but if more advanced options need
to be set for the specific files or directories, a submodule can be
used instead. It also, arguably, simplifies the implementation a bit.
Manage files by creating a systemd oneshot service for each file. The
service links or bind mounts the file as appropriate on start and
removes the link or unmounts it when stopped. Whether a symlink or
bind mount is used is determined by if the target exists - if it does,
it's bind mounted, otherwise symlinked. To make sure files are
available early enough, also run the start portion in the activation
script.
This lifts the restriction on files being placed in `/etc` and should
finally close#1.
Since the release of Nix 2.4, the ci pipeline is broken, as the syntax
and behavior of nix run changed. The command is also considered
experimental. Switch to using nix-shell instead.
NixOS defaults to not letting fuse mounts be allowed to let other
users read their contents. `bindfs` wants to give other users access
and is therefore normally run with `--no-allow-other` to not throw an
error.
Giving other users, mainly `root`, access to the bind mounts is,
however, useful and works fine when
programs.fuse.userAllowOther = true;
is declared in `configuration.nix`. This adds an option to choose
whether to give other users access or not. It also prompts the user to
set the `allowOther` attribute with a link to the documentation.
Due to what is likely a bug in bindfs or fuse, the target path is
sometimes missing from the mount entry. This causes false positives
for the target directory having changed, leading to unnecessary
remounts. Luckily, it seems that when this happens, the line instead
contains the string `bindfs`, which it doesn't normally, so we can at
least circumvent this issue to some degree.
Find the correct name of the activation script entry responsible for
reloading systemd user services. The name was initially
`reloadSystemD` but has been changed to `reloadSystemd`, causing
failures due to the unmounts being done after the systemd services are
reloaded.
If there were multiple levels of directories which hadn't yet been
created in persistent storage, the `create-directories.bash` script
would error out when running `realpath` on the path. To allow this,
`realpath` has to be run with `-m`.
