colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext

Browse Source 
to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc  #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc  #< if you did the symlink earlier
```
This commit is contained in:
Colin
2024-02-23 16:40:31 +00:00
parent fff9f9d49a
commit 4023960dc0
2 changed files with 11 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
modules/persist/stores/plaintext.nix
View File

@@ -1,17 +1,18 @@
{ config, lib, ... }: { config, lib, sane-lib, ... }:
let let
# TODO: parameterize! # TODO: parameterize!
persist-base = "/nix/persist"; persist-base = "/nix/persist";
origin = config.sane.persist.stores."plaintext".origin; origin = config.sane.persist.stores."plaintext".origin;
backing = persist-base; #< TODO: scope this! backing = sane-lib.path.concat [ persist-base "plaintext" ];
in { in {
sane.persist.stores."plaintext" = { sane.persist.stores."plaintext" = {
origin = lib.mkDefault "/mnt/persist/plaintext"; origin = lib.mkDefault "/mnt/persist/plaintext";
}; };
# TODO: scope this!
sane.fs = lib.mkIf config.sane.persist.enable { sane.fs = lib.mkIf config.sane.persist.enable {
"${origin}".mount.bind = backing; "${origin}".mount.bind = backing;
# let sane.fs know that the underlying device is an ordinary folder
"${backing}".dir = {};
}; };
} }

12
modules/ssh.nix
View File

@@ -65,11 +65,13 @@ in
}; };
config = { config = {
# persist the host key # persist the host key.
# prefer specifying it via environment.etc since although it is generated per-host, sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
# it's made to be immutable after generation. hence, a `persist`-style mount wouldn't be as great. # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
environment.etc."ssh/host_keys".source = "/nix/persist/etc/ssh/host_keys"; # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
# sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ]; environment.etc."ssh/host_keys".source = let
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
in "${plaintextBacking}/etc/ssh/host_keys";
# let openssh find our host keys # let openssh find our host keys
services.openssh.hostKeys = [ services.openssh.hostKeys = [