rearrange /mnt structure for host-based subdirs
e.g. /mnt/servo/media, /mnt/desko/home, etc
This commit is contained in:
parent
7ce957c3af
commit
5f8699fcef
5
TODO.md
5
TODO.md
|
@ -55,11 +55,6 @@
|
|||
- <https://github.com/flatpak/xdg-dbus-proxy>
|
||||
- remove `.ssh` access from Firefox!
|
||||
- limit access to `~/private/knowledge/secrets` through an agent that requires GUI approval, so a firefox exploit can't steal all my logins
|
||||
- make /mnt/servo-media more sandbox-friendly
|
||||
- having the sandboxer detect ~/Videos and ~/Videos/servo, and derefrencing the symlink in the latter (rather than consolidating them), to add those paths, would go a long way.
|
||||
- ~/Videos/servo would also need to link not to /mnt/servo-media/Videos, but to /mnt/servo-nfs/media/Videos
|
||||
- maybe just kill /mnt/servo-nfs and /mnt/servo-media, consolidate to /mnt/servo/media/...
|
||||
- and rework /mnt/desko-home -> /mnt/desko/home, ...
|
||||
- make dconf stuff less monolithic
|
||||
- i.e. per-app dconf profiles for those which need it. possible static config.
|
||||
- canaries for important services
|
||||
|
|
16
flake.nix
16
flake.nix
|
@ -439,8 +439,8 @@
|
|||
# can run this from any device that has ssh access to desko and servo
|
||||
type = "app";
|
||||
program = builtins.toString (pkgs.writeShellScript "sync-to-desko" ''
|
||||
sudo mount /mnt/desko-home
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compat /mnt/servo-media/Music /mnt/desko-home/Music "$@"
|
||||
sudo mount /mnt/desko/home
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compat /mnt/servo/media/Music /mnt/desko/home/Music "$@"
|
||||
'');
|
||||
};
|
||||
|
||||
|
@ -449,8 +449,8 @@
|
|||
# can run this from any device that has ssh access to lappy and servo
|
||||
type = "app";
|
||||
program = builtins.toString (pkgs.writeShellScript "sync-to-lappy" ''
|
||||
sudo mount /mnt/lappy-home
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat /mnt/servo-media/Music /mnt/lappy-home/Music "$@"
|
||||
sudo mount /mnt/lappy/home
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat /mnt/servo/media/Music /mnt/lappy/home/Music "$@"
|
||||
'');
|
||||
};
|
||||
|
||||
|
@ -459,11 +459,11 @@
|
|||
# can run this from any device that has ssh access to moby and servo
|
||||
type = "app";
|
||||
program = builtins.toString (pkgs.writeShellScript "sync-to-moby" ''
|
||||
sudo mount /mnt/moby-home
|
||||
sudo mount /mnt/desko-home
|
||||
${pkgs.rsync}/bin/rsync -arv --exclude servo-macros /mnt/moby-home/Pictures/ /mnt/desko-home/Pictures/moby/
|
||||
sudo mount /mnt/moby/home
|
||||
sudo mount /mnt/desko/home
|
||||
${pkgs.rsync}/bin/rsync -arv --exclude servo-macros /mnt/moby/home/Pictures/ /mnt/desko/home/Pictures/moby/
|
||||
# N.B.: limited by network/disk -> reduce job count to improve pause/resume behavior
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat --jobs 4 /mnt/servo-media/Music /mnt/moby-home/Music "$@"
|
||||
${pkgs.sane-scripts.sync-music}/bin/sane-sync-music --compress --compat --jobs 4 /mnt/servo/media/Music /mnt/moby/home/Music "$@"
|
||||
'');
|
||||
};
|
||||
|
||||
|
|
|
@ -57,13 +57,13 @@ let
|
|||
];
|
||||
};
|
||||
remoteHome = host: {
|
||||
fileSystems."/mnt/${host}-home" = {
|
||||
fileSystems."/mnt/${host}/home" = {
|
||||
device = "colin@${host}:/home/colin";
|
||||
fsType = "fuse.sshfs";
|
||||
options = fsOpts.sshColin ++ fsOpts.noauto;
|
||||
noCheck = true;
|
||||
};
|
||||
sane.fs."/mnt/${host}-home" = sane-lib.fs.wantedDir;
|
||||
sane.fs."/mnt/${host}/home" = sane-lib.fs.wantedDir;
|
||||
};
|
||||
in
|
||||
lib.mkMerge [
|
||||
|
@ -105,13 +105,13 @@ lib.mkMerge [
|
|||
# fsType = "nfs";
|
||||
# options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
||||
# };
|
||||
fileSystems."/mnt/servo-nfs/media" = {
|
||||
fileSystems."/mnt/servo/media" = {
|
||||
device = "servo-hn:/media";
|
||||
noCheck = true;
|
||||
fsType = "nfs";
|
||||
options = fsOpts.nfs ++ fsOpts.auto ++ fsOpts.wg;
|
||||
};
|
||||
fileSystems."/mnt/servo-nfs/playground" = {
|
||||
fileSystems."/mnt/servo/playground" = {
|
||||
device = "servo-hn:/playground";
|
||||
noCheck = true;
|
||||
fsType = "nfs";
|
||||
|
@ -123,7 +123,7 @@ lib.mkMerge [
|
|||
# fsType = "nfs";
|
||||
# options = fsOpts.common ++ fsOpts.auto;
|
||||
# };
|
||||
sane.fs."/mnt/servo-media" = sane-lib.fs.wantedSymlinkTo "/mnt/servo-nfs/media";
|
||||
# sane.fs."/mnt/servo-media" = sane-lib.fs.wantedSymlinkTo "/mnt/servo-nfs/media";
|
||||
|
||||
environment.pathsToLink = [
|
||||
# needed to achieve superuser access for user-mounted filesystems (see optionsRoot above)
|
||||
|
|
|
@ -302,7 +302,7 @@ in
|
|||
"tmp"
|
||||
];
|
||||
gimp.sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Pictures"
|
||||
"/mnt/servo/media/Pictures"
|
||||
];
|
||||
gimp.sandbox.autodetectCliPaths = true;
|
||||
|
||||
|
|
|
@ -8,7 +8,7 @@
|
|||
"Books"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Books"
|
||||
"/mnt/servo/media/Books"
|
||||
];
|
||||
# cozy uses a sqlite db for its config and exposes no CLI options other than --help and --debug
|
||||
persist.byStore.plaintext = [
|
||||
|
|
|
@ -254,7 +254,7 @@ in
|
|||
sandbox.extraPaths = [
|
||||
# ~/Pictures/servo-macros links to here.
|
||||
# TODO: consider a bind-mount, so that access to ~/Pictures also gives access to here.
|
||||
"/mnt/servo-media/Pictures/macros"
|
||||
"/mnt/servo/media/Pictures/macros"
|
||||
];
|
||||
fs.".config/sops".dir = lib.mkIf cfg.addons.browserpass-extension.enable {}; #< needs to be created, not *just* added to the sandbox
|
||||
|
||||
|
|
|
@ -11,9 +11,9 @@
|
|||
# - e.g. `go2tv -u 'https://inv.us.projectsegfau.lt/latest_version?id=qBzjHU_zEwM&itag=18'`
|
||||
# - e.g. `go2tv -tc -u 'https://yt.artemislena.eu/latest_version?id=qBzjHU_zEwM&itag=22'`
|
||||
# - sometimes transcoding is needed, sometimes not...
|
||||
# - `go2tv -v /mnt/servo-media/Videos/Shows/bebop/session1.mkv`
|
||||
# - `go2tv -v /mnt/servo/media/Videos/Shows/bebop/session1.mkv`
|
||||
# - LGTV: works
|
||||
# - `go2tv -tc -v /mnt/servo-media/Videos/Shows/bebop/session1.mkv`
|
||||
# - `go2tv -tc -v /mnt/servo/media/Videos/Shows/bebop/session1.mkv`
|
||||
# - LGTV: works
|
||||
#
|
||||
# WHEN TO TRANSCODE:
|
||||
|
@ -42,8 +42,8 @@ in
|
|||
"Videos"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Music"
|
||||
"/mnt/servo-media/Videos"
|
||||
"/mnt/servo/media/Music"
|
||||
"/mnt/servo/media/Videos"
|
||||
];
|
||||
};
|
||||
# for serving local files
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
"tmp"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Pictures"
|
||||
"/mnt/servo-media/Videos"
|
||||
"/mnt/servo/media/Pictures"
|
||||
"/mnt/servo/media/Videos"
|
||||
];
|
||||
sandbox.autodetectCliPaths = true;
|
||||
|
||||
|
|
|
@ -10,8 +10,8 @@
|
|||
"tmp"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Pictures"
|
||||
"/mnt/servo-media/Videos"
|
||||
"/mnt/servo/media/Pictures"
|
||||
"/mnt/servo/media/Videos"
|
||||
];
|
||||
sandbox.whitelistDri = true;
|
||||
packageUnwrapped = pkgs.kdenlive.override {
|
||||
|
|
|
@ -53,7 +53,7 @@ in {
|
|||
"Books"
|
||||
];
|
||||
sandbox.extraPaths = [
|
||||
"/mnt/servo-media/Books"
|
||||
"/mnt/servo/media/Books"
|
||||
];
|
||||
# koreader applies these lua "patches" at boot:
|
||||
# - <https://github.com/koreader/koreader/wiki/User-patches>
|
||||
|
|
|
@ -20,8 +20,8 @@
|
|||
".stepmania-5.1/Cache" #< otherwise gotta index all the songs every launch
|
||||
".stepmania-5.1/Save"
|
||||
];
|
||||
fs.".stepmania-5.1/Courses".symlink.target = "/mnt/servo-media/games/stepmania/Courses";
|
||||
fs.".stepmania-5.1/Songs".symlink.target = "/mnt/servo-media/games/stepmania/Songs";
|
||||
fs.".stepmania-5.1/Courses".symlink.target = "/mnt/servo/media/games/stepmania/Courses";
|
||||
fs.".stepmania-5.1/Songs".symlink.target = "/mnt/servo/media/games/stepmania/Songs";
|
||||
fs.".stepmania-5.1/stepmania.nix".symlink.target = "../nixos/hosts/common/programs/stepmania.nix";
|
||||
# TODO: setup ~/.stepmania-5.1/Themes
|
||||
};
|
||||
|
|
|
@ -137,9 +137,9 @@
|
|||
# convenience
|
||||
fs."knowledge".symlink.target = "private/knowledge";
|
||||
fs."nixos".symlink.target = "dev/nixos";
|
||||
fs."Books/servo".symlink.target = "/mnt/servo-media/Books";
|
||||
fs."Videos/servo".symlink.target = "/mnt/servo-media/Videos";
|
||||
# fs."Music/servo".symlink.target = "/mnt/servo-media/Music";
|
||||
fs."Pictures/servo-macros".symlink.target = "/mnt/servo-media/Pictures/macros";
|
||||
fs."Books/servo".symlink.target = "/mnt/servo/media/Books";
|
||||
fs."Videos/servo".symlink.target = "/mnt/servo/media/Videos";
|
||||
# fs."Music/servo".symlink.target = "/mnt/servo/media/Music";
|
||||
fs."Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -277,7 +277,7 @@ bwrapSetup() {
|
|||
bwrapIngestPath() {
|
||||
# N.B.: use --dev-bind-try instead of --dev-bind for platform-specific paths like /run/opengl-driver-32
|
||||
# which don't exist on aarch64, as the -try variant will gracefully fail (i.e. not bind it).
|
||||
# N.B.: `test -r` for paths like /mnt/servo-media, which may otherwise break bwrap when offline with
|
||||
# N.B.: `test -r` for paths like /mnt/servo/media, which may otherwise break bwrap when offline with
|
||||
# "bwrap: Can't get type of source /mnt/...: Input/output error"
|
||||
# HOWEVER, paths such as `/run/secrets` are not readable, so don't do that (or, try `test -e` if this becomes a problem again).
|
||||
# `-try` version of binding is still desireable for user files.
|
||||
|
|
|
@ -2,7 +2,7 @@
|
|||
#!nix-shell -i bash -p rsync
|
||||
set -ex
|
||||
|
||||
REMOTE_MUSIC=/mnt/servo-media/Music
|
||||
REMOTE_MUSIC=/mnt/servo/media/Music
|
||||
|
||||
test -d "$REMOTE_MUSIC" && \
|
||||
rsync -arv --delete --progress "$REMOTE_MUSIC/" ~/Music/
|
||||
|
|
Loading…
Reference in New Issue