colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

impermanence: abstract the creation of root-owned system directories

Browse Source
This commit is contained in:
colin
2022-07-10 15:06:55 -07:00
parent 5c6f616c97
commit 01a47932f7
1 changed files with 17 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
modules/impermanence.nix
View File

@@ -17,9 +17,15 @@ in
}; };
config = let config = let
map-home-dirs = dirs: builtins.map map-dir = defaults: dir: if isString dir then
(d: { user = "colin"; group = "users"; mode = "0755"; directory = "/home/colin/${d}"; }) map-dir defaults { directory = "${defaults.directory}${dir}"; }
dirs; else
defaults // dir
;
map-dirs = defaults: dirs: builtins.map (map-dir defaults) dirs;
map-home-dirs = map-dirs { user = "colin"; group = "users"; mode = "0755"; directory = "/home/colin/"; };
map-sys-dirs = map-dirs { user = "root"; group = "root"; mode = "0755"; directory = ""; };
in mkIf cfg.enable { in mkIf cfg.enable {
environment.persistence."/nix/persist" = { environment.persistence."/nix/persist" = {
directories = (map-home-dirs [ directories = (map-home-dirs [
@@ -54,10 +60,15 @@ in
".config/Element" ".config/Element"
# creds, media # creds, media
".config/Signal" ".config/Signal"
]) ++ [ ]) ++ (map-sys-dirs [
{ user = "root"; group = "root"; mode = "0700"; directory = "/etc/NetworkManager/system-connections"; } { mode = "0700"; directory = "/etc/NetworkManager/system-connections"; }
# "/etc/nixos" # "/etc/nixos"
{ user = "root"; group = "root"; mode = "0755"; directory = "/etc/ssh"; } "/etc/ssh"
"/var/log"
"/var/backup" # for e.g. postgres dumps
# TODO: what even GOES in /srv?
"/srv"
]) ++ [
# "/var/lib/AccountsService" # not sure what this is, but it's empty # "/var/lib/AccountsService" # not sure what this is, but it's empty
{ user = "root"; group = "root"; mode = "0755"; directory = "/var/lib/alsa"; } # preserve output levels, default devices { user = "root"; group = "root"; mode = "0755"; directory = "/var/lib/alsa"; } # preserve output levels, default devices
# "/var/lib/blueman" # files aren't human readable # "/var/lib/blueman" # files aren't human readable
@@ -98,10 +109,6 @@ in
{ user = "root"; group = "root"; mode = "0755"; directory = "/var/lib/postfix"; } # TODO: mode? could be more granular { user = "root"; group = "root"; mode = "0755"; directory = "/var/lib/postfix"; } # TODO: mode? could be more granular
{ user = "70"; group = "70"; mode = "0755"; directory = "/var/lib/transmission"; } # TODO: mode? we need this specifically for the stats tracking in .config/ { user = "70"; group = "70"; mode = "0755"; directory = "/var/lib/transmission"; } # TODO: mode? we need this specifically for the stats tracking in .config/
{ user = "colin"; group = "users"; mode = "0755"; directory = "/var/lib/uninsane"; } { user = "colin"; group = "users"; mode = "0755"; directory = "/var/lib/uninsane"; }
{ user = "root"; group = "root"; mode = "0755"; directory = "/var/log"; }
{ user = "root"; group = "root"; mode = "0755"; directory = "/var/backup"; } # for e.g. postgres dumps
# TODO: what even GOES in /srv?
{ user = "root"; group = "root"; mode = "0755"; directory = "/srv"; }
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"