nix-files/modules/impermanence/default.nix

# borrows from:
#   https://xeiaso.net/blog/paranoid-nixos-2021-07-18
#   https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
#   https://github.com/nix-community/impermanence
{ config, lib, pkgs, utils, ... }:

with lib;
let
  cfg = config.sane.impermanence;

  stores = {
    "crypt-clearedonboot" = "/mnt/impermanence/crypt/clearedonboot";
    "persist" = "/nix/persist";
  };

  # split the string path into a list of string components.
  # root directory "/" becomes the empty list [].
  # implicitly performs normalization so that:
  # splitPath "a//b/" => ["a" "b"]
  # splitPath "/a/b" =>  ["a" "b"]
  splitPath = str: builtins.filter (seg: (builtins.isString seg) && seg != "" ) (builtins.split "/" str);
  # return a string path, with leading slash but no trailing slash
  joinPathAbs = comps: "/" + (builtins.concatStringsSep "/" comps);
  concatPaths = paths: joinPathAbs (builtins.concatLists (builtins.map (p: splitPath p) paths));

  # options for a single mountpoint / persistence
  dirEntry = types.submodule {
    options = {
      directory = mkOption {
        type = types.str;
      };
      store = mkOption {
        default = "persist";
        type = types.enum (builtins.attrNames stores);
      };
      user = mkOption {
        type = types.nullOr types.str;
        default = null;
      };
      group = mkOption {
        type = types.nullOr types.str;
        default = null;
      };
      mode = mkOption {
        type = types.nullOr types.str;
        default = null;
      };
    };
  };
  # allow "bar/baz" as shorthand for { directory = "bar/baz"; }
  coercedDirEntry = types.coercedTo types.str (d: { directory = d; }) dirEntry;

  # expand user options with more context
  ingestDirEntry = relativeTo: opt: {
    inherit (opt) user group mode;
    directory = concatPaths [ relativeTo opt.directory ];

    # resolve the store
    store = stores."${opt.store}";
  };

  ingestDirEntries = relativeTo: opts: builtins.map (ingestDirEntry relativeTo) opts;
  ingested-home-dirs = ingestDirEntries "/home/colin" cfg.home-dirs;
  ingested-sys-dirs = ingestDirEntries "/" cfg.dirs;
  ingested-dirs = ingested-home-dirs ++ ingested-sys-dirs;
in
{
  options = {
    sane.impermanence.enable = mkOption {
      default = false;
      type = types.bool;
    };
    sane.impermanence.root-on-tmpfs = mkOption {
      default = false;
      type = types.bool;
      description = "define / to be a tmpfs. make sure to mount some other device to /nix";
    };
    sane.impermanence.home-dirs = mkOption {
      default = [];
      type = types.listOf coercedDirEntry;
      description = "list of directories (and optional config) to persist to disk, relative to the user's home ~";
    };
    sane.impermanence.dirs = mkOption {
      default = [];
      type = types.listOf coercedDirEntry;
      description = "list of directories (and optional config) to persist to disk, relative to the fs root /";
    };
  };

  imports = [
    ./crypt.nix
    ./root-on-tmpfs.nix
  ];

  config = mkIf cfg.enable (lib.mkMerge [
    {
      # TODO: move to sane.fs, to auto-ensure all user dirs?
      sane.fs."/home/colin".dir.acl = {
        user = "colin";
        group = config.users.users.colin.group;
        mode = config.users.users.colin.homeMode;
      };
      # N.B.: we have a similar problem with all mounts:
      # <crypt>/.cache/mozilla won't inherit <plain>/.cache perms.
      # this is less of a problem though, since we don't really support overlapping mounts like that in the first place.
      # what is a problem is if the user specified some other dir we don't know about here.
      # like "/var", and then "/nix/persist/var" has different perms and something mounts funny.
      # TODO: just add assertions that sane.fs."${backing}/${dest}".dir == sane.fs."${dest}" for each mount point?
      sane.fs."/nix/persist/home/colin".dir.acl = config.sane.fs."/home/colin".dir.acl;
      sane.fs."/mnt/impermanence/crypt/clearedonboot/home/colin".dir.acl = config.sane.fs."/home/colin".dir.acl;
    }

    (
      let cfgFor = opt:
        let
          backing-path = concatPaths [ opt.store opt.directory ];

          # pass through the perm/mode overrides
          dir-acl = {
            user = lib.mkIf (opt.user != null) opt.user;
            group = lib.mkIf (opt.group != null) opt.group;
            mode = lib.mkIf (opt.mode != null) opt.mode;
          };
        in {
          # create destination and backing directory, with correct perms
          sane.fs."${opt.directory}" = {
            # inherit perms & make sure we don't mount until after the mount point is setup correctly.
            dir.acl = dir-acl;
            mount.bind = backing-path;
          };
          sane.fs."${backing-path}" = {
            # ensure the backing path has same perms as the mount point
            dir.acl = config.sane.fs."${opt.directory}".dir.acl;
          };
        };
        cfgs = builtins.map cfgFor ingested-dirs;
      in {
        sane.fs = lib.mkMerge (catAttrs "fs" (catAttrs "sane" cfgs));
      }
    )

  ]);
}
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`# borrows from:`
			`# https://xeiaso.net/blog/paranoid-nixos-2021-07-18`
			`# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/`
			`# https://github.com/nix-community/impermanence`
impermanence: enable hyphenated folder names 2022-12-29 18:29:27 +00:00			`{ config, lib, pkgs, utils, ... }:`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
			`with lib;`
			`let`
			`cfg = config.sane.impermanence;`
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument in the future it can support ~/private as a backing store 2023-01-03 03:04:17 +00:00
			`stores = {`
			`"crypt-clearedonboot" = "/mnt/impermanence/crypt/clearedonboot";`
			`"persist" = "/nix/persist";`
			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
			`# split the string path into a list of string components.`
			`# root directory "/" becomes the empty list [].`
			`# implicitly performs normalization so that:`
			`# splitPath "a//b/" => ["a" "b"]`
			`# splitPath "/a/b" => ["a" "b"]`
			`splitPath = str: builtins.filter (seg: (builtins.isString seg) && seg != "" ) (builtins.split "/" str);`
			`# return a string path, with leading slash but no trailing slash`
			`joinPathAbs = comps: "/" + (builtins.concatStringsSep "/" comps);`
			`concatPaths = paths: joinPathAbs (builtins.concatLists (builtins.map (p: splitPath p) paths));`

impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`# options for a single mountpoint / persistence`
			`dirEntry = types.submodule {`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`options = {`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`directory = mkOption {`
			`type = types.str;`
			`};`
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument in the future it can support ~/private as a backing store 2023-01-03 03:04:17 +00:00			`store = mkOption {`
			`default = "persist";`
			`type = types.enum (builtins.attrNames stores);`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`user = mkOption {`
impermanence: use sane.fs to inherit permissions instead of specifying defaults here 2022-12-31 01:04:49 +00:00			`type = types.nullOr types.str;`
			`default = null;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`group = mkOption {`
impermanence: use sane.fs to inherit permissions instead of specifying defaults here 2022-12-31 01:04:49 +00:00			`type = types.nullOr types.str;`
			`default = null;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`mode = mkOption {`
impermanence: use sane.fs to inherit permissions instead of specifying defaults here 2022-12-31 01:04:49 +00:00			`type = types.nullOr types.str;`
			`default = null;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`};`
			`};`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`# allow "bar/baz" as shorthand for { directory = "bar/baz"; }`
			`coercedDirEntry = types.coercedTo types.str (d: { directory = d; }) dirEntry;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
			`# expand user options with more context`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`ingestDirEntry = relativeTo: opt: {`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`inherit (opt) user group mode;`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`directory = concatPaths [ relativeTo opt.directory ];`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument in the future it can support ~/private as a backing store 2023-01-03 03:04:17 +00:00			`# resolve the store`
			`store = stores."${opt.store}";`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`

impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`ingestDirEntries = relativeTo: opts: builtins.map (ingestDirEntry relativeTo) opts;`
			`ingested-home-dirs = ingestDirEntries "/home/colin" cfg.home-dirs;`
			`ingested-sys-dirs = ingestDirEntries "/" cfg.dirs;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`ingested-dirs = ingested-home-dirs ++ ingested-sys-dirs;`
			`in`
			`{`
			`options = {`
			`sane.impermanence.enable = mkOption {`
			`default = false;`
			`type = types.bool;`
			`};`
			`sane.impermanence.root-on-tmpfs = mkOption {`
			`default = false;`
			`type = types.bool;`
			`description = "define / to be a tmpfs. make sure to mount some other device to /nix";`
			`};`
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`sane.impermanence.home-dirs = mkOption {`
			`default = [];`
			`type = types.listOf coercedDirEntry;`
			`description = "list of directories (and optional config) to persist to disk, relative to the user's home ~";`
			`};`
			`sane.impermanence.dirs = mkOption {`
			`default = [];`
			`type = types.listOf coercedDirEntry;`
			`description = "list of directories (and optional config) to persist to disk, relative to the fs root /";`
			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`

impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`imports = [`
impermanence: transform gocryptfs key generation from activation script to systemd unit 2022-12-31 10:15:08 +00:00			`./crypt.nix`
impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`./root-on-tmpfs.nix`
			`];`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00
impermanence: split out the root-on-tmpfs stuff 2022-12-30 04:35:34 +00:00			`config = mkIf cfg.enable (lib.mkMerge [`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`{`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00			`# TODO: move to sane.fs, to auto-ensure all user dirs?`
fs: add a "mount.bind" option & use it for impermanence bind-mounts 2023-01-03 02:45:23 +00:00			`sane.fs."/home/colin".dir.acl = {`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00			`user = "colin";`
			`group = config.users.users.colin.group;`
			`mode = config.users.users.colin.homeMode;`
			`};`
impermanence: use sane.fs to inherit permissions instead of specifying defaults here 2022-12-31 01:04:49 +00:00			`# N.B.: we have a similar problem with all mounts:`
			`# <crypt>/.cache/mozilla won't inherit <plain>/.cache perms.`
			`# this is less of a problem though, since we don't really support overlapping mounts like that in the first place.`
			`# what is a problem is if the user specified some other dir we don't know about here.`
			`# like "/var", and then "/nix/persist/var" has different perms and something mounts funny.`
			`# TODO: just add assertions that sane.fs."${backing}/${dest}".dir == sane.fs."${dest}" for each mount point?`
fs: add a "mount.bind" option & use it for impermanence bind-mounts 2023-01-03 02:45:23 +00:00			`sane.fs."/nix/persist/home/colin".dir.acl = config.sane.fs."/home/colin".dir.acl;`
			`sane.fs."/mnt/impermanence/crypt/clearedonboot/home/colin".dir.acl = config.sane.fs."/home/colin".dir.acl;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`}`

			`(`
			`let cfgFor = opt:`
			`let`
impermanence: transform gocryptfs key generation from activation script to systemd unit 2022-12-31 10:15:08 +00:00			`backing-path = concatPaths [ opt.store opt.directory ];`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00
impermanence: cleanup some previously verbose code 2022-12-31 09:09:51 +00:00			`# pass through the perm/mode overrides`
fs: add a "mount.bind" option & use it for impermanence bind-mounts 2023-01-03 02:45:23 +00:00			`dir-acl = {`
impermanence: use sane.fs to inherit permissions instead of specifying defaults here 2022-12-31 01:04:49 +00:00			`user = lib.mkIf (opt.user != null) opt.user;`
			`group = lib.mkIf (opt.group != null) opt.group;`
			`mode = lib.mkIf (opt.mode != null) opt.mode;`
			`};`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`in {`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00			`# create destination and backing directory, with correct perms`
impermanence: clean up the bind mounts 2022-12-31 12:31:49 +00:00			`sane.fs."${opt.directory}" = {`
			`# inherit perms & make sure we don't mount until after the mount point is setup correctly.`
fs: add a "mount.bind" option & use it for impermanence bind-mounts 2023-01-03 02:45:23 +00:00			`dir.acl = dir-acl;`
			`mount.bind = backing-path;`
impermanence: clean up the bind mounts 2022-12-31 12:31:49 +00:00			`};`
			`sane.fs."${backing-path}" = {`
fs: add a "mount.bind" option & use it for impermanence bind-mounts 2023-01-03 02:45:23 +00:00			`# ensure the backing path has same perms as the mount point`
			`dir.acl = config.sane.fs."${opt.directory}".dir.acl;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`};`
			`};`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00			`cfgs = builtins.map cfgFor ingested-dirs;`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`in {`
impermanence: defer to fs.nix module for permissions & dir creation 2022-12-31 00:38:15 +00:00			`sane.fs = lib.mkMerge (catAttrs "fs" (catAttrs "sane" cfgs));`
WIP: impermanence rework (gut 3rd-party lib) 2022-12-29 16:38:58 +00:00			`}`
			`)`

			`]);`
			`}`