impermanence: use sane.fs to inherit permissions instead of specifying defaults here

2022-12-31 01:04:49 +00:00 · 2022-12-31 01:04:49 +00:00 · 53a0b621d8
commit 53a0b621d8
parent aeb2f63d65
1 changed files with 30 additions and 18 deletions
--- a/modules/impermanence/default.nix
+++ b/modules/impermanence/default.nix
@ -25,16 +25,11 @@ let
      # };
    }
  );
+  # TODO: flatten these!
  home-dir-defaults = {
-    user = "colin";
-    group = "users";
-    mode = "0755";
    relativeTo = "/home/colin";
  };
  sys-dir-defaults = {
-    user = "root";
-    group = "root";
-    mode = "0755";
    relativeTo = "";
  };

@ -61,16 +56,16 @@ let
        type = types.str;
      };
      user = mkOption {
-        type = types.str;
-        default = defaults.user;
+        type = types.nullOr types.str;
+        default = null;
      };
      group = mkOption {
-        type = types.str;
-        default = defaults.group;
+        type = types.nullOr types.str;
+        default = null;
      };
      mode = mkOption {
-        type = types.str;
-        default = defaults.mode;
+        type = types.nullOr types.str;
+        default = null;
      };
    };
  };
@ -122,6 +117,22 @@ in
        group = config.users.users.colin.group;
        mode = config.users.users.colin.homeMode;
      };
+      # N.B.: we have a similar problem with all mounts:
+      # <crypt>/.cache/mozilla won't inherit <plain>/.cache perms.
+      # this is less of a problem though, since we don't really support overlapping mounts like that in the first place.
+      # what is a problem is if the user specified some other dir we don't know about here.
+      # like "/var", and then "/nix/persist/var" has different perms and something mounts funny.
+      # TODO: just add assertions that sane.fs."${backing}/${dest}".dir == sane.fs."${dest}" for each mount point?
+      sane.fs."/nix/persist/home/colin".dir = {
+        user = "colin";
+        group = config.users.users.colin.group;
+        mode = config.users.users.colin.homeMode;
+      };
+      sane.fs."/mnt/impermanence/crypt/clearedonboot/home/colin".dir = {
+        user = "colin";
+        group = config.users.users.colin.group;
+        mode = config.users.users.colin.homeMode;
+      };

      # without this, we get `fusermount: fuse device not found, try 'modprobe fuse' first`.
      # - that only happens after a activation-via-boot -- not activation-after-rebuild-switch.
@ -192,14 +203,15 @@ in

          dir-service = config.sane.fs."${opt.directory}".service;
          backing-service = config.sane.fs."${backing-path}".service;
+          dir-opts = {
+            user = lib.mkIf (opt.user != null) opt.user;
+            group = lib.mkIf (opt.group != null) opt.group;
+            mode = lib.mkIf (opt.mode != null) opt.mode;
+          };
        in {
          # create destination and backing directory, with correct perms
-          sane.fs."${opt.directory}".dir = {
-            inherit (opt) user group mode;
-          };
-          sane.fs."${backing-path}".dir = {
-            inherit (opt) user group mode;
-          };
+          sane.fs."${opt.directory}".dir = dir-opts;
+          sane.fs."${backing-path}".dir = dir-opts;
          # define the mountpoint.
          fileSystems."${opt.directory}" = {
            device = backing-path;