impermanence: only persist service directories if those services are enabled.
This commit is contained in:
parent
e2d7d63ebe
commit
99d55167f6
|
@ -1,6 +1,10 @@
|
|||
{ pkgs, lib, ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? could be more granular
|
||||
{ user = "994"; group = "993"; directory = "/var/lib/gitea"; }
|
||||
];
|
||||
services.gitea.enable = true;
|
||||
services.gitea.user = "git"; # default is 'gitea'
|
||||
services.gitea.database.type = "postgres";
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ ... }:
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? could be more granular
|
||||
{ user = "261"; group = "261"; directory = "/var/lib/ipfs"; }
|
||||
];
|
||||
services.ipfs.enable = true;
|
||||
services.ipfs.localDiscovery = true;
|
||||
services.ipfs.swarmAddress = [
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? we only need this to save Indexer creds ==> migrate to config?
|
||||
{ user = "root"; group = "root"; directory = "/var/lib/jackett"; }
|
||||
];
|
||||
services.jackett.enable = true;
|
||||
|
||||
systemd.services.jackett.after = ["wg0veth.service"];
|
||||
|
|
|
@ -1,5 +1,9 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? could be more granular
|
||||
{ user = "996"; group = "994"; directory = "/var/lib/jellyfin"; }
|
||||
];
|
||||
services.jellyfin.enable = true;
|
||||
}
|
||||
|
|
|
@ -3,6 +3,11 @@
|
|||
{ config, ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode?
|
||||
{ user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }
|
||||
{ user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; }
|
||||
];
|
||||
services.matrix-synapse.enable = true;
|
||||
services.matrix-synapse.settings.server_name = "uninsane.org";
|
||||
|
||||
|
|
|
@ -254,4 +254,10 @@
|
|||
|
||||
security.acme.acceptTerms = true;
|
||||
security.acme.defaults.email = "admin.acme@uninsane.org";
|
||||
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode?
|
||||
{ user = "998"; group = "996"; directory = "/var/lib/acme"; }
|
||||
{ user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
|
||||
];
|
||||
}
|
||||
|
|
|
@ -4,6 +4,10 @@
|
|||
{ config, pkgs, ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? could be more granular
|
||||
{ user = "997"; group = "995"; directory = "/var/lib/pleroma"; }
|
||||
];
|
||||
services.pleroma.enable = true;
|
||||
services.pleroma.secretConfigFile = config.sops.secrets.pleroma_secrets.path;
|
||||
services.pleroma.configs = [
|
||||
|
|
|
@ -16,6 +16,11 @@ let
|
|||
};
|
||||
in
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? could be more granular
|
||||
{ user = "221"; group = "221"; directory = "/var/lib/opendkim"; }
|
||||
{ user = "root"; group = "root"; directory = "/var/lib/postfix"; }
|
||||
];
|
||||
services.postfix.enable = true;
|
||||
services.postfix.hostname = "mx.uninsane.org";
|
||||
services.postfix.origin = "uninsane.org";
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode?
|
||||
{ user = "71"; group = "71"; directory = "/var/lib/postgresql"; }
|
||||
];
|
||||
services.postgresql.enable = true;
|
||||
# services.postgresql.dataDir = "/opt/postgresql/13";
|
||||
# XXX colin: for a proper deploy, we'd want to include something for Pleroma here too.
|
||||
|
|
|
@ -1,6 +1,10 @@
|
|||
{ ... }:
|
||||
|
||||
{
|
||||
colinsane.impermanence.service-dirs = [
|
||||
# TODO: mode? we need this specifically for the stats tracking in .config/
|
||||
{ user = "70"; group = "70"; directory = "/var/lib/transmission"; }
|
||||
];
|
||||
services.transmission.enable = true;
|
||||
services.transmission.settings = {
|
||||
rpc-bind-address = "0.0.0.0";
|
||||
|
|
|
@ -18,6 +18,10 @@ in
|
|||
default = [];
|
||||
type = types.listOf (types.either types.str (types.attrsOf types.str));
|
||||
};
|
||||
colinsane.impermanence.service-dirs = mkOption {
|
||||
default = [];
|
||||
type = types.listOf (types.either types.str (types.attrsOf types.str));
|
||||
};
|
||||
};
|
||||
|
||||
config = let
|
||||
|
@ -51,13 +55,12 @@ in
|
|||
"/var/backup" # for e.g. postgres dumps
|
||||
# TODO: what even GOES in /srv?
|
||||
"/srv"
|
||||
]) ++ (map-service-dirs [
|
||||
]) ++ (map-service-dirs ([
|
||||
# "/var/lib/AccountsService" # not sure what this is, but it's empty
|
||||
"/var/lib/alsa" # preserve output levels, default devices
|
||||
# "/var/lib/blueman" # files aren't human readable
|
||||
"/var/lib/bluetooth" # preserve bluetooth handshakes
|
||||
"/var/lib/colord" # preserve color calibrations (?)
|
||||
"/var/lib/duplicity" # we need this mostly because of the size of duplicity's cache
|
||||
# "/var/lib/dhclient" # empty on lappy; dunno about desko
|
||||
# "/var/lib/fwupd" # not sure why this would need persistent state
|
||||
# "/var/lib/geoclue" # empty on lappy
|
||||
|
@ -76,23 +79,10 @@ in
|
|||
# "/var/lib/upower" # historic charge data. unnecessary, but maybe used somewhere?
|
||||
#
|
||||
# servo additions:
|
||||
{ user = "998"; group = "996"; directory = "/var/lib/acme"; } # TODO: mode?
|
||||
# "/var/lib/dhparams" # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
|
||||
# "/var/lib/dovecot"
|
||||
# "/var/lib/duplicity"
|
||||
{ user = "994"; group = "993"; directory = "/var/lib/gitea"; } # TODO: mode? could be more granular
|
||||
{ user = "261"; group = "261"; directory = "/var/lib/ipfs"; } # TODO: mode? could be more granular
|
||||
{ user = "root"; group = "root"; directory = "/var/lib/jackett"; } # TODO: mode? we only need this to save Indexer creds ==> migrate to config?
|
||||
{ user = "996"; group = "994"; directory = "/var/lib/jellyfin"; } # TODO: mode? could be more granular
|
||||
{ user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; } # TODO: mode?
|
||||
{ user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; } # TODO: mode?
|
||||
{ user = "221"; group = "221"; directory = "/var/lib/opendkim"; } # TODO: mode? move this to the nix config (SOPS)
|
||||
{ user = "997"; group = "995"; directory = "/var/lib/pleroma"; } # TODO: mode? could be more granular
|
||||
{ user = "71"; group = "71"; directory = "/var/lib/postgresql"; } # TODO: mode?
|
||||
{ user = "root"; group = "root"; directory = "/var/lib/postfix"; } # TODO: mode? could be more granular
|
||||
{ user = "70"; group = "70"; directory = "/var/lib/transmission"; } # TODO: mode? we need this specifically for the stats tracking in .config/
|
||||
{ user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
|
||||
]);
|
||||
] ++ cfg.service-dirs));
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
# "/home/colin/knowledge"
|
||||
|
|
|
@ -14,6 +14,9 @@ in
|
|||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
# we need this mostly because of the size of duplicity's cache
|
||||
colinsane.impermanence.service-dirs = [ "/var/lib/duplicity" ];
|
||||
|
||||
services.duplicity.enable = true;
|
||||
services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
|
||||
services.duplicity.escapeUrl = false;
|
||||
|
|
1
modules/universal/env/home-packages.nix
vendored
1
modules/universal/env/home-packages.nix
vendored
|
@ -103,5 +103,6 @@ in
|
|||
# rustup
|
||||
# swig
|
||||
colinsane.home-manager.extraPackages = pkglist;
|
||||
# TODO: this should be gated behind home-manager being enabled...
|
||||
colinsane.impermanence.home-dirs = dirlist;
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue
Block a user