README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext
to migrate the data: ```sh $ sudo mkdir /nix/persist/plaintext $ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext $ sudo ln -s plaintext/etc /nix/persist/etc #< temporarily; if deploying over ssh $ switch $ reboot $ sudo rm /nix/persist/etc #< if you did the symlink earlier ```
This commit is contained in:
@@ -1,17 +1,18 @@
|
|||||||
{ config, lib, ... }:
|
{ config, lib, sane-lib, ... }:
|
||||||
|
|
||||||
let
|
let
|
||||||
# TODO: parameterize!
|
# TODO: parameterize!
|
||||||
persist-base = "/nix/persist";
|
persist-base = "/nix/persist";
|
||||||
origin = config.sane.persist.stores."plaintext".origin;
|
origin = config.sane.persist.stores."plaintext".origin;
|
||||||
backing = persist-base; #< TODO: scope this!
|
backing = sane-lib.path.concat [ persist-base "plaintext" ];
|
||||||
in {
|
in {
|
||||||
sane.persist.stores."plaintext" = {
|
sane.persist.stores."plaintext" = {
|
||||||
origin = lib.mkDefault "/mnt/persist/plaintext";
|
origin = lib.mkDefault "/mnt/persist/plaintext";
|
||||||
};
|
};
|
||||||
|
|
||||||
# TODO: scope this!
|
|
||||||
sane.fs = lib.mkIf config.sane.persist.enable {
|
sane.fs = lib.mkIf config.sane.persist.enable {
|
||||||
"${origin}".mount.bind = backing;
|
"${origin}".mount.bind = backing;
|
||||||
|
# let sane.fs know that the underlying device is an ordinary folder
|
||||||
|
"${backing}".dir = {};
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
@@ -65,11 +65,13 @@ in
|
|||||||
};
|
};
|
||||||
|
|
||||||
config = {
|
config = {
|
||||||
# persist the host key
|
# persist the host key.
|
||||||
# prefer specifying it via environment.etc since although it is generated per-host,
|
sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
|
||||||
# it's made to be immutable after generation. hence, a `persist`-style mount wouldn't be as great.
|
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
|
||||||
environment.etc."ssh/host_keys".source = "/nix/persist/etc/ssh/host_keys";
|
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
|
||||||
# sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
|
environment.etc."ssh/host_keys".source = let
|
||||||
|
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
|
||||||
|
in "${plaintextBacking}/etc/ssh/host_keys";
|
||||||
|
|
||||||
# let openssh find our host keys
|
# let openssh find our host keys
|
||||||
services.openssh.hostKeys = [
|
services.openssh.hostKeys = [
|
||||||
|
Reference in New Issue
Block a user