persistence: cleanup so it all works well with symlink-based stores
This commit is contained in:
parent
af2f97d61e
commit
aa0991bd6c
|
@ -395,7 +395,10 @@ in
|
||||||
fuzzel.sandbox.method = "bwrap"; #< landlock nearly works, but unable to open ~/.cache
|
fuzzel.sandbox.method = "bwrap"; #< landlock nearly works, but unable to open ~/.cache
|
||||||
fuzzel.sandbox.wrapperType = "wrappedDerivation";
|
fuzzel.sandbox.wrapperType = "wrappedDerivation";
|
||||||
fuzzel.sandbox.whitelistWayland = true;
|
fuzzel.sandbox.whitelistWayland = true;
|
||||||
fuzzel.persist.byStore.private = [ ".cache/fuzzel" ]; #< this is a file of recent selections
|
fuzzel.persist.byStore.private = [
|
||||||
|
# this is a file of recent selections
|
||||||
|
{ path=".cache/fuzzel"; type="file"; }
|
||||||
|
];
|
||||||
|
|
||||||
gawk.sandbox.method = "bwrap"; # TODO:sandbox: untested
|
gawk.sandbox.method = "bwrap"; # TODO:sandbox: untested
|
||||||
gawk.sandbox.wrapperType = "inplace"; # share/gawk libraries refer to /libexec
|
gawk.sandbox.wrapperType = "inplace"; # share/gawk libraries refer to /libexec
|
||||||
|
@ -494,7 +497,9 @@ in
|
||||||
|
|
||||||
# TODO: gnome-maps: move to own file
|
# TODO: gnome-maps: move to own file
|
||||||
"gnome.gnome-maps".persist.byStore.plaintext = [ ".cache/shumate" ];
|
"gnome.gnome-maps".persist.byStore.plaintext = [ ".cache/shumate" ];
|
||||||
"gnome.gnome-maps".persist.byStore.private = [ ".local/share/maps-places.json" ];
|
"gnome.gnome-maps".persist.byStore.private = [
|
||||||
|
({ path = ".local/share/maps-places.json"; type = "file"; })
|
||||||
|
];
|
||||||
|
|
||||||
# hitori rules:
|
# hitori rules:
|
||||||
# - click to shade a tile
|
# - click to shade a tile
|
||||||
|
|
|
@ -18,6 +18,8 @@
|
||||||
# support media imports via file->open dir to some common media directories
|
# support media imports via file->open dir to some common media directories
|
||||||
"tmp"
|
"tmp"
|
||||||
"Music"
|
"Music"
|
||||||
|
# audacity needs the entire config dir mounted if running in a sandbox
|
||||||
|
".config/audacity"
|
||||||
];
|
];
|
||||||
|
|
||||||
# disable first-run splash screen
|
# disable first-run splash screen
|
||||||
|
@ -29,7 +31,5 @@
|
||||||
Major=3
|
Major=3
|
||||||
Minor=4
|
Minor=4
|
||||||
'';
|
'';
|
||||||
# audacity needs the entire config dir mounted if running in a sandbox
|
|
||||||
fs.".config/audacity".dir = {};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -80,7 +80,10 @@ in
|
||||||
"Videos/servo"
|
"Videos/servo"
|
||||||
];
|
];
|
||||||
|
|
||||||
persist.byStore.plaintext = [ ".local/state/mpv/watch_later" ];
|
persist.byStore.plaintext = [
|
||||||
|
# for `watch_later`
|
||||||
|
".local/state/mpv"
|
||||||
|
];
|
||||||
fs.".config/mpv/input.conf".symlink.text = let
|
fs.".config/mpv/input.conf".symlink.text = let
|
||||||
execInTerm = "${pkgs.xdg-terminal-exec}/bin/xdg-terminal-exec";
|
execInTerm = "${pkgs.xdg-terminal-exec}/bin/xdg-terminal-exec";
|
||||||
in ''
|
in ''
|
||||||
|
|
|
@ -24,7 +24,7 @@ in
|
||||||
persist.byStore.private = [
|
persist.byStore.private = [
|
||||||
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
|
# vlc remembers play position in ~/.config/vlc/vlc-qt-interface.conf
|
||||||
# filenames are stored in plaintext (unlike mpv, which i think hashes them)
|
# filenames are stored in plaintext (unlike mpv, which i think hashes them)
|
||||||
".config/vlc"
|
({ path = ".config/vlc/vlc-qt-interface.conf"; type = "file"; })
|
||||||
# vlc caches artwork. i'm not sure where it gets the artwork (internet? embedded metadata?)
|
# vlc caches artwork. i'm not sure where it gets the artwork (internet? embedded metadata?)
|
||||||
".cache/vlc"
|
".cache/vlc"
|
||||||
];
|
];
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
".local/share/webkitgtk"
|
".local/share/webkitgtk"
|
||||||
];
|
];
|
||||||
persist.byStore.private = [
|
persist.byStore.private = [
|
||||||
".local/share/historic.json" # history
|
({ path=".local/share/historic.json"; type="file"; }) # history
|
||||||
# .local/share/cookies (probably not necessary to persist?)
|
# .local/share/cookies (probably not necessary to persist?)
|
||||||
|
|
||||||
# .local/share/booklists.json (empty; not sure if wike's)
|
# .local/share/booklists.json (empty; not sure if wike's)
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
# notably:
|
# notably:
|
||||||
# - `/root/.cache/nix/` takes up ~10 MB on lappy/desko/servo
|
# - `/root/.cache/nix/` takes up ~10 MB on lappy/desko/servo
|
||||||
# - `/root/.cache/mesa_shader_cache` takes up 1-2 MB on moby
|
# - `/root/.cache/mesa_shader_cache` takes up 1-2 MB on moby
|
||||||
{ path = "/root"; user = "root"; group = "root"; mode = "0700"; }
|
# /root gets created earlier during boot, so safer to specify only subdirs here
|
||||||
|
{ path = "/root/.cache"; user = "root"; group = "root"; mode = "0700"; }
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -236,23 +236,25 @@ in
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(lib.optionalAttrs (opt.type == "file") {
|
(lib.optionalAttrs (opt.type == "file") {
|
||||||
# ensure the backing path of this file's parent exists.
|
# create the backing file, as an empty file.
|
||||||
# XXX: this forces the backing parent to be a directory
|
# the old way was to create the parent directory and leave the file empty, expecting the program to create it.
|
||||||
# this is almost always what is wanted, but it's sometimes an arbitrary constraint
|
# that doesn't work well with sandboxing, where the fs handles we want to give the program have to exist before launch.
|
||||||
sane.fs."${path.parent (fsPathToBackingPath fspath)}" = {
|
sane.fs."${fsPathToBackingPath fspath}" = {
|
||||||
wantedBeforeBy = [ config.sane.fs."${fspath}".unit ];
|
wantedBeforeBy = [ config.sane.fs."${fspath}".unit ];
|
||||||
dir = {};
|
file.acl = config.sane.fs."${fspath}".generated.acl;
|
||||||
|
file.text = lib.mkDefault "";
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
{
|
{
|
||||||
# default each item along the backing path to have the same acl as the location it would be mounted.
|
# default each item along the backing path to have the same acl as the location it would be mounted.
|
||||||
|
# also, default each parent to being a directory.
|
||||||
sane.fs = lib.mkMerge (builtins.map
|
sane.fs = lib.mkMerge (builtins.map
|
||||||
(fsSubpath: {
|
(fsSubpath: {
|
||||||
"${fsPathToBackingPath fsSubpath}" = {
|
"${fsPathToBackingPath fsSubpath}" = {
|
||||||
generated.acl = config.sane.fs."${fsSubpath}".generated.acl;
|
dir.acl = config.sane.fs."${fsSubpath}".generated.acl;
|
||||||
};
|
};
|
||||||
})
|
})
|
||||||
(path.walk store.prefix (path.parent fspath))
|
(lib.init (path.walk store.prefix fspath))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
|
|
Loading…
Reference in New Issue
Block a user