impermanence: clean up the bind mounts

2022-12-31 12:31:49 +00:00 · 2022-12-31 12:31:49 +00:00 · 89e519810d
commit 89e519810d
parent 0e920230ba
2 changed files with 15 additions and 16 deletions
--- a/modules/impermanence/crypt.nix
+++ b/modules/impermanence/crypt.nix
@ -31,9 +31,6 @@ let
  };
 in lib.mkIf config.sane.impermanence.enable
 {
-  # declare our backing storage
-  sane.fs."${store.underlying.path}".dir = {};
-
  systemd.services."prepareEncryptedClearedOnBoot" = rec {
    description = "prepare keys for ${store.device}";
    serviceConfig.ExecStart = ''
@ -68,12 +65,17 @@ in lib.mkIf config.sane.impermanence.enable
    ];
    noCheck = true;
  };
+
  sane.fs."${store.device}" = {
    # ensure the fs is mounted only after the mountpoint directory is created
    dir.reverseDepends = [ store.mount-unit ];
    # HACK: this fs entry is provided by our mount service.
    unit = store.mount-unit;
  };
+  sane.fs."${store.underlying.path}" = {
+    # don't mount until after the backing dir is setup correctly.
+    dir.reverseDepends = [ store.mount-unit ];
+  };

  # TODO: could add this *specifically* to the .mount file for the encrypted fs?
  environment.systemPackages = [ pkgs.gocryptfs ];  # fuse needs to find gocryptfs
--- a/modules/impermanence/default.nix
+++ b/modules/impermanence/default.nix
@ -137,33 +137,30 @@ in
          };
        in {
          # create destination and backing directory, with correct perms
-          sane.fs."${opt.directory}".dir = dir-opts;
-          sane.fs."${backing-path}".dir = dir-opts;
+          sane.fs."${opt.directory}" = {
+            # inherit perms & make sure we don't mount until after the mount point is setup correctly.
+            dir = dir-opts // { reverseDepends = [ mount-unit ]; };
+            # HACK: anything depending on this directory should actually depend on it being mounted.
+            unit = mount-unit;
+          };
+          sane.fs."${backing-path}" = {
+            # inherit perms & make sure we don't mount until after the backing dir is setup correctly.
+            dir = dir-opts // { reverseDepends = [ mount-unit ]; };
+          };
          # define the mountpoint.
          fileSystems."${opt.directory}" = {
            device = backing-path;
            options = [
              "bind"
-              # "x-systemd.requires=${backing-mount}.mount"  # this should be implicit
-              "x-systemd.after=${backing-unit}"
-              "x-systemd.after=${dir-unit}"
-              # `wants` doesn't seem to make it to the service file here :-(
-              # "x-systemd.wants=${backing-unit}"
-              # "x-systemd.wants=${dir-unit}"
            ];
            # fsType = "bind";
            noCheck = true;
          };
-          # mounting <opt.directory> must happen after the backing directory is created *and* the mountpt directory is created.
-          systemd.units."${backing-unit}".wantedBy = [ mount-unit ];
-          systemd.units."${dir-unit}".wantedBy = [ mount-unit ];
-
        };
        cfgs = builtins.map cfgFor ingested-dirs;
      in {
        fileSystems = lib.mkMerge (catAttrs "fileSystems" cfgs);
        sane.fs = lib.mkMerge (catAttrs "fs" (catAttrs "sane" cfgs));
-        systemd = lib.mkMerge (catAttrs "systemd" cfgs);
      }
    )