colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

rename impermanence -> persist

Browse Source
This commit is contained in:
colin
2023-01-06 10:04:51 +00:00
parent 0b35ce4dec
commit 8217b22c86
37 changed files with 57 additions and 57 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/common/default.nix
View File

@@ -18,7 +18,7 @@
sane.packages.enableConsolePkgs = true; sane.packages.enableConsolePkgs = true;
sane.packages.enableSystemPkgs = true; sane.packages.enableSystemPkgs = true;
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
"/var/log" "/var/log"
"/var/backup" # for e.g. postgres dumps "/var/backup" # for e.g. postgres dumps
# TODO: move elsewhere # TODO: move elsewhere

6
hosts/common/users.nix
View File

@@ -82,7 +82,7 @@ in
mode = config.users.users.colin.homeMode; mode = config.users.users.colin.homeMode;
}; };
sane.impermanence.dirs.home.plaintext = [ sane.persist.dirs.home.plaintext = [
"archive" "archive"
"dev" "dev"
# TODO: records should be private # TODO: records should be private
@@ -100,7 +100,7 @@ in
".local/share/keyrings" ".local/share/keyrings"
]; ];
# TODO: fix this ugly solution that allows moby to have firefox cache not erased every boot. # TODO: fix this ugly solution that allows moby to have firefox cache not erased every boot.
sane.impermanence.dirs.home.cryptClearOnBoot = lib.mkIf (config.networking.hostName != "moby") [ sane.persist.dirs.home.cryptClearOnBoot = lib.mkIf (config.networking.hostName != "moby") [
# cache is probably too big to fit on the tmpfs # cache is probably too big to fit on the tmpfs
# ".cache" # ".cache"
config.sane.web-browser.cacheDir config.sane.web-browser.cacheDir
@@ -116,7 +116,7 @@ in
# used by password managers, e.g. unix `pass` # used by password managers, e.g. unix `pass`
sane.fs."/home/colin/.password-store" = mkSymlink "/home/colin/knowledge/secrets/accounts"; sane.fs."/home/colin/.password-store" = mkSymlink "/home/colin/knowledge/secrets/accounts";
sane.impermanence.dirs.sys.plaintext = mkIf cfg.guest.enable [ sane.persist.dirs.sys.plaintext = mkIf cfg.guest.enable [
# intentionally allow other users to write to the guest folder # intentionally allow other users to write to the guest folder
{ directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; } { directory = "/home/guest"; user = "guest"; group = "users"; mode = "0775"; }
]; ];

4
hosts/desko/default.nix
View File

@@ -10,7 +10,7 @@
sane.services.duplicity.enable = true; sane.services.duplicity.enable = true;
sane.services.nixserve.enable = true; sane.services.nixserve.enable = true;
sane.services.nixserve.sopsFile = ../../secrets/desko.yaml; sane.services.nixserve.sopsFile = ../../secrets/desko.yaml;
sane.impermanence.enable = true; sane.persist.enable = true;
boot.loader.efi.canTouchEfiVariables = false; boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ]; sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
@@ -52,7 +52,7 @@
remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play remotePlay.openFirewall = true; # Open ports in the firewall for Steam Remote Play
dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server dedicatedServer.openFirewall = true; # Open ports in the firewall for Source Dedicated Server
}; };
sane.impermanence.dirs.home.plaintext = [ sane.persist.dirs.home.plaintext = [
".steam" ".steam"
".local/share/Steam" ".local/share/Steam"
]; ];

2
hosts/desko/fs.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.root-on-tmpfs = true; sane.persist.root-on-tmpfs = true;
# we need a /tmp for building large nix things. # we need a /tmp for building large nix things.
# a cross-compiled kernel, particularly, will easily use 30+GB of tmp # a cross-compiled kernel, particularly, will easily use 30+GB of tmp
fileSystems."/tmp" = { fileSystems."/tmp" = {

2
hosts/lappy/default.nix
View File

@@ -8,7 +8,7 @@
# sane.users.guest.enable = true; # sane.users.guest.enable = true;
sane.gui.sway.enable = true; sane.gui.sway.enable = true;
sane.impermanence.enable = true; sane.persist.enable = true;
sane.nixcache.enable = true; sane.nixcache.enable = true;
boot.loader.efi.canTouchEfiVariables = false; boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ]; sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];

2
hosts/lappy/fs.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.root-on-tmpfs = true; sane.persist.root-on-tmpfs = true;
# we need a /tmp of default size (half RAM) for building large nix things # we need a /tmp of default size (half RAM) for building large nix things
fileSystems."/tmp" = { fileSystems."/tmp" = {
device = "none"; device = "none";

6
hosts/moby/default.nix
View File

@@ -24,11 +24,11 @@
}; };
# usability compromises # usability compromises
sane.impermanence.dirs.home.private = [ sane.persist.dirs.home.private = [
config.sane.web-browser.dotDir config.sane.web-browser.dotDir
config.sane.web-browser.cacheDir config.sane.web-browser.cacheDir
]; ];
sane.impermanence.dirs.home.plaintext = [ sane.persist.dirs.home.plaintext = [
".config/pulse" # persist pulseaudio volume ".config/pulse" # persist pulseaudio volume
]; ];
@@ -38,7 +38,7 @@
]; ];
sane.nixcache.enable = true; sane.nixcache.enable = true;
sane.impermanence.enable = true; sane.persist.enable = true;
sane.gui.phosh.enable = true; sane.gui.phosh.enable = true;
boot.loader.efi.canTouchEfiVariables = false; boot.loader.efi.canTouchEfiVariables = false;

2
hosts/moby/fs.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.root-on-tmpfs = true; sane.persist.root-on-tmpfs = true;
fileSystems."/nix" = { fileSystems."/nix" = {
device = "/dev/disk/by-uuid/1f1271f8-53ce-4081-8a29-60a4a6b5d6f9"; device = "/dev/disk/by-uuid/1f1271f8-53ce-4081-8a29-60a4a6b5d6f9";
fsType = "btrfs"; fsType = "btrfs";

2
hosts/servo/default.nix
View File

@@ -13,7 +13,7 @@
pkgs.matrix-synapse pkgs.matrix-synapse
pkgs.freshrss pkgs.freshrss
]; ];
sane.impermanence.enable = true; sane.persist.enable = true;
sane.services.dyn-dns.enable = true; sane.services.dyn-dns.enable = true;
# sane.services.duplicity.enable = true; # TODO: re-enable after HW upgrade # sane.services.duplicity.enable = true; # TODO: re-enable after HW upgrade

14
hosts/servo/fs.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.root-on-tmpfs = true; sane.persist.root-on-tmpfs = true;
# we need a /tmp for building large nix things # we need a /tmp for building large nix things
fileSystems."/tmp" = { fileSystems."/tmp" = {
device = "none"; device = "none";
@@ -27,7 +27,7 @@
}; };
# slow, external storage (for archiving, etc) # slow, external storage (for archiving, etc)
fileSystems."/mnt/impermanence/ext" = { fileSystems."/mnt/persist/ext" = {
device = "/dev/disk/by-uuid/aa272cff-0fcc-498e-a4cb-0d95fb60631b"; device = "/dev/disk/by-uuid/aa272cff-0fcc-498e-a4cb-0d95fb60631b";
fsType = "btrfs"; fsType = "btrfs";
options = [ options = [
@@ -36,18 +36,18 @@
]; ];
}; };
sane.impermanence.stores."ext" = { sane.persist.stores."ext" = {
origin = "/mnt/impermanence/ext/persist"; origin = "/mnt/persist/ext/persist";
storeDescription = "external HDD storage"; storeDescription = "external HDD storage";
}; };
sane.fs."/mnt/impermanence/ext".mount = {}; sane.fs."/mnt/persist/ext".mount = {};
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: this is overly broad; only need media and share directories to be persisted # TODO: this is overly broad; only need media and share directories to be persisted
{ user = "colin"; group = "users"; directory = "/var/lib/uninsane"; } { user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
]; ];
# make sure large media is stored to the HDD # make sure large media is stored to the HDD
sane.impermanence.dirs.sys.ext = [ sane.persist.dirs.sys.ext = [
{ {
user = "colin"; user = "colin";
group = "users"; group = "users";

2
hosts/servo/services/ejabberd.nix
View File

@@ -19,7 +19,7 @@
# XXX: avatar support works in MUCs but not DMs # XXX: avatar support works in MUCs but not DMs
# lib.mkIf false # lib.mkIf false
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
{ user = "ejabberd"; group = "ejabberd"; directory = "/var/lib/ejabberd"; } { user = "ejabberd"; group = "ejabberd"; directory = "/var/lib/ejabberd"; }
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

2
hosts/servo/services/freshrss.nix
View File

@@ -16,7 +16,7 @@
owner = config.users.users.freshrss.name; owner = config.users.users.freshrss.name;
mode = "0400"; mode = "0400";
}; };
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
{ user = "freshrss"; group = "freshrss"; directory = "/var/lib/freshrss"; } { user = "freshrss"; group = "freshrss"; directory = "/var/lib/freshrss"; }
]; ];

2
hosts/servo/services/gitea.nix
View File

@@ -1,7 +1,7 @@
{ config, pkgs, lib, ... }: { config, pkgs, lib, ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? could be more granular # TODO: mode? could be more granular
{ user = "git"; group = "gitea"; directory = "/var/lib/gitea"; } { user = "git"; group = "gitea"; directory = "/var/lib/gitea"; }
]; ];

2
hosts/servo/services/ipfs.nix
View File

@@ -10,7 +10,7 @@
lib.mkIf false # i don't actively use ipfs anymore lib.mkIf false # i don't actively use ipfs anymore
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? could be more granular # TODO: mode? could be more granular
{ user = "261"; group = "261"; directory = "/var/lib/ipfs"; } { user = "261"; group = "261"; directory = "/var/lib/ipfs"; }
]; ];

2
hosts/servo/services/jackett.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? we only need this to save Indexer creds ==> migrate to config? # TODO: mode? we only need this to save Indexer creds ==> migrate to config?
{ user = "root"; group = "root"; directory = "/var/lib/jackett"; } { user = "root"; group = "root"; directory = "/var/lib/jackett"; }
]; ];

2
hosts/servo/services/jellyfin.nix
View File

@@ -7,7 +7,7 @@ lib.mkIf false
networking.firewall.allowedUDPPorts = [ networking.firewall.allowedUDPPorts = [
1900 7359 # DLNA: https://jellyfin.org/docs/general/networking/index.html 1900 7359 # DLNA: https://jellyfin.org/docs/general/networking/index.html
]; ];
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? could be more granular # TODO: mode? could be more granular
{ user = "jellyfin"; group = "jellyfin"; directory = "/var/lib/jellyfin"; } { user = "jellyfin"; group = "jellyfin"; directory = "/var/lib/jellyfin"; }
]; ];

2
hosts/servo/services/matrix/default.nix
View File

@@ -8,7 +8,7 @@
# ./irc.nix # ./irc.nix
]; ];
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; } { user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/matrix-synapse"; }
]; ];
services.matrix-synapse.enable = true; services.matrix-synapse.enable = true;

2
hosts/servo/services/matrix/discord-puppet.nix
View File

@@ -1,6 +1,6 @@
{ lib, ... }: { lib, ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
{ user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/mx-puppet-discord"; } { user = "matrix-synapse"; group = "matrix-synapse"; directory = "/var/lib/mx-puppet-discord"; }
]; ];

2
hosts/servo/services/matrix/irc.nix
View File

@@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? # TODO: mode?
# user and group are both "matrix-appservice-irc" # user and group are both "matrix-appservice-irc"
{ user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; } { user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }

2
hosts/servo/services/navidrome.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: we don't have a static user allocated for navidrome! # TODO: we don't have a static user allocated for navidrome!
# the chown would happen too early for us to set static perms # the chown would happen too early for us to set static perms
"/var/lib/private/navidrome" "/var/lib/private/navidrome"

2
hosts/servo/services/nginx.nix
View File

@@ -122,7 +122,7 @@ in
users.users.acme.uid = config.sane.allocations.acme-uid; users.users.acme.uid = config.sane.allocations.acme-uid;
users.groups.acme.gid = config.sane.allocations.acme-gid; users.groups.acme.gid = config.sane.allocations.acme-gid;
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? # TODO: mode?
{ user = "acme"; group = "acme"; directory = "/var/lib/acme"; } { user = "acme"; group = "acme"; directory = "/var/lib/acme"; }
{ user = "colin"; group = "users"; directory = "/var/www/sites"; } { user = "colin"; group = "users"; directory = "/var/www/sites"; }

2
hosts/servo/services/pleroma.nix
View File

@@ -6,7 +6,7 @@
{ config, pkgs, ... }: { config, pkgs, ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? could be more granular # TODO: mode? could be more granular
{ user = "pleroma"; group = "pleroma"; directory = "/var/lib/pleroma"; } { user = "pleroma"; group = "pleroma"; directory = "/var/lib/pleroma"; }
]; ];

2
hosts/servo/services/postfix.nix
View File

@@ -16,7 +16,7 @@ let
}; };
in in
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? could be more granular # TODO: mode? could be more granular
{ user = "opendkim"; group = "opendkim"; directory = "/var/lib/opendkim"; } { user = "opendkim"; group = "opendkim"; directory = "/var/lib/opendkim"; }
{ user = "root"; group = "root"; directory = "/var/lib/postfix"; } { user = "root"; group = "root"; directory = "/var/lib/postfix"; }

2
hosts/servo/services/postgres.nix
View File

@@ -1,7 +1,7 @@
{ ... }: { ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? # TODO: mode?
{ user = "postgres"; group = "postgres"; directory = "/var/lib/postgresql"; } { user = "postgres"; group = "postgres"; directory = "/var/lib/postgresql"; }
]; ];

2
hosts/servo/services/prosody.nix
View File

@@ -9,7 +9,7 @@
# nixnet runs ejabberd, so revisiting that. # nixnet runs ejabberd, so revisiting that.
lib.mkIf false lib.mkIf false
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
{ user = "prosody"; group = "prosody"; directory = "/var/lib/prosody"; } { user = "prosody"; group = "prosody"; directory = "/var/lib/prosody"; }
]; ];
networking.firewall.allowedTCPPorts = [ networking.firewall.allowedTCPPorts = [

2
hosts/servo/services/transmission.nix
View File

@@ -1,7 +1,7 @@
{ pkgs, ... }: { pkgs, ... }:
{ {
sane.impermanence.dirs.sys.plaintext = [ sane.persist.dirs.sys.plaintext = [
# TODO: mode? we need this specifically for the stats tracking in .config/ # TODO: mode? we need this specifically for the stats tracking in .config/
{ user = "transmission"; group = "transmission"; directory = "/var/lib/transmission"; } { user = "transmission"; group = "transmission"; directory = "/var/lib/transmission"; }
]; ];

2
modules/default.nix
View File

@@ -8,8 +8,8 @@
./home-manager ./home-manager
./packages.nix ./packages.nix
./image.nix ./image.nix
./impermanence
./nixcache.nix ./nixcache.nix
./persist
./services ./services
./sops.nix ./sops.nix
]; ];

2
modules/home-manager/neovim.nix
View File

@@ -3,7 +3,7 @@
lib.mkIf config.sane.home-manager.enable lib.mkIf config.sane.home-manager.enable
{ {
# private because there could be sensitive things in the swap # private because there could be sensitive things in the swap
sane.impermanence.dirs.home.private = [ ".cache/vim-swap" ]; sane.persist.dirs.home.private = [ ".cache/vim-swap" ];
home-manager.users.colin.programs.neovim = { home-manager.users.colin.programs.neovim = {
# neovim: https://github.com/neovim/neovim # neovim: https://github.com/neovim/neovim

2
modules/home-manager/zsh/default.nix
View File

@@ -2,7 +2,7 @@
lib.mkIf config.sane.home-manager.enable lib.mkIf config.sane.home-manager.enable
{ {
sane.impermanence.dirs.home.plaintext = [ sane.persist.dirs.home.plaintext = [
# we don't need to full zsh dir -- just the history file -- # we don't need to full zsh dir -- just the history file --
# but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks. # but zsh will sometimes backup the history file and we get fewer errors if we do proper mounts instead of symlinks.
# TODO: should be private? # TODO: should be private?

4
modules/packages.nix
View File

@@ -307,8 +307,8 @@ in
config = { config = {
environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs; environment.systemPackages = mkIf cfg.enableSystemPkgs systemPkgs;
sane.impermanence.dirs.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs); sane.persist.dirs.home.plaintext = concatLists (map (p: p.dir) cfg.enabledUserPkgs);
sane.impermanence.dirs.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs); sane.persist.dirs.home.private = concatLists (map (p: p.private) cfg.enabledUserPkgs);
# XXX: this might not be necessary. try removing this and cacert.unbundled? # XXX: this might not be necessary. try removing this and cacert.unbundled?
environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*"; environment.etc."ssl/certs".source = mkIf cfg.enableSystemPkgs "${pkgs.cacert.unbundled}/etc/ssl/certs/*";
}; };

10
modules/impermanence/default.nix → modules/persist/default.nix
View File

@@ -8,7 +8,7 @@ with lib;
let let
path = sane-lib.path; path = sane-lib.path;
sane-types = sane-lib.types; sane-types = sane-lib.types;
cfg = config.sane.impermanence; cfg = config.sane.persist;
storeType = types.submodule { storeType = types.submodule {
options = { options = {
@@ -131,20 +131,20 @@ let
in in
{ {
options = { options = {
sane.impermanence.enable = mkOption { sane.persist.enable = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
}; };
sane.impermanence.root-on-tmpfs = mkOption { sane.persist.root-on-tmpfs = mkOption {
default = false; default = false;
type = types.bool; type = types.bool;
description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix"; description = "define / fs root to be a tmpfs. make sure to mount some other device to /nix";
}; };
sane.impermanence.dirs = mkOption { sane.persist.dirs = mkOption {
type = dirsModule; type = dirsModule;
default = {}; default = {};
}; };
sane.impermanence.stores = mkOption { sane.persist.stores = mkOption {
type = types.attrsOf storeType; type = types.attrsOf storeType;
default = {}; default = {};
description = '' description = ''

2
modules/impermanence/root-on-tmpfs.nix → modules/persist/root-on-tmpfs.nix
View File

@@ -1,7 +1,7 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.sane.impermanence; cfg = config.sane.persist;
in in
{ {
fileSystems."/" = lib.mkIf (cfg.enable && cfg.root-on-tmpfs) { fileSystems."/" = lib.mkIf (cfg.enable && cfg.root-on-tmpfs) {

8
modules/impermanence/stores/crypt.nix → modules/persist/stores/crypt.nix
View File

@@ -2,17 +2,17 @@
let let
store = rec { store = rec {
device = "/mnt/impermanence/crypt/clearedonboot"; device = "/mnt/persist/crypt/clearedonboot";
underlying = { underlying = {
path = "/nix/persist/crypt/clearedonboot"; path = "/nix/persist/crypt/clearedonboot";
# TODO: consider moving this to /tmp, but that requires tmp be mounted first? # TODO: consider moving this to /tmp, but that requires tmp be mounted first?
key = "/mnt/impermanence/crypt/clearedonboot.key"; key = "/mnt/persist/crypt/clearedonboot.key";
}; };
}; };
in in
lib.mkIf config.sane.impermanence.enable lib.mkIf config.sane.persist.enable
{ {
sane.impermanence.stores."cryptClearOnBoot" = { sane.persist.stores."cryptClearOnBoot" = {
storeDescription = '' storeDescription = ''
stored to disk, but encrypted to an in-memory key and cleared on every boot stored to disk, but encrypted to an in-memory key and cleared on every boot
so that it's unreadable after power-off so that it's unreadable after power-off

0
modules/impermanence/stores/default.nix → modules/persist/stores/default.nix
View File

4
modules/impermanence/stores/plaintext.nix → modules/persist/stores/plaintext.nix
View File

@@ -1,9 +1,9 @@
{ config, lib, ... }: { config, lib, ... }:
let let
cfg = config.sane.impermanence; cfg = config.sane.persist;
in lib.mkIf cfg.enable { in lib.mkIf cfg.enable {
sane.impermanence.stores."plaintext" = { sane.persist.stores."plaintext" = {
origin = "/nix/persist"; origin = "/nix/persist";
}; };
# TODO: needed? # TODO: needed?

4
modules/impermanence/stores/private.nix → modules/persist/stores/private.nix
View File

@@ -1,8 +1,8 @@
{ config, lib, pkgs, utils, ... }: { config, lib, pkgs, utils, ... }:
lib.mkIf config.sane.impermanence.enable lib.mkIf config.sane.persist.enable
{ {
sane.impermanence.stores."private" = { sane.persist.stores."private" = {
storeDescription = '' storeDescription = ''
encrypted to the user's password and auto-unlocked at login encrypted to the user's password and auto-unlocked at login
''; '';

2
modules/services/duplicity.nix
View File

@@ -16,7 +16,7 @@ in
config = mkIf cfg.enable { config = mkIf cfg.enable {
# we need this mostly because of the size of duplicity's cache # we need this mostly because of the size of duplicity's cache
# TODO: move to cryptClearOnBoot and update perms # TODO: move to cryptClearOnBoot and update perms
sane.impermanence.dirs.sys.plaintext = [ "/var/lib/duplicity" ]; sane.persist.dirs.sys.plaintext = [ "/var/lib/duplicity" ];
services.duplicity.enable = true; services.duplicity.enable = true;
services.duplicity.targetUrl = "$DUPLICITY_URL"; services.duplicity.targetUrl = "$DUPLICITY_URL";