impermanence: cleanup the dirs
submodule
This commit is contained in:
parent
829680fb00
commit
9c248a8a31
|
@ -65,46 +65,40 @@ let
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
||||||
|
dirsSubModule = types.submodule {
|
||||||
|
options = {
|
||||||
|
plaintext = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf contextualizedDirOrShorthand;
|
||||||
|
description = "directories to persist in cleartext";
|
||||||
|
};
|
||||||
|
private = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf contextualizedDirOrShorthand;
|
||||||
|
description = "directories to store encrypted to the user's login password and auto-decrypt on login";
|
||||||
|
};
|
||||||
|
cryptClearOnBoot = mkOption {
|
||||||
|
default = [];
|
||||||
|
type = types.listOf contextualizedDirOrShorthand;
|
||||||
|
description = ''
|
||||||
|
directories to store encrypted to an auto-generated in-memory key and
|
||||||
|
wiped on boot. the main use is for sensitive cache dirs too large to fit in memory.
|
||||||
|
'';
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
dirsModule = types.submodule ({ config, ... }: {
|
dirsModule = types.submodule ({ config, ... }: {
|
||||||
options = {
|
options = {
|
||||||
home = mkOption {
|
home = mkOption {
|
||||||
description = "directories to persist to disk, relative to a user's home ~";
|
description = "directories to persist to disk, relative to a user's home ~";
|
||||||
default = {};
|
default = {};
|
||||||
type = types.submodule {
|
type = dirsSubModule;
|
||||||
options = {
|
|
||||||
plaintext = mkOption {
|
|
||||||
default = [];
|
|
||||||
type = types.listOf contextualizedDirOrShorthand;
|
|
||||||
description = "directories to persist in cleartext";
|
|
||||||
};
|
|
||||||
private = mkOption {
|
|
||||||
default = [];
|
|
||||||
type = types.listOf contextualizedDirOrShorthand;
|
|
||||||
description = "directories to store encrypted to the user's login password and auto-decrypt on login";
|
|
||||||
};
|
|
||||||
cryptClearOnBoot = mkOption {
|
|
||||||
default = [];
|
|
||||||
type = types.listOf contextualizedDirOrShorthand;
|
|
||||||
description = ''
|
|
||||||
directories to store encrypted to an auto-generated in-memory key and
|
|
||||||
wiped on boot. the main use is for sensitive cache dirs too large to fit in memory.
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
sys = mkOption {
|
sys = mkOption {
|
||||||
description = "directories to persist to disk, relative to the fs root /";
|
description = "directories to persist to disk, relative to the fs root /";
|
||||||
default = {};
|
default = {};
|
||||||
type = types.submodule {
|
type = dirsSubModule;
|
||||||
options = {
|
|
||||||
plaintext = mkOption {
|
|
||||||
default = [];
|
|
||||||
type = types.listOf contextualizedDirOrShorthand;
|
|
||||||
description = "list of directories (and optional config) to persist to disk in plaintext, relative to the fs root /";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
all = mkOption {
|
all = mkOption {
|
||||||
type = types.listOf contextFreeDir;
|
type = types.listOf contextFreeDir;
|
||||||
|
@ -120,11 +114,13 @@ let
|
||||||
})
|
})
|
||||||
dirs
|
dirs
|
||||||
);
|
);
|
||||||
|
mapDirSets = relativeTo: dirsSubOptions: let
|
||||||
|
# list where each elem is a list from calling mapDirs on one store at a time
|
||||||
|
contextFreeDirSets = lib.mapAttrsToList (mapDirs relativeTo) dirsSubOptions;
|
||||||
|
in
|
||||||
|
builtins.concatLists contextFreeDirSets;
|
||||||
in {
|
in {
|
||||||
all = (mapDirs "/home/colin" "plaintext" config.home.plaintext)
|
all = (mapDirSets "/home/colin" config.home) ++ (mapDirSets "/" config.sys);
|
||||||
++ (mapDirs "/home/colin" "private" config.home.private)
|
|
||||||
++ (mapDirs "/home/colin" "cryptClearOnBoot" config.home.cryptClearOnBoot)
|
|
||||||
++ (mapDirs "/" "plaintext" config.sys.plaintext);
|
|
||||||
};
|
};
|
||||||
});
|
});
|
||||||
in
|
in
|
||||||
|
|
Loading…
Reference in New Issue
Block a user