impermanence: only persist service directories if those services are enabled.

machines/servo/services/gitea.nix

@@ -1,6 +1,10 @@
 { pkgs, lib, ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? could be more granular
+    { user = "994"; group = "993"; directory = "/var/lib/gitea"; }
+  ];
   services.gitea.enable = true;
   services.gitea.user = "git";  # default is 'gitea'
   services.gitea.database.type = "postgres";

machines/servo/services/ipfs.nix

@@ -1,5 +1,9 @@
 { ... }:
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? could be more granular
+    { user = "261"; group = "261"; directory = "/var/lib/ipfs"; }
+  ];
   services.ipfs.enable = true;
   services.ipfs.localDiscovery = true;
   services.ipfs.swarmAddress = [

machines/servo/services/jackett.nix

@@ -1,6 +1,10 @@
 { ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? we only need this to save Indexer creds ==> migrate to config?
+    { user = "root"; group = "root"; directory = "/var/lib/jackett"; }
+  ];
   services.jackett.enable = true;
 
   systemd.services.jackett.after = ["wg0veth.service"];

machines/servo/services/jellyfin.nix

@@ -1,5 +1,9 @@
 { ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? could be more granular
+    { user = "996"; group = "994"; directory = "/var/lib/jellyfin"; }
+  ];
   services.jellyfin.enable = true;
 }

machines/servo/services/matrix.nix

@@ -3,6 +3,11 @@
 { config, ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode?
+    { user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; }
+    { user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; }
+  ];
   services.matrix-synapse.enable = true;
   services.matrix-synapse.settings.server_name = "uninsane.org";
 

machines/servo/services/nginx.nix

@@ -254,4 +254,10 @@
 
   security.acme.acceptTerms = true;
   security.acme.defaults.email = "admin.acme@uninsane.org";
+
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode?
+    { user = "998"; group = "996"; directory = "/var/lib/acme"; }
+    { user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
+  ];
 }

machines/servo/services/pleroma.nix

@@ -4,6 +4,10 @@
 { config, pkgs, ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? could be more granular
+    { user = "997"; group = "995"; directory = "/var/lib/pleroma"; }
+  ];
   services.pleroma.enable = true;
   services.pleroma.secretConfigFile = config.sops.secrets.pleroma_secrets.path;
   services.pleroma.configs = [

machines/servo/services/postfix.nix

@@ -16,6 +16,11 @@ let
   };
 in
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? could be more granular
+    { user = "221"; group = "221"; directory = "/var/lib/opendkim"; }
+    { user = "root"; group = "root"; directory = "/var/lib/postfix"; }
+  ];
   services.postfix.enable = true;
   services.postfix.hostname = "mx.uninsane.org";
   services.postfix.origin = "uninsane.org";

machines/servo/services/postgres.nix

@@ -1,6 +1,10 @@
 { ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode?
+    { user = "71"; group = "71"; directory = "/var/lib/postgresql"; }
+  ];
   services.postgresql.enable = true;
   # services.postgresql.dataDir = "/opt/postgresql/13";
   # XXX colin: for a proper deploy, we'd want to include something for Pleroma here too.

machines/servo/services/transmission.nix

@@ -1,6 +1,10 @@
 { ... }:
 
 {
+  colinsane.impermanence.service-dirs = [
+    # TODO: mode? we need this specifically for the stats tracking in .config/
+    { user = "70"; group = "70"; directory = "/var/lib/transmission"; }
+  ];
   services.transmission.enable = true;
   services.transmission.settings = {
     rpc-bind-address = "0.0.0.0";

modules/impermanence.nix

@@ -18,6 +18,10 @@ in
       default = [];
       type = types.listOf (types.either types.str (types.attrsOf types.str));
     };
+    colinsane.impermanence.service-dirs = mkOption {
+      default = [];
+      type = types.listOf (types.either types.str (types.attrsOf types.str));
+    };
   };
 
   config = let
@@ -51,13 +55,12 @@ in
         "/var/backup"  # for e.g. postgres dumps
         # TODO: what even GOES in /srv?
         "/srv"
-      ]) ++ (map-service-dirs [
+      ]) ++ (map-service-dirs ([
         # "/var/lib/AccountsService"   # not sure what this is, but it's empty
         "/var/lib/alsa"                # preserve output levels, default devices
         # "/var/lib/blueman"           # files aren't human readable
         "/var/lib/bluetooth"           # preserve bluetooth handshakes
         "/var/lib/colord"              # preserve color calibrations (?)
-        "/var/lib/duplicity"           # we need this mostly because of the size of duplicity's cache
         # "/var/lib/dhclient"          # empty on lappy; dunno about desko
         # "/var/lib/fwupd"             # not sure why this would need persistent state
         # "/var/lib/geoclue"           # empty on lappy
@@ -76,23 +79,10 @@ in
         # "/var/lib/upower"            # historic charge data. unnecessary, but maybe used somewhere?
         #
         # servo additions:
-        { user = "998"; group = "996"; directory = "/var/lib/acme"; }  # TODO: mode?
         # "/var/lib/dhparams"          # https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/security/dhparams.nix
         # "/var/lib/dovecot"
         # "/var/lib/duplicity"
-        { user = "994"; group = "993"; directory = "/var/lib/gitea"; } # TODO: mode? could be more granular
-        { user = "261"; group = "261"; directory = "/var/lib/ipfs"; }  # TODO: mode? could be more granular
-        { user = "root"; group = "root"; directory = "/var/lib/jackett"; } # TODO: mode? we only need this to save Indexer creds ==> migrate to config?
-        { user = "996"; group = "994"; directory = "/var/lib/jellyfin"; } # TODO: mode? could be more granular
-        { user = "993"; group = "992"; directory = "/var/lib/matrix-appservice-irc"; } # TODO: mode?
-        { user = "224"; group = "224"; directory = "/var/lib/matrix-synapse"; } # TODO: mode?
-        { user = "221"; group = "221"; directory = "/var/lib/opendkim"; } # TODO: mode? move this to the nix config (SOPS)
-        { user = "997"; group = "995"; directory = "/var/lib/pleroma"; } # TODO: mode? could be more granular
-        { user = "71"; group = "71"; directory = "/var/lib/postgresql"; } # TODO: mode?
-        { user = "root"; group = "root"; directory = "/var/lib/postfix"; } # TODO: mode? could be more granular
-        { user = "70"; group = "70"; directory = "/var/lib/transmission"; } # TODO: mode? we need this specifically for the stats tracking in .config/
-        { user = "colin"; group = "users"; directory = "/var/lib/uninsane"; }
-      ]);
+      ] ++ cfg.service-dirs));
       files = [
         "/etc/machine-id"
         # "/home/colin/knowledge"

modules/services/duplicity.nix

@@ -14,6 +14,9 @@ in
   };
 
   config = mkIf cfg.enable {
+    # we need this mostly because of the size of duplicity's cache
+    colinsane.impermanence.service-dirs = [ "/var/lib/duplicity" ];
+
     services.duplicity.enable = true;
     services.duplicity.targetUrl = ''"$DUPLICITY_URL"'';
     services.duplicity.escapeUrl = false;

modules/universal/env/home-packages.nix

@@ -103,5 +103,6 @@ in
   # rustup
   # swig
   colinsane.home-manager.extraPackages = pkglist;
+  # TODO: this should be gated behind home-manager being enabled...
   colinsane.impermanence.home-dirs = dirlist;
 }