impermanence: clean up the bind mounts
This commit is contained in:
parent
0e920230ba
commit
89e519810d
|
@ -31,9 +31,6 @@ let
|
|||
};
|
||||
in lib.mkIf config.sane.impermanence.enable
|
||||
{
|
||||
# declare our backing storage
|
||||
sane.fs."${store.underlying.path}".dir = {};
|
||||
|
||||
systemd.services."prepareEncryptedClearedOnBoot" = rec {
|
||||
description = "prepare keys for ${store.device}";
|
||||
serviceConfig.ExecStart = ''
|
||||
|
@ -68,12 +65,17 @@ in lib.mkIf config.sane.impermanence.enable
|
|||
];
|
||||
noCheck = true;
|
||||
};
|
||||
|
||||
sane.fs."${store.device}" = {
|
||||
# ensure the fs is mounted only after the mountpoint directory is created
|
||||
dir.reverseDepends = [ store.mount-unit ];
|
||||
# HACK: this fs entry is provided by our mount service.
|
||||
unit = store.mount-unit;
|
||||
};
|
||||
sane.fs."${store.underlying.path}" = {
|
||||
# don't mount until after the backing dir is setup correctly.
|
||||
dir.reverseDepends = [ store.mount-unit ];
|
||||
};
|
||||
|
||||
# TODO: could add this *specifically* to the .mount file for the encrypted fs?
|
||||
environment.systemPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs
|
||||
|
|
|
@ -137,33 +137,30 @@ in
|
|||
};
|
||||
in {
|
||||
# create destination and backing directory, with correct perms
|
||||
sane.fs."${opt.directory}".dir = dir-opts;
|
||||
sane.fs."${backing-path}".dir = dir-opts;
|
||||
sane.fs."${opt.directory}" = {
|
||||
# inherit perms & make sure we don't mount until after the mount point is setup correctly.
|
||||
dir = dir-opts // { reverseDepends = [ mount-unit ]; };
|
||||
# HACK: anything depending on this directory should actually depend on it being mounted.
|
||||
unit = mount-unit;
|
||||
};
|
||||
sane.fs."${backing-path}" = {
|
||||
# inherit perms & make sure we don't mount until after the backing dir is setup correctly.
|
||||
dir = dir-opts // { reverseDepends = [ mount-unit ]; };
|
||||
};
|
||||
# define the mountpoint.
|
||||
fileSystems."${opt.directory}" = {
|
||||
device = backing-path;
|
||||
options = [
|
||||
"bind"
|
||||
# "x-systemd.requires=${backing-mount}.mount" # this should be implicit
|
||||
"x-systemd.after=${backing-unit}"
|
||||
"x-systemd.after=${dir-unit}"
|
||||
# `wants` doesn't seem to make it to the service file here :-(
|
||||
# "x-systemd.wants=${backing-unit}"
|
||||
# "x-systemd.wants=${dir-unit}"
|
||||
];
|
||||
# fsType = "bind";
|
||||
noCheck = true;
|
||||
};
|
||||
# mounting <opt.directory> must happen after the backing directory is created *and* the mountpt directory is created.
|
||||
systemd.units."${backing-unit}".wantedBy = [ mount-unit ];
|
||||
systemd.units."${dir-unit}".wantedBy = [ mount-unit ];
|
||||
|
||||
};
|
||||
cfgs = builtins.map cfgFor ingested-dirs;
|
||||
in {
|
||||
fileSystems = lib.mkMerge (catAttrs "fileSystems" cfgs);
|
||||
sane.fs = lib.mkMerge (catAttrs "fs" (catAttrs "sane" cfgs));
|
||||
systemd = lib.mkMerge (catAttrs "systemd" cfgs);
|
||||
}
|
||||
)
|
||||
|
||||
|
|
Loading…
Reference in New Issue
Block a user