colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

impermanence: use sane.fs to inherit permissions instead of specifying defaults here

Browse Source
This commit is contained in:
colin
2022-12-31 01:04:49 +00:00
parent aeb2f63d65
commit 53a0b621d8
1 changed files with 30 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
modules/impermanence/default.nix
View File

@@ -25,16 +25,11 @@ let
# }; # };
} }
); );
# TODO: flatten these!
home-dir-defaults = { home-dir-defaults = {
user = "colin";
group = "users";
mode = "0755";
relativeTo = "/home/colin"; relativeTo = "/home/colin";
}; };
sys-dir-defaults = { sys-dir-defaults = {
user = "root";
group = "root";
mode = "0755";
relativeTo = ""; relativeTo = "";
}; };
@@ -61,16 +56,16 @@ let
type = types.str; type = types.str;
}; };
user = mkOption { user = mkOption {
type = types.str; type = types.nullOr types.str;
default = defaults.user; default = null;
}; };
group = mkOption { group = mkOption {
type = types.str; type = types.nullOr types.str;
default = defaults.group; default = null;
}; };
mode = mkOption { mode = mkOption {
type = types.str; type = types.nullOr types.str;
default = defaults.mode; default = null;
}; };
}; };
}; };
@@ -122,6 +117,22 @@ in
group = config.users.users.colin.group; group = config.users.users.colin.group;
mode = config.users.users.colin.homeMode; mode = config.users.users.colin.homeMode;
}; };
# N.B.: we have a similar problem with all mounts:
# <crypt>/.cache/mozilla won't inherit <plain>/.cache perms.
# this is less of a problem though, since we don't really support overlapping mounts like that in the first place.
# what is a problem is if the user specified some other dir we don't know about here.
# like "/var", and then "/nix/persist/var" has different perms and something mounts funny.
# TODO: just add assertions that sane.fs."${backing}/${dest}".dir == sane.fs."${dest}" for each mount point?
sane.fs."/nix/persist/home/colin".dir = {
user = "colin";
group = config.users.users.colin.group;
mode = config.users.users.colin.homeMode;
};
sane.fs."/mnt/impermanence/crypt/clearedonboot/home/colin".dir = {
user = "colin";
group = config.users.users.colin.group;
mode = config.users.users.colin.homeMode;
};
# without this, we get `fusermount: fuse device not found, try 'modprobe fuse' first`. # without this, we get `fusermount: fuse device not found, try 'modprobe fuse' first`.
# - that only happens after a activation-via-boot -- not activation-after-rebuild-switch. # - that only happens after a activation-via-boot -- not activation-after-rebuild-switch.
@@ -192,14 +203,15 @@ in
dir-service = config.sane.fs."${opt.directory}".service; dir-service = config.sane.fs."${opt.directory}".service;
backing-service = config.sane.fs."${backing-path}".service; backing-service = config.sane.fs."${backing-path}".service;
dir-opts = {
user = lib.mkIf (opt.user != null) opt.user;
group = lib.mkIf (opt.group != null) opt.group;
mode = lib.mkIf (opt.mode != null) opt.mode;
};
in { in {
# create destination and backing directory, with correct perms # create destination and backing directory, with correct perms
sane.fs."${opt.directory}".dir = { sane.fs."${opt.directory}".dir = dir-opts;
inherit (opt) user group mode; sane.fs."${backing-path}".dir = dir-opts;
};
sane.fs."${backing-path}".dir = {
inherit (opt) user group mode;
};
# define the mountpoint. # define the mountpoint.
fileSystems."${opt.directory}" = { fileSystems."${opt.directory}" = {
device = backing-path; device = backing-path;