nix-files/modules/persist/default.nix

# borrows from:
#   https://xeiaso.net/blog/paranoid-nixos-2021-07-18
#   https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
#   https://github.com/nix-community/impermanence
{ config, lib, pkgs, utils, sane-lib, ... }:

with lib;
let
  path = sane-lib.path;
  sane-types = sane-lib.types;
  cfg = config.sane.persist;

  storeType = types.submodule {
    options = {
      storeDescription = mkOption {
        type = types.nullOr types.str;
        default = null;
        description = ''
          an optional description of the store, which is rendered like
            {store.name}: {store.storeDescription}
          for example, a store named "private" could have description "ecnrypted to the user's password and decrypted on login".
        '';
      };
      origin = mkOption {
        type = types.str;
      };
      prefix = mkOption {
        type = types.str;
        default = "/";
        description = ''
          optional prefix to strip from children when stored here.
          for example, prefix="/var/private" and mountpoint="/mnt/crypt/private"
          would cause /var/private/www/root to be stored at /mnt/crypt/private/www/root instead of
          /mnt/crypt/private/var/private/www/root.
        '';
      };
      defaultOrdering.wantedBeforeBy = mkOption {
        type = types.listOf types.str;
        default = [ "local-fs.target" ];
        description = ''
          list of units or targets which would prefer that everything in this store
          be initialized before they run, but failing to do so should not error the items in this list.
        '';
      };
      defaultOrdering.wantedBy = mkOption {
        type = types.listOf types.str;
        default = [ ];
        description = ''
          list of units or targets which, upon activation, should activate all units in this store.
        '';
      };
    };
  };

  # options for a single mountpoint / persistence
  dirEntryOptions = {
    options = {
      directory = mkOption {
        type = types.str;
      };
      inherit (sane-types.aclOverrideMod.options) user group mode;
    };
  };
  contextualizedDir = types.submodule dirEntryOptions;
  # allow "bar/baz" as shorthand for { directory = "bar/baz"; }
  contextualizedDirOrShorthand = types.coercedTo
    types.str
    (d: { directory = d; })
    contextualizedDir;

  # entry whose `directory` is always an absolute fs path
  # and has an associated `store`
  contextFreeDir = types.submodule [
    dirEntryOptions
    {
      options = {
        store = mkOption {
          type = storeType;
        };
      };
    }
  ];

  contextFreeDirSpec = types.submodule {
    options = {
      inherit (sane-types.aclOverrideMod.options) user group mode;
      store = mkOption {
        type = storeType;
      };
    };
  };


  # attrset from { "${storeName}" = [ dirEntry ] }
  # the user can specify something like:
  #   <option>.private.".cache/vim" = { mode = "0700"; };
  # to place ".cache/vim" into the private store and create with the appropriate mode
  dirsSubModule = types.attrsOf (types.listOf contextualizedDirOrShorthand);
in
{
  options = {
    sane.persist.enable = mkOption {
      default = false;
      type = types.bool;
    };
    sane.persist.root-on-tmpfs = mkOption {
      default = false;
      type = types.bool;
      description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
    };
    sane.persist.home = mkOption {
      description = "directories to persist to disk, relative to a user's home ~";
      default = {};
      type = dirsSubModule;
    };
    sane.persist.sys = mkOption {
      description = "directories to persist to disk, relative to the fs root /";
      default = {};
      type = dirsSubModule;
    };
    sane.persist.all = mkOption {
      type = types.attrsOf contextFreeDirSpec;
      description = "all directories known to the config. auto-computed: users should not set this directly.";
    };
    sane.persist.stores = mkOption {
      type = types.attrsOf storeType;
      default = {};
      description = ''
        map from human-friendly name to a fs sub-tree from which files are linked into the logical fs.
      '';
    };
  };

  imports = [
    ./computed.nix
    ./root-on-tmpfs.nix
    ./stores
  ];

  config = let
    cfgFor = fspath: opt:
      let
        store = opt.store;
        fsPathToStoreRelPath = fspath: path.from store.prefix fspath;
        fsPathToBackingPath = fspath: path.concat [ store.origin (fsPathToStoreRelPath fspath) ];

        # pass through the perm/mode overrides
        dir-acl = sane-lib.filterNonNull {
          inherit (opt) user group mode;
        };
      in [
        {
          # create destination dir, with correct perms
          sane.fs."${fspath}" = {
            # inherit perms & make sure we don't mount until after the mount point is setup correctly.
            dir.acl = dir-acl;
            mount.bind = fsPathToBackingPath fspath;
            inherit (store.defaultOrdering) wantedBy wantedBeforeBy;
          };

          # create the backing path as a dir
          sane.fs."${fsPathToBackingPath fspath}".dir = {};
        }
        {
          # default each item along the backing path to have the same acl as the location it would be mounted.
          sane.fs = sane-lib.mapToAttrs (fsSubpath: {
            name = fsPathToBackingPath fsSubpath;
            value.generated.acl = config.sane.fs."${fsSubpath}".generated.acl;
          }) (path.walk store.prefix fspath);
        }
      ];
      configsPerPath = lib.mapAttrsToList cfgFor cfg.all;
      allConfigs = builtins.concatLists configsPerPath;
  in mkIf cfg.enable {
    sane.fs = lib.mkMerge (map (c: c.sane.fs) allConfigs);
  };
}
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`# borrows from:`
			`# https://xeiaso.net/blog/paranoid-nixos-2021-07-18`
			`# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/`
			`# https://github.com/nix-community/impermanence`
modules: impermanence: use sane-lib.path 2023-01-03 14:55:27 +00:00			`{ config, lib, pkgs, utils, sane-lib, ... }:`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
			`with lib;`
			`let`
modules: impermanence: use sane-lib.path 2023-01-03 14:55:27 +00:00			`path = sane-lib.path;`
lib: lift acl type into sane-lib/types 2023-01-04 00:59:52 +00:00			`sane-types = sane-lib.types;`
rename impermanence -> persist 2023-01-06 10:04:51 +00:00			`cfg = config.sane.persist;`
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument in the future it can support ~/private as a backing store 2023-01-03 03:04:17 +00:00
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`storeType = types.submodule {`
			`options = {`
impermanence: add a storeDescription field per store 2023-01-04 01:54:13 +00:00			`storeDescription = mkOption {`
			`type = types.nullOr types.str;`
			`default = null;`
			`description = ''`
			`an optional description of the store, which is rendered like`
			`{store.name}: {store.storeDescription}`
			`for example, a store named "private" could have description "ecnrypted to the user's password and decrypted on login".`
			`'';`
			`};`
fs: rename "mountpt" -> "origin" to reflect that it doesnt have to be a device 2023-01-04 12:19:32 +00:00			`origin = mkOption {`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`type = types.str;`
			`};`
			`prefix = mkOption {`
			`type = types.str;`
			`default = "/";`
impermanence: improve docs 2023-01-03 07:45:19 +00:00			`description = ''`
			`optional prefix to strip from children when stored here.`
			`for example, prefix="/var/private" and mountpoint="/mnt/crypt/private"`
			`would cause /var/private/www/root to be stored at /mnt/crypt/private/www/root instead of`
			`/mnt/crypt/private/var/private/www/root.`
			`'';`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`};`
fs/impermanence: more precisely control unit dependencies/ordering 2023-01-04 11:22:26 +00:00			`defaultOrdering.wantedBeforeBy = mkOption {`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`type = types.listOf types.str;`
fs/impermanence: more precisely control unit dependencies/ordering 2023-01-04 11:22:26 +00:00			`default = [ "local-fs.target" ];`
impermanence: improve docs 2023-01-03 07:45:19 +00:00			`description = ''`
fs/impermanence: more precisely control unit dependencies/ordering 2023-01-04 11:22:26 +00:00			`list of units or targets which would prefer that everything in this store`
			`be initialized before they run, but failing to do so should not error the items in this list.`
			`'';`
			`};`
			`defaultOrdering.wantedBy = mkOption {`
			`type = types.listOf types.str;`
			`default = [ ];`
			`description = ''`
			`list of units or targets which, upon activation, should activate all units in this store.`
impermanence: improve docs 2023-01-03 07:45:19 +00:00			`'';`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`};`
			`};`
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument in the future it can support ~/private as a backing store 2023-01-03 03:04:17 +00:00			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`# options for a single mountpoint / persistence`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`dirEntryOptions = {`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`options = {`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`directory = mkOption {`
			`type = types.str;`
			`};`
lib: lift acl type into sane-lib/types 2023-01-04 00:59:52 +00:00			`inherit (sane-types.aclOverrideMod.options) user group mode;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`};`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`contextualizedDir = types.submodule dirEntryOptions;`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`# allow "bar/baz" as shorthand for { directory = "bar/baz"; }`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`contextualizedDirOrShorthand = types.coercedTo`
			`types.str`
			`(d: { directory = d; })`
			`contextualizedDir;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			# entry whose `directory` is always an absolute fs path
			# and has an associated `store`
			`contextFreeDir = types.submodule [`
			`dirEntryOptions`
			`{`
			`options = {`
			`store = mkOption {`
			`type = storeType;`
			`};`
			`};`
			`}`
			`];`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`contextFreeDirSpec = types.submodule {`
			`options = {`
			`inherit (sane-types.aclOverrideMod.options) user group mode;`
			`store = mkOption {`
			`type = storeType;`
			`};`
			`};`
			`};`

refactor the dirsSubModule type so that we don't reference 'config.sane.persist' while creating options 2023-01-06 10:35:32 +00:00
			`# attrset from { "${storeName}" = [ dirEntry ] }`
			`# the user can specify something like:`
persist: document the `dirsSubModule` type better 2023-01-06 10:31:01 +00:00			`# <option>.private.".cache/vim" = { mode = "0700"; };`
			`# to place ".cache/vim" into the private store and create with the appropriate mode`
refactor the dirsSubModule type so that we don't reference 'config.sane.persist' while creating options 2023-01-06 10:35:32 +00:00			`dirsSubModule = types.attrsOf (types.listOf contextualizedDirOrShorthand);`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`in`
			`{`
			`options = {`
rename impermanence -> persist 2023-01-06 10:04:51 +00:00			`sane.persist.enable = mkOption {`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`default = false;`
			`type = types.bool;`
			`};`
rename impermanence -> persist 2023-01-06 10:04:51 +00:00			`sane.persist.root-on-tmpfs = mkOption {`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`default = false;`
			`type = types.bool;`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`};`
persist: lift sane.persist.dirs.{home,sys} up one level 2023-01-06 11:29:13 +00:00			`sane.persist.home = mkOption {`
			`description = "directories to persist to disk, relative to a user's home ~";`
			`default = {};`
			`type = dirsSubModule;`
			`};`
			`sane.persist.sys = mkOption {`
			`description = "directories to persist to disk, relative to the fs root /";`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`default = {};`
persist: lift sane.persist.dirs.{home,sys} up one level 2023-01-06 11:29:13 +00:00			`type = dirsSubModule;`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`};`
persist: lift `sane.persist.dirs.all` up to `sane.persist.all` 2023-01-06 11:24:11 +00:00			`sane.persist.all = mkOption {`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`type = types.attrsOf contextFreeDirSpec;`
persist: lift `sane.persist.dirs.all` up to `sane.persist.all` 2023-01-06 11:24:11 +00:00			`description = "all directories known to the config. auto-computed: users should not set this directly.";`
			`};`
rename impermanence -> persist 2023-01-06 10:04:51 +00:00			`sane.persist.stores = mkOption {`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`type = types.attrsOf storeType;`
			`default = {};`
impermanence: improve docs 2023-01-03 07:45:19 +00:00			`description = ''`
			`map from human-friendly name to a fs sub-tree from which files are linked into the logical fs.`
			`'';`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`

impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`imports = [`
persist: lift `sane.persist.dirs.all` up to `sane.persist.all` 2023-01-06 11:24:11 +00:00			`./computed.nix`
impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`./root-on-tmpfs.nix`
impermanence: large refactor, and experimental bind mounting of things from ~/private 2023-01-03 07:04:49 +00:00			`./stores`
impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`];`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: split the /home/colin perms fix into more appropriate places 2023-01-03 08:25:43 +00:00			`config = let`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`cfgFor = fspath: opt:`
impermanence: split the /home/colin perms fix into more appropriate places 2023-01-03 08:25:43 +00:00			`let`
			`store = opt.store;`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`fsPathToStoreRelPath = fspath: path.from store.prefix fspath;`
			`fsPathToBackingPath = fspath: path.concat [ store.origin (fsPathToStoreRelPath fspath) ];`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: split the /home/colin perms fix into more appropriate places 2023-01-03 08:25:43 +00:00			`# pass through the perm/mode overrides`
impermanence: simplify dir-acl handling by using a helper 2023-01-04 01:19:22 +00:00			`dir-acl = sane-lib.filterNonNull {`
			`inherit (opt) user group mode;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`in [`
			`{`
			`# create destination dir, with correct perms`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`sane.fs."${fspath}" = {`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`# inherit perms & make sure we don't mount until after the mount point is setup correctly.`
			`dir.acl = dir-acl;`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`mount.bind = fsPathToBackingPath fspath;`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`inherit (store.defaultOrdering) wantedBy wantedBeforeBy;`
			`};`

			`# create the backing path as a dir`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`sane.fs."${fsPathToBackingPath fspath}".dir = {};`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`}`
			`{`
			`# default each item along the backing path to have the same acl as the location it would be mounted.`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`sane.fs = sane-lib.mapToAttrs (fsSubpath: {`
			`name = fsPathToBackingPath fsSubpath;`
			`value.generated.acl = config.sane.fs."${fsSubpath}".generated.acl;`
			`}) (path.walk store.prefix fspath);`
impermanence: cleanup backing directory creation. this should let me remove the per-store /home/<user> perms hack 2023-01-06 09:56:06 +00:00			`}`
			`];`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`configsPerPath = lib.mapAttrsToList cfgFor cfg.all;`
			`allConfigs = builtins.concatLists configsPerPath;`
impermanence: split the /home/colin perms fix into more appropriate places 2023-01-03 08:25:43 +00:00			`in mkIf cfg.enable {`
persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00			`sane.fs = lib.mkMerge (map (c: c.sane.fs) allConfigs);`
impermanence: split the /home/colin perms fix into more appropriate places 2023-01-03 08:25:43 +00:00			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`}`