diff --git a/hosts/by-name/servo/fs.nix b/hosts/by-name/servo/fs.nix index 95ff7144b..fa20f8247 100644 --- a/hosts/by-name/servo/fs.nix +++ b/hosts/by-name/servo/fs.nix @@ -36,7 +36,7 @@ }; sane.fs."/mnt/persist/ext".mount = {}; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: this is overly broad; only need media and share directories to be persisted { user = "colin"; group = "users"; path = "/var/lib/uninsane"; } ]; diff --git a/hosts/by-name/servo/services/calibre.nix b/hosts/by-name/servo/services/calibre.nix index 58f9892e4..b77fc7102 100644 --- a/hosts/by-name/servo/services/calibre.nix +++ b/hosts/by-name/servo/services/calibre.nix @@ -12,7 +12,7 @@ in # > AttributeError: 'NoneType' object has no attribute 'query' lib.mkIf false { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { inherit user group; mode = "0700"; path = svc-dir; } ]; diff --git a/hosts/by-name/servo/services/ejabberd.nix b/hosts/by-name/servo/services/ejabberd.nix index 57fefae4d..71303786b 100644 --- a/hosts/by-name/servo/services/ejabberd.nix +++ b/hosts/by-name/servo/services/ejabberd.nix @@ -44,7 +44,7 @@ in # everything configured below was fine: used ejabberd for several months. lib.mkIf false { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "ejabberd"; group = "ejabberd"; path = "/var/lib/ejabberd"; } ]; sane.ports.ports = lib.mkMerge ([ diff --git a/hosts/by-name/servo/services/email/postfix.nix b/hosts/by-name/servo/services/email/postfix.nix index 586e334fa..20a1162fc 100644 --- a/hosts/by-name/servo/services/email/postfix.nix +++ b/hosts/by-name/servo/services/email/postfix.nix @@ -18,7 +18,7 @@ let }; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? could be more granular { user = "opendkim"; group = "opendkim"; path = "/var/lib/opendkim"; } { user = "root"; group = "root"; path = "/var/lib/postfix"; } diff --git a/hosts/by-name/servo/services/freshrss.nix b/hosts/by-name/servo/services/freshrss.nix index 65b2efefa..525b08f48 100644 --- a/hosts/by-name/servo/services/freshrss.nix +++ b/hosts/by-name/servo/services/freshrss.nix @@ -15,7 +15,7 @@ owner = config.users.users.freshrss.name; mode = "0400"; }; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "freshrss"; group = "freshrss"; path = "/var/lib/freshrss"; } ]; diff --git a/hosts/by-name/servo/services/gitea.nix b/hosts/by-name/servo/services/gitea.nix index 29dee49e3..0920c26e5 100644 --- a/hosts/by-name/servo/services/gitea.nix +++ b/hosts/by-name/servo/services/gitea.nix @@ -2,7 +2,7 @@ { config, pkgs, lib, ... }: { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? could be more granular { user = "git"; group = "gitea"; path = "/var/lib/gitea"; } ]; diff --git a/hosts/by-name/servo/services/ipfs.nix b/hosts/by-name/servo/services/ipfs.nix index 55f56dd4c..7cec3d389 100644 --- a/hosts/by-name/servo/services/ipfs.nix +++ b/hosts/by-name/servo/services/ipfs.nix @@ -10,7 +10,7 @@ lib.mkIf false # i don't actively use ipfs anymore { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? could be more granular { user = "261"; group = "261"; path = "/var/lib/ipfs"; } ]; diff --git a/hosts/by-name/servo/services/jackett.nix b/hosts/by-name/servo/services/jackett.nix index 2e9fe1faf..6076ba373 100644 --- a/hosts/by-name/servo/services/jackett.nix +++ b/hosts/by-name/servo/services/jackett.nix @@ -1,7 +1,7 @@ { ... }: { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? we only need this to save Indexer creds ==> migrate to config? { user = "root"; group = "root"; path = "/var/lib/jackett"; } ]; diff --git a/hosts/by-name/servo/services/jellyfin.nix b/hosts/by-name/servo/services/jellyfin.nix index 0c4d70655..bba5a51f7 100644 --- a/hosts/by-name/servo/services/jellyfin.nix +++ b/hosts/by-name/servo/services/jellyfin.nix @@ -40,7 +40,7 @@ description = "colin-jellyfin-https-lan"; }; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "jellyfin"; group = "jellyfin"; mode = "0700"; path = "/var/lib/jellyfin"; } ]; sane.fs."/var/lib/jellyfin/config/logging.json" = { diff --git a/hosts/by-name/servo/services/komga.nix b/hosts/by-name/servo/services/komga.nix index 7e944a719..9e6d44101 100644 --- a/hosts/by-name/servo/services/komga.nix +++ b/hosts/by-name/servo/services/komga.nix @@ -4,7 +4,7 @@ let inherit (svc-cfg) user group port stateDir; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { inherit user group; mode = "0700"; path = stateDir; } ]; diff --git a/hosts/by-name/servo/services/matrix/default.nix b/hosts/by-name/servo/services/matrix/default.nix index 21f6840c4..816466624 100644 --- a/hosts/by-name/servo/services/matrix/default.nix +++ b/hosts/by-name/servo/services/matrix/default.nix @@ -20,7 +20,7 @@ ./signal.nix ]; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "matrix-synapse"; group = "matrix-synapse"; path = "/var/lib/matrix-synapse"; } ]; services.matrix-synapse.enable = true; diff --git a/hosts/by-name/servo/services/matrix/discord-puppet.nix b/hosts/by-name/servo/services/matrix/discord-puppet.nix index 852866d1b..303d5aa41 100644 --- a/hosts/by-name/servo/services/matrix/discord-puppet.nix +++ b/hosts/by-name/servo/services/matrix/discord-puppet.nix @@ -5,7 +5,7 @@ # - recommended to use mautrix-discord: lib.mkIf false { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "matrix-synapse"; group = "matrix-synapse"; path = "/var/lib/mx-puppet-discord"; } ]; diff --git a/hosts/by-name/servo/services/matrix/irc.nix b/hosts/by-name/servo/services/matrix/irc.nix index 84f2f5436..274414c2e 100644 --- a/hosts/by-name/servo/services/matrix/irc.nix +++ b/hosts/by-name/servo/services/matrix/irc.nix @@ -101,7 +101,7 @@ in }) ]; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? { user = "matrix-appservice-irc"; group = "matrix-appservice-irc"; path = "/var/lib/matrix-appservice-irc"; } ]; diff --git a/hosts/by-name/servo/services/matrix/signal.nix b/hosts/by-name/servo/services/matrix/signal.nix index 1b3cde4d5..f78799d3d 100644 --- a/hosts/by-name/servo/services/matrix/signal.nix +++ b/hosts/by-name/servo/services/matrix/signal.nix @@ -2,7 +2,7 @@ # - { config, pkgs, ... }: { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "mautrix-signal"; group = "mautrix-signal"; path = "/var/lib/mautrix-signal"; } { user = "signald"; group = "signald"; path = "/var/lib/signald"; } ]; diff --git a/hosts/by-name/servo/services/navidrome.nix b/hosts/by-name/servo/services/navidrome.nix index b5fa312f1..c467d761e 100644 --- a/hosts/by-name/servo/services/navidrome.nix +++ b/hosts/by-name/servo/services/navidrome.nix @@ -1,7 +1,7 @@ { lib, ... }: { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "navidrome"; group = "navidrome"; path = "/var/lib/navidrome"; } ]; services.navidrome.enable = true; diff --git a/hosts/by-name/servo/services/nginx.nix b/hosts/by-name/servo/services/nginx.nix index 349d9006a..fb4037af6 100644 --- a/hosts/by-name/servo/services/nginx.nix +++ b/hosts/by-name/servo/services/nginx.nix @@ -134,7 +134,7 @@ in security.acme.acceptTerms = true; security.acme.defaults.email = "admin.acme@uninsane.org"; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? { user = "acme"; group = "acme"; path = "/var/lib/acme"; } { user = "colin"; group = "users"; path = "/var/www/sites"; } diff --git a/hosts/by-name/servo/services/ntfy/ntfy-sh.nix b/hosts/by-name/servo/services/ntfy/ntfy-sh.nix index 2aeafaa21..0ffc3e48d 100644 --- a/hosts/by-name/servo/services/ntfy/ntfy-sh.nix +++ b/hosts/by-name/servo/services/ntfy/ntfy-sh.nix @@ -30,7 +30,7 @@ let altPort = 2587; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # not 100% necessary to persist this, but ntfy does keep a 12hr (by default) cache # for pushing notifications to users who become offline. # ACLs also live here. diff --git a/hosts/by-name/servo/services/pict-rs.nix b/hosts/by-name/servo/services/pict-rs.nix index 621292fc2..a005f55eb 100644 --- a/hosts/by-name/servo/services/pict-rs.nix +++ b/hosts/by-name/servo/services/pict-rs.nix @@ -5,7 +5,7 @@ let cfg = config.services.pict-rs; in { - sane.persist.sys.plaintext = lib.mkIf cfg.enable [ + sane.persist.sys.byStore.plaintext = lib.mkIf cfg.enable [ { user = "pict-rs"; group = "pict-rs"; path = cfg.dataDir; } ]; diff --git a/hosts/by-name/servo/services/pleroma.nix b/hosts/by-name/servo/services/pleroma.nix index 320d177b9..ff3b53398 100644 --- a/hosts/by-name/servo/services/pleroma.nix +++ b/hosts/by-name/servo/services/pleroma.nix @@ -14,7 +14,7 @@ let # logLevel = "debug"; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "pleroma"; group = "pleroma"; path = "/var/lib/pleroma"; } ]; services.pleroma.enable = true; diff --git a/hosts/by-name/servo/services/postgres.nix b/hosts/by-name/servo/services/postgres.nix index 5bbec24bd..7c2c42b4b 100644 --- a/hosts/by-name/servo/services/postgres.nix +++ b/hosts/by-name/servo/services/postgres.nix @@ -6,7 +6,7 @@ let KiB = n: 1024*n; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? { user = "postgres"; group = "postgres"; path = "/var/lib/postgresql"; } ]; diff --git a/hosts/by-name/servo/services/prosody/default.nix b/hosts/by-name/servo/services/prosody/default.nix index c28ff400d..72a49bbe0 100644 --- a/hosts/by-name/servo/services/prosody/default.nix +++ b/hosts/by-name/servo/services/prosody/default.nix @@ -56,7 +56,7 @@ let enableDebug = false; in { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "prosody"; group = "prosody"; path = "/var/lib/prosody"; } ]; sane.ports.ports."5000" = { diff --git a/hosts/by-name/servo/services/transmission.nix b/hosts/by-name/servo/services/transmission.nix index eb6765ced..1a65244fb 100644 --- a/hosts/by-name/servo/services/transmission.nix +++ b/hosts/by-name/servo/services/transmission.nix @@ -1,7 +1,7 @@ { config, pkgs, ... }: { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: mode? we need this specifically for the stats tracking in .config/ { user = "transmission"; group = config.users.users.transmission.group; path = "/var/lib/transmission"; } ]; diff --git a/hosts/common/home/keyring/default.nix b/hosts/common/home/keyring/default.nix index adbd05d29..5eb10e0c3 100644 --- a/hosts/common/home/keyring/default.nix +++ b/hosts/common/home/keyring/default.nix @@ -7,7 +7,7 @@ let }; in { - sane.user.persist.private = [ ".local/share/keyrings" ]; + sane.user.persist.byStore.private = [ ".local/share/keyrings" ]; sane.user.fs."private/.local/share/keyrings/default" = { generated.command = [ "${init-keyring}/bin/init-keyring" ]; diff --git a/hosts/common/home/ssh.nix b/hosts/common/home/ssh.nix index 211c36580..ebb65f3a5 100644 --- a/hosts/common/home/ssh.nix +++ b/hosts/common/home/ssh.nix @@ -13,7 +13,7 @@ let in { # ssh key is stored in private storage - sane.user.persist.private = [ + sane.user.persist.byStore.private = [ { type = "file"; path = ".ssh/id_ed25519"; } ]; sane.user.fs.".ssh/id_ed25519.pub" = lib.mkIf (user-pubkey != null) { diff --git a/hosts/common/persist.nix b/hosts/common/persist.nix index 33f1e1d6c..d0a045848 100644 --- a/hosts/common/persist.nix +++ b/hosts/common/persist.nix @@ -5,12 +5,12 @@ # store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b sane.persist.stores.private.prefix = "/home/colin"; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # TODO: these should be private.. somehow "/var/log" "/var/backup" # for e.g. postgres dumps ]; - sane.persist.sys.cryptClearOnBoot = [ + sane.persist.sys.byStore.cryptClearOnBoot = [ "/var/lib/systemd/coredump" ]; } diff --git a/hosts/common/programs/assorted.nix b/hosts/common/programs/assorted.nix index ddab4b85f..baeb8251f 100644 --- a/hosts/common/programs/assorted.nix +++ b/hosts/common/programs/assorted.nix @@ -216,17 +216,17 @@ in # INDIVIDUAL PACKAGE DEFINITIONS - cargo.persist.plaintext = [ ".cargo" ]; + cargo.persist.byStore.plaintext = [ ".cargo" ]; # creds, but also 200 MB of node modules, etc - discord.persist.private = [ ".config/discord" ]; + discord.persist.byStore.private = [ ".config/discord" ]; # `emote` will show a first-run dialog based on what's in this directory. # mostly, it just keeps a LRU of previously-used emotes to optimize display order. # TODO: package [smile](https://github.com/mijorus/smile) for probably a better mobile experience. - emote.persist.plaintext = [ ".local/share/Emote" ]; + emote.persist.byStore.plaintext = [ ".local/share/Emote" ]; - fluffychat-moby.persist.plaintext = [ ".local/share/chat.fluffy.fluffychat" ]; + fluffychat-moby.persist.byStore.plaintext = [ ".local/share/chat.fluffy.fluffychat" ]; font-manager.package = pkgs.font-manager.override { # build without the "Google Fonts" integration feature, to save closure / avoid webkitgtk_4_0 @@ -235,40 +235,40 @@ in # MS GitHub stores auth token in .config # TODO: we can populate gh's stuff statically; it even lets us use the same oauth across machines - gh.persist.private = [ ".config/gh" ]; + gh.persist.byStore.private = [ ".config/gh" ]; - "gnome.gnome-maps".persist.plaintext = [ ".cache/shumate" ]; - "gnome.gnome-maps".persist.private = [ ".local/share/maps-places.json" ]; + "gnome.gnome-maps".persist.byStore.plaintext = [ ".cache/shumate" ]; + "gnome.gnome-maps".persist.byStore.private = [ ".local/share/maps-places.json" ]; # actual monero blockchain (not wallet/etc; safe to delete, just slow to regenerate) # XXX: is it really safe to persist this? it doesn't have info that could de-anonymize if captured? - monero-gui.persist.plaintext = [ ".bitmonero" ]; + monero-gui.persist.byStore.plaintext = [ ".bitmonero" ]; - mumble.persist.private = [ ".local/share/Mumble" ]; + mumble.persist.byStore.private = [ ".local/share/Mumble" ]; # settings (electron app) - obsidian.persist.plaintext = [ ".config/obsidian" ]; + obsidian.persist.byStore.plaintext = [ ".config/obsidian" ]; python3-repl.package = pkgs.python3.withPackages (ps: with ps; [ requests ]); # creds, media - signal-desktop.persist.private = [ ".config/Signal" ]; + signal-desktop.persist.byStore.private = [ ".config/Signal" ]; # printer/filament settings - slic3r.persist.plaintext = [ ".Slic3r" ]; + slic3r.persist.byStore.plaintext = [ ".Slic3r" ]; - tdesktop.persist.private = [ ".local/share/TelegramDesktop" ]; + tdesktop.persist.byStore.private = [ ".local/share/TelegramDesktop" ]; - tokodon.persist.private = [ ".cache/KDE/tokodon" ]; + tokodon.persist.byStore.private = [ ".cache/KDE/tokodon" ]; - whalebird.persist.private = [ ".config/Whalebird" ]; + whalebird.persist.byStore.private = [ ".config/Whalebird" ]; - yarn.persist.plaintext = [ ".cache/yarn" ]; + yarn.persist.byStore.plaintext = [ ".cache/yarn" ]; # zcash coins. safe to delete, just slow to regenerate (10-60 minutes) - zecwallet-lite.persist.private = [ ".zcash" ]; + zecwallet-lite.persist.byStore.private = [ ".zcash" ]; }; programs.feedbackd = lib.mkIf config.sane.programs.feedbackd.enabled { diff --git a/hosts/common/programs/brave.nix b/hosts/common/programs/brave.nix index c3fddba7a..c496e98e8 100644 --- a/hosts/common/programs/brave.nix +++ b/hosts/common/programs/brave.nix @@ -1,7 +1,7 @@ { ... }: { sane.programs.brave = { - persist.cryptClearOnBoot = [ + persist.byStore.cryptClearOnBoot = [ ".cache/BraveSoftware" ".config/BraveSoftware" ]; diff --git a/hosts/common/programs/calls.nix b/hosts/common/programs/calls.nix index e6f3e224e..4bb99972b 100644 --- a/hosts/common/programs/calls.nix +++ b/hosts/common/programs/calls.nix @@ -30,7 +30,7 @@ in }; }; - persist.private = [ + persist.byStore.private = [ # ".cache/folks" # contact avatars? # ".config/calls" ".local/share/calls" # call "records" diff --git a/hosts/common/programs/cantata.nix b/hosts/common/programs/cantata.nix index 33c091998..e8d837939 100644 --- a/hosts/common/programs/cantata.nix +++ b/hosts/common/programs/cantata.nix @@ -4,7 +4,7 @@ { ... }: { sane.programs.cantata = { - persist.plaintext = [ + persist.byStore.plaintext = [ ".cache/cantata" # album art ".local/share/cantata/library" # library index (?) ]; diff --git a/hosts/common/programs/chatty.nix b/hosts/common/programs/chatty.nix index 9deb28670..7cba6c304 100644 --- a/hosts/common/programs/chatty.nix +++ b/hosts/common/programs/chatty.nix @@ -36,7 +36,7 @@ in # package = chattyNoOauth; package = chatty-latest; suggestedPrograms = [ "gnome-keyring" ]; - persist.private = [ + persist.byStore.private = [ ".local/share/chatty" # matrix avatars and files # not just XMPP; without this Chatty will regenerate its device-id every boot. # .purple/ contains XMPP *and* Matrix auth, logs, avatar cache, and a bit more diff --git a/hosts/common/programs/cozy.nix b/hosts/common/programs/cozy.nix index 1c9529ed4..ba42ebb05 100644 --- a/hosts/common/programs/cozy.nix +++ b/hosts/common/programs/cozy.nix @@ -3,7 +3,7 @@ { sane.programs.cozy = { # cozy uses a sqlite db for its config and exposes no CLI options other than --help and --debug - persist.plaintext = [ + persist.byStore.plaintext = [ ".local/share/cozy" # sqlite db (config & index?) ".cache/cozy" # offline cache ]; diff --git a/hosts/common/programs/dino.nix b/hosts/common/programs/dino.nix index b608101ca..f98b6cd1d 100644 --- a/hosts/common/programs/dino.nix +++ b/hosts/common/programs/dino.nix @@ -45,7 +45,7 @@ in }; }; - persist.private = [ ".local/share/dino" ]; + persist.byStore.private = [ ".local/share/dino" ]; services.dino = { description = "auto-start and maintain dino XMPP connection"; diff --git a/hosts/common/programs/element-desktop.nix b/hosts/common/programs/element-desktop.nix index f177eb915..863597d67 100644 --- a/hosts/common/programs/element-desktop.nix +++ b/hosts/common/programs/element-desktop.nix @@ -8,7 +8,7 @@ { sane.programs.element-desktop = { # creds/session keys, etc - persist.private = [ ".config/Element" ]; + persist.byStore.private = [ ".config/Element" ]; suggestedPrograms = [ "gnome-keyring" ]; }; diff --git a/hosts/common/programs/epiphany.nix b/hosts/common/programs/epiphany.nix index 1a213f789..04da6a8c2 100644 --- a/hosts/common/programs/epiphany.nix +++ b/hosts/common/programs/epiphany.nix @@ -29,7 +29,7 @@ ); '' + (upstream.preFixup or ""); }); - persist.private = [ + persist.byStore.private = [ ".cache/epiphany" ".local/share/epiphany" # also .config/epiphany, but appears empty diff --git a/hosts/common/programs/flare-signal.nix b/hosts/common/programs/flare-signal.nix index 4632568de..002bf3864 100644 --- a/hosts/common/programs/flare-signal.nix +++ b/hosts/common/programs/flare-signal.nix @@ -34,7 +34,7 @@ sane.programs.flare-signal = { package = pkgs.flare-signal-nixified; # package = pkgs.flare-signal; - persist.private = [ + persist.byStore.private = [ # everything: conf, state, files, all opaque ".local/share/flare" # also persists a secret in ~/.local/share/keyrings. reset with: diff --git a/hosts/common/programs/fractal.nix b/hosts/common/programs/fractal.nix index a91d7addf..1a6c45004 100644 --- a/hosts/common/programs/fractal.nix +++ b/hosts/common/programs/fractal.nix @@ -37,7 +37,7 @@ in }; }; - persist.private = [ + persist.byStore.private = [ # XXX by default fractal stores its state in ~/.local/share//. ".local/share/hack" # for debug-like builds ".local/share/stable" # for normal releases diff --git a/hosts/common/programs/g4music.nix b/hosts/common/programs/g4music.nix index fcb4e0cc6..fae3d6aef 100644 --- a/hosts/common/programs/g4music.nix +++ b/hosts/common/programs/g4music.nix @@ -8,7 +8,7 @@ { ... }: { sane.programs.g4music = { - persist.plaintext = [ + persist.byStore.plaintext = [ # index? ".cache/com.github.neithern.g4music" ]; diff --git a/hosts/common/programs/gajim.nix b/hosts/common/programs/gajim.nix index d750e827e..71fcdbae4 100644 --- a/hosts/common/programs/gajim.nix +++ b/hosts/common/programs/gajim.nix @@ -1,7 +1,7 @@ { ... }: { sane.programs.gajim = { - persist.private = [ + persist.byStore.private = [ # avatars, thumbnails... ".cache/gajim" # sqlite database labeled "settings". definitely includes UI theming diff --git a/hosts/common/programs/geary.nix b/hosts/common/programs/geary.nix index dcf9e2896..c1e43ca91 100644 --- a/hosts/common/programs/geary.nix +++ b/hosts/common/programs/geary.nix @@ -6,7 +6,7 @@ { ... }: { sane.programs."gnome.geary" = { - persist.private = [ + persist.byStore.private = [ # attachments, and email -- contained in a sqlite db ".local/share/geary" # also `.cache/geary/web-resources`, which tends to stay << 1 MiB diff --git a/hosts/common/programs/gnome-weather.nix b/hosts/common/programs/gnome-weather.nix index f3c8b2121..a6f145441 100644 --- a/hosts/common/programs/gnome-weather.nix +++ b/hosts/common/programs/gnome-weather.nix @@ -3,7 +3,7 @@ { ... }: { sane.programs.gnome-weather = { - persist.plaintext = [ + persist.byStore.plaintext = [ ".cache/libgweather" ]; }; diff --git a/hosts/common/programs/gpodder.nix b/hosts/common/programs/gpodder.nix index edb3b9578..7c0aad1d3 100644 --- a/hosts/common/programs/gpodder.nix +++ b/hosts/common/programs/gpodder.nix @@ -24,6 +24,6 @@ in { # XXX: we preserve the whole thing because if we only preserve gPodder/Downloads # then startup is SLOW during feed import, and we might end up with zombie eps in the dl dir. - persist.plaintext = [ ".local/share/gPodder" ]; + persist.byStore.plaintext = [ ".local/share/gPodder" ]; }; } diff --git a/hosts/common/programs/helix.nix b/hosts/common/programs/helix.nix index 9380dbf97..90025319d 100644 --- a/hosts/common/programs/helix.nix +++ b/hosts/common/programs/helix.nix @@ -7,7 +7,7 @@ # grammars need to be persisted when developing them # - `hx --grammar fetch` and `hx --grammar build` # but otherwise, they ship as part of HELIX_RUNTIME, in the nix store - # persist.plaintext = [ ".config/helix/runtime/grammars" ]; + # persist.byStore.plaintext = [ ".config/helix/runtime/grammars" ]; fs.".config/helix/config.toml".symlink.text = '' # docs: [editor.soft-wrap] diff --git a/hosts/common/programs/jellyfin-media-player.nix b/hosts/common/programs/jellyfin-media-player.nix index 6345b50aa..92153d8b0 100644 --- a/hosts/common/programs/jellyfin-media-player.nix +++ b/hosts/common/programs/jellyfin-media-player.nix @@ -10,6 +10,6 @@ # jellyfin stores things in a bunch of directories: this one persists auth info. # it *might* be possible to populate this externally (it's Qt stuff), but likely to # be fragile and take an hour+ to figure out. - persist.plaintext = [ ".local/share/Jellyfin Media Player" ]; + persist.byStore.plaintext = [ ".local/share/Jellyfin Media Player" ]; }; } diff --git a/hosts/common/programs/komikku.nix b/hosts/common/programs/komikku.nix index 9465733aa..b2453cc58 100644 --- a/hosts/common/programs/komikku.nix +++ b/hosts/common/programs/komikku.nix @@ -3,6 +3,6 @@ sane.programs.komikku = { secrets.".local/share/komikku/keyrings/plaintext.keyring" = ../../../secrets/common/komikku_accounts.json.bin; # downloads end up here, and without the toplevel database komikku doesn't know they exist. - persist.plaintext = [ ".local/share/komikku" ]; + persist.byStore.plaintext = [ ".local/share/komikku" ]; }; } diff --git a/hosts/common/programs/koreader/default.nix b/hosts/common/programs/koreader/default.nix index c8b7a0b16..8b90b49d1 100644 --- a/hosts/common/programs/koreader/default.nix +++ b/hosts/common/programs/koreader/default.nix @@ -44,6 +44,6 @@ in { # history, cache, dictionaries... # could be more explicit if i symlinked the history.lua file to somewhere it can persist better. - persist.plaintext = [ ".config/koreader" ]; + persist.byStore.plaintext = [ ".config/koreader" ]; }; } diff --git a/hosts/common/programs/lemoa.nix b/hosts/common/programs/lemoa.nix index 78d85a36f..77c566bbd 100644 --- a/hosts/common/programs/lemoa.nix +++ b/hosts/common/programs/lemoa.nix @@ -2,6 +2,6 @@ { sane.programs.lemoa = { # creds - persist.private = [ ".local/share/io.github.lemmygtk.lemoa" ]; + persist.byStore.private = [ ".local/share/io.github.lemmygtk.lemoa" ]; }; } diff --git a/hosts/common/programs/mepo.nix b/hosts/common/programs/mepo.nix index ea2514566..8b631c13a 100644 --- a/hosts/common/programs/mepo.nix +++ b/hosts/common/programs/mepo.nix @@ -4,9 +4,9 @@ { sane.programs.mepo = { - persist.plaintext = [ ".cache/mepo/tiles" ]; + persist.byStore.plaintext = [ ".cache/mepo/tiles" ]; # ~/.cache/mepo/savestate has precise coordinates and pins: keep those private - persist.private = [ + persist.byStore.private = [ { type = "file"; path = ".cache/mepo/savestate"; } ]; diff --git a/hosts/common/programs/mopidy.nix b/hosts/common/programs/mopidy.nix index 7b5d3e9eb..47eb5dcf6 100644 --- a/hosts/common/programs/mopidy.nix +++ b/hosts/common/programs/mopidy.nix @@ -42,10 +42,10 @@ in # mopidy-moped: # mopidy-muse: ]); - persist.plaintext = [ + persist.byStore.plaintext = [ ".local/share/mopidy/local" # thumbs, library db ]; - persist.private = [ + persist.byStore.private = [ ".local/share/mopidy/http" # cookie ]; secrets.".config/mopidy/mopidy.conf" = ../../../secrets/common/mopidy.conf.bin; diff --git a/hosts/common/programs/mpv.nix b/hosts/common/programs/mpv.nix index fac740d43..d5666664b 100644 --- a/hosts/common/programs/mpv.nix +++ b/hosts/common/programs/mpv.nix @@ -53,7 +53,7 @@ in "--add-flags" "--vo=${cfg.config.vo}" ]; }; - persist.plaintext = [ ".local/state/mpv/watch_later" ]; + persist.byStore.plaintext = [ ".local/state/mpv/watch_later" ]; fs.".config/mpv/input.conf".symlink.text = '' # let volume/power keys be interpreted by the system. # this is important for sxmo. diff --git a/hosts/common/programs/neovim.nix b/hosts/common/programs/neovim.nix index b5d68c365..8bd836402 100644 --- a/hosts/common/programs/neovim.nix +++ b/hosts/common/programs/neovim.nix @@ -87,7 +87,7 @@ in { # private because there could be sensitive things in the swap sane.programs.neovim = { - persist.private = [ ".cache/vim-swap" ]; + persist.byStore.private = [ ".cache/vim-swap" ]; env.EDITOR = "vim"; # git claims it should use EDITOR, but it doesn't! env.GIT_EDITOR = "vim"; diff --git a/hosts/common/programs/newsflash.nix b/hosts/common/programs/newsflash.nix index 2b4acac27..e5c082eb5 100644 --- a/hosts/common/programs/newsflash.nix +++ b/hosts/common/programs/newsflash.nix @@ -7,7 +7,7 @@ let wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds; in { sane.programs.newsflash = { - persist.plaintext = [ ".local/share/news-flash" ]; + persist.byStore.plaintext = [ ".local/share/news-flash" ]; fs.".config/newsflashFeeds.opml".symlink.text = feeds.feedsToOpml wanted-feeds ; diff --git a/hosts/common/programs/nheko.nix b/hosts/common/programs/nheko.nix index 287287ee3..c240b1627 100644 --- a/hosts/common/programs/nheko.nix +++ b/hosts/common/programs/nheko.nix @@ -1,9 +1,11 @@ { ... }: { - # not strictly necessary, but allows caching articles; offline use, etc. - sane.programs.nheko.persist.private = [ - ".config/nheko" # config file (including client token) - ".cache/nheko" # media cache - ".local/share/nheko" # per-account state database - ]; + sane.programs.nheko = { + # not strictly necessary, but allows caching articles; offline use, etc. + persist.byStore.private = [ + ".config/nheko" # config file (including client token) + ".cache/nheko" # media cache + ".local/share/nheko" # per-account state database + ]; + }; } diff --git a/hosts/common/programs/nix-index.nix b/hosts/common/programs/nix-index.nix index 33d3e5dbc..aa9422132 100644 --- a/hosts/common/programs/nix-index.nix +++ b/hosts/common/programs/nix-index.nix @@ -2,6 +2,6 @@ { # provides `nix-locate`, backed by the manually run `nix-index` sane.programs.nix-index = { - persist.plaintext = [ ".cache/nix-index" ]; + persist.byStore.plaintext = [ ".cache/nix-index" ]; }; } diff --git a/hosts/common/programs/rhythmbox.nix b/hosts/common/programs/rhythmbox.nix index 1e1a05437..3ad413f91 100644 --- a/hosts/common/programs/rhythmbox.nix +++ b/hosts/common/programs/rhythmbox.nix @@ -1,7 +1,7 @@ { ... }: { sane.programs.rhythmbox = { - persist.plaintext = [ + persist.byStore.plaintext = [ # playlists; index ".local/share/rhythmbox" # album art diff --git a/hosts/common/programs/sfeed.nix b/hosts/common/programs/sfeed.nix index f58106c41..fdc988ea7 100644 --- a/hosts/common/programs/sfeed.nix +++ b/hosts/common/programs/sfeed.nix @@ -23,6 +23,6 @@ in { ''; # this is where the parsed feed items go - persist.plaintext = [ ".sfeed/feeds" ]; + persist.byStore.plaintext = [ ".sfeed/feeds" ]; }; } diff --git a/hosts/common/programs/splatmoji.nix b/hosts/common/programs/splatmoji.nix index 4d4fe653d..4dc16aa25 100644 --- a/hosts/common/programs/splatmoji.nix +++ b/hosts/common/programs/splatmoji.nix @@ -5,7 +5,7 @@ { sane.programs.splatmoji = { - persist.plaintext = [ ".local/state/splatmoji" ]; + persist.byStore.plaintext = [ ".local/state/splatmoji" ]; fs.".config/splatmoji/splatmoji.config".symlink.text = '' # XXX doesn't seem to understand ~ as shorthand for `$HOME` history_file=/home/colin/.local/state/splatmoji/history diff --git a/hosts/common/programs/spotify.nix b/hosts/common/programs/spotify.nix index a744b0ea7..5649c59a2 100644 --- a/hosts/common/programs/spotify.nix +++ b/hosts/common/programs/spotify.nix @@ -1,11 +1,11 @@ { ... }: { sane.programs.spotify = { - persist.plaintext = [ + persist.byStore.plaintext = [ # probably just songs and such (haven't checked) ".cache/spotify" ]; - persist.private = [ + persist.byStore.private = [ # creds, widevine .so download. TODO: could easily manage these statically. ".config/spotify" ]; diff --git a/hosts/common/programs/steam.nix b/hosts/common/programs/steam.nix index c91903905..c30d39fef 100644 --- a/hosts/common/programs/steam.nix +++ b/hosts/common/programs/steam.nix @@ -1,7 +1,7 @@ { config, lib, ...}: { sane.programs.steam = { - persist.plaintext = [ + persist.byStore.plaintext = [ ".steam" ".local/share/Steam" ]; diff --git a/hosts/common/programs/stepmania.nix b/hosts/common/programs/stepmania.nix index 00b4017c6..cfd108ac6 100644 --- a/hosts/common/programs/stepmania.nix +++ b/hosts/common/programs/stepmania.nix @@ -16,7 +16,7 @@ { ... }: { sane.programs.stepmania = { - persist.plaintext = [ + persist.byStore.plaintext = [ ".stepmania-5.1/Cache" #< otherwise gotta index all the songs every launch ".stepmania-5.1/Save" ]; diff --git a/hosts/common/programs/sublime-music.nix b/hosts/common/programs/sublime-music.nix index de00145a2..504738109 100644 --- a/hosts/common/programs/sublime-music.nix +++ b/hosts/common/programs/sublime-music.nix @@ -7,7 +7,7 @@ # it doesn't obey a conventional ~/Music/{Artist}/{Album}/{Track} notation, so no symlinking # config (e.g. server connection details) is persisted in ~/.config/sublime-music/config.json # possible to pass config as a CLI arg (sublime-music -c config.json) - persist.plaintext = [ ".local/share/sublime-music" ]; + persist.byStore.plaintext = [ ".local/share/sublime-music" ]; secrets.".config/sublime-music/config.json" = ../../../secrets/common/sublime_music_config.json.bin; }; diff --git a/hosts/common/programs/tangram.nix b/hosts/common/programs/tangram.nix index ac8d3400f..1412ac39a 100644 --- a/hosts/common/programs/tangram.nix +++ b/hosts/common/programs/tangram.nix @@ -27,7 +27,7 @@ in '' + (upstream.preFixup or ""); }); - persist.private = [ + persist.byStore.private = [ ".cache/Tangram" ".local/share/Tangram" # dconf achieves atomic writes via `mv`, so a symlink doesn't work diff --git a/hosts/common/programs/tor-browser-bundle-bin.nix b/hosts/common/programs/tor-browser-bundle-bin.nix index f75026897..37259cd0b 100644 --- a/hosts/common/programs/tor-browser-bundle-bin.nix +++ b/hosts/common/programs/tor-browser-bundle-bin.nix @@ -6,7 +6,7 @@ # - still required as of 2023/07/14 useHardenedMalloc = false; }; - persist.cryptClearOnBoot = [ + persist.byStore.cryptClearOnBoot = [ ".local/share/tor-browser" ]; }; diff --git a/hosts/common/programs/vlc.nix b/hosts/common/programs/vlc.nix index c8d36c400..c425937b7 100644 --- a/hosts/common/programs/vlc.nix +++ b/hosts/common/programs/vlc.nix @@ -10,7 +10,7 @@ let in { sane.programs.vlc = { - persist.private = [ + persist.byStore.private = [ # vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf # filenames are stored in plaintext (unlike mpv, which i think hashes them) ".config/vlc" diff --git a/hosts/common/programs/zeal.nix b/hosts/common/programs/zeal.nix index 872672b16..a4c1cff77 100644 --- a/hosts/common/programs/zeal.nix +++ b/hosts/common/programs/zeal.nix @@ -15,7 +15,7 @@ in { sane.programs.zeal = { # package = pkgs.zeal-qt6; #< TODO: upgrade system to qt6 versions of everything (i.e. jellyfin-media-player, nheko) package = pkgs.zeal-qt5; - persist.plaintext = [ + persist.byStore.plaintext = [ ".cache/Zeal" ".local/share/Zeal" ]; diff --git a/hosts/common/programs/zsh/default.nix b/hosts/common/programs/zsh/default.nix index b0a103d41..b35b9828b 100644 --- a/hosts/common/programs/zsh/default.nix +++ b/hosts/common/programs/zsh/default.nix @@ -53,7 +53,7 @@ in config = mkMerge [ ({ sane.programs.zsh = { - persist.private = [ + persist.byStore.private = [ # we don't need to full zsh dir -- just the history file -- # but zsh will sometimes backup the history file and symlinking just the file messes things up ".local/share/zsh" diff --git a/hosts/common/users/colin.nix b/hosts/common/users/colin.nix index 347388755..a5b7b6868 100644 --- a/hosts/common/users/colin.nix +++ b/hosts/common/users/colin.nix @@ -42,8 +42,9 @@ # - # - pamMount = let + hasPrivate = config.fileSystems ? "/home/colin/private"; priv = config.fileSystems."/home/colin/private"; - in { + in lib.mkIf hasPrivate { fstype = priv.fsType; path = priv.device; mountpoint = priv.mountPoint; @@ -56,7 +57,7 @@ sane.users.colin = { default = true; - persist.plaintext = [ + persist.byStore.plaintext = [ "archive" "dev" # TODO: records should be private diff --git a/hosts/common/users/guest.nix b/hosts/common/users/guest.nix index c14fec010..3d8f8b2c5 100644 --- a/hosts/common/users/guest.nix +++ b/hosts/common/users/guest.nix @@ -25,7 +25,7 @@ in sane.users.guest.fs.".ssh/authorized_keys".symlink.target = config.sops.secrets."guest/authorized_keys".path or "/dev/null"; - sane.persist.sys.plaintext = lib.mkIf cfg.enable [ + sane.persist.sys.byStore.plaintext = lib.mkIf cfg.enable [ # intentionally allow other users to write to the guest folder { path = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; } ]; diff --git a/hosts/common/users/root.nix b/hosts/common/users/root.nix index 1cd8e28df..8864b8134 100644 --- a/hosts/common/users/root.nix +++ b/hosts/common/users/root.nix @@ -1,6 +1,6 @@ { ... }: { - sane.persist.sys.cryptClearOnBoot = [ + sane.persist.sys.byStore.cryptClearOnBoot = [ # when running commands as root, some things may create ~/.cache entries. # notably: # - `/root/.cache/nix/` takes up ~10 MB on lappy/desko/servo diff --git a/hosts/modules/gui/default.nix b/hosts/modules/gui/default.nix index 20e36766f..b5aa64c97 100644 --- a/hosts/modules/gui/default.nix +++ b/hosts/modules/gui/default.nix @@ -132,7 +132,7 @@ ]; }; - sane.persist.sys.plaintext = lib.mkIf config.sane.programs.guiApps.enabled [ + sane.persist.sys.byStore.plaintext = lib.mkIf config.sane.programs.guiApps.enabled [ "/var/lib/alsa" # preserve output levels, default devices "/var/lib/colord" # preserve color calibrations (?) "/var/lib/systemd/backlight" # backlight brightness diff --git a/hosts/modules/gui/greetd.nix b/hosts/modules/gui/greetd.nix index 71e5f7aae..d2af87995 100644 --- a/hosts/modules/gui/greetd.nix +++ b/hosts/modules/gui/greetd.nix @@ -119,7 +119,7 @@ in # persisting fontconfig & mesa_shader_cache improves start time by ~5x users.users.greeter.home = "/var/lib/greeter"; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { user = "greeter"; group = "greeter"; path = "/var/lib/greeter/.cache/fontconfig"; } { user = "greeter"; group = "greeter"; path = "/var/lib/greeter/.cache/mesa_shader_cache"; } ]; diff --git a/hosts/modules/gui/sway/default.nix b/hosts/modules/gui/sway/default.nix index 157f7411a..e55267fe7 100644 --- a/hosts/modules/gui/sway/default.nix +++ b/hosts/modules/gui/sway/default.nix @@ -236,7 +236,7 @@ in # XXX(2023/10/12): rtkit does not play well on moby. any application sending audio out dies after 10s. # security.rtkit.enable = true; # persist per-device volume levels - sane.user.persist.plaintext = [ ".local/state/wireplumber" ]; + sane.user.persist.byStore.plaintext = [ ".local/state/wireplumber" ]; # persist per-device volume settings across power cycles. # pipewire sits atop the kernel ALSA API, so alsa-utils knows about device volumes. @@ -252,7 +252,7 @@ in # ExecStop = "${pkgs.alsa-utils}/sbin/alsactl store --ignore"; # }; # }; - # sane.persist.sys.plaintext = [ "/var/lib/alsa" ]; + # sane.persist.sys.byStore.plaintext = [ "/var/lib/alsa" ]; networking.useDHCP = false; networking.networkmanager.enable = true; diff --git a/hosts/modules/gui/sxmo/default.nix b/hosts/modules/gui/sxmo/default.nix index 049518976..852feb6bf 100644 --- a/hosts/modules/gui/sxmo/default.nix +++ b/hosts/modules/gui/sxmo/default.nix @@ -261,7 +261,7 @@ in # "superd" # make superctl (used by sxmo) be on PATH ]; - persist.cryptClearOnBoot = [ + persist.byStore.cryptClearOnBoot = [ # builds to be 10's of MB per day # ".local/state/superd/logs" ]; @@ -550,7 +550,7 @@ in } (lib.mkIf (cfg.greeter == "lightdm-mobile") { - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ # this takes up 4-5 MB of fontconfig and mesa shader caches. # it could optionally be cleared on boot. { path = "/var/lib/lightdm"; user = "lightdm"; group = "lightdm"; mode = "0770"; } diff --git a/hosts/modules/roles/build-machine.nix b/hosts/modules/roles/build-machine.nix index 8537c026f..aee123dfc 100644 --- a/hosts/modules/roles/build-machine.nix +++ b/hosts/modules/roles/build-machine.nix @@ -73,7 +73,7 @@ in # TODO: configure without compression (leverage fs-level compression), and enable file-clone (i.e. hardlinks) programs.ccache.enable = true; nix.settings.extra-sandbox-paths = [ cacheDir ]; - sane.persist.sys.plaintext = [ + sane.persist.sys.byStore.plaintext = [ { group = "nixbld"; mode = "0775"; path = config.programs.ccache.cacheDir; } ]; sane.fs."${cacheDir}/ccache.conf" = sane-lib.fs.wantedText '' diff --git a/hosts/modules/roles/client/bluetooth-pairings.nix b/hosts/modules/roles/client/bluetooth-pairings.nix index 88d5e9bfe..028139e28 100644 --- a/hosts/modules/roles/client/bluetooth-pairings.nix +++ b/hosts/modules/roles/client/bluetooth-pairings.nix @@ -10,7 +10,7 @@ in { config = lib.mkIf config.sane.roles.client { # persist external pairings by default - sane.persist.sys.plaintext = [ "/var/lib/bluetooth" ]; + sane.persist.sys.byStore.plaintext = [ "/var/lib/bluetooth" ]; sane.fs."/var/lib/bluetooth".generated.acl.mode = "0700"; sane.fs."/var/lib/bluetooth/.secrets.stamp" = { diff --git a/hosts/modules/services/duplicity.nix b/hosts/modules/services/duplicity.nix index f68feb439..6b4905068 100644 --- a/hosts/modules/services/duplicity.nix +++ b/hosts/modules/services/duplicity.nix @@ -15,7 +15,7 @@ in config = mkIf cfg.enable { # we need this mostly because of the size of duplicity's cache - sane.persist.sys.cryptClearOnBoot = [{ + sane.persist.sys.byStore.cryptClearOnBoot = [{ path = "/var/lib/duplicity"; user = "root"; group = "root"; diff --git a/modules/persist/default.nix b/modules/persist/default.nix index baaf51657..16d6c0a4d 100644 --- a/modules/persist/default.nix +++ b/modules/persist/default.nix @@ -128,35 +128,28 @@ let } ]; - # this submodule creates one attr per store, so that the user can specify something like: - #