fix "rescue" host to eval again
This commit is contained in:
parent
ff8cfc9372
commit
c380f61bea
|
@ -6,7 +6,7 @@
|
|||
|
||||
boot.loader.efi.canTouchEfiVariables = false;
|
||||
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
||||
sane.persist.enable = false;
|
||||
sane.persist.enable = false; # what we mean here is that the image is immutable; `/` is still tmpfs.
|
||||
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
|
||||
|
||||
# auto-login at shell
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{ config, ... }:
|
||||
{ config, lib, ... }:
|
||||
{
|
||||
sane.user.persist.byStore.plaintext = [
|
||||
"archive"
|
||||
|
@ -29,14 +29,17 @@
|
|||
];
|
||||
|
||||
# convenience
|
||||
sane.user.fs.".persist/private".symlink.target = config.sane.persist.stores.private.origin;
|
||||
sane.user.fs.".persist/plaintext".symlink.target = config.sane.persist.stores.plaintext.origin;
|
||||
sane.user.fs.".persist/ephemeral".symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin;
|
||||
sane.user.fs = let
|
||||
persistEnabled = config.sane.persist.enable;
|
||||
in {
|
||||
".persist/private" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.private.origin; };
|
||||
".persist/plaintext" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.plaintext.origin; };
|
||||
".persist/ephemeral" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin; };
|
||||
|
||||
sane.user.fs."nixos".symlink.target = "dev/nixos";
|
||||
"nixos".symlink.target = "dev/nixos";
|
||||
|
||||
sane.user.fs."Books/servo".symlink.target = "/mnt/servo/media/Books";
|
||||
sane.user.fs."Videos/servo".symlink.target = "/mnt/servo/media/Videos";
|
||||
# sane.user.fs."Music/servo".symlink.target = "/mnt/servo/media/Music";
|
||||
sane.user.fs."Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
|
||||
"Books/servo".symlink.target = "/mnt/servo/media/Books";
|
||||
"Videos/servo".symlink.target = "/mnt/servo/media/Videos";
|
||||
"Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
|
||||
};
|
||||
}
|
||||
|
|
|
@ -28,7 +28,7 @@ in
|
|||
|
||||
fs.".local/share/keyrings/default" = {
|
||||
file.text = "Default_keyring.keyring"; #< no trailing newline
|
||||
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||
# wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
||||
"gnome-keyring.service" # TODO: sane.programs should declare this dependency for us
|
||||
];
|
||||
|
@ -43,7 +43,7 @@ in
|
|||
lock-on-idle=false
|
||||
lock-after=false
|
||||
'';
|
||||
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||
# wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
||||
"gnome-keyring.service"
|
||||
];
|
||||
|
|
|
@ -42,7 +42,7 @@
|
|||
# - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix>
|
||||
pamMount = let
|
||||
priv = config.fileSystems."${config.sane.persist.stores.private.origin}";
|
||||
in {
|
||||
in lib.mkIf config.sane.persist.enable {
|
||||
fstype = priv.fsType;
|
||||
path = priv.device;
|
||||
mountpoint = priv.mountPoint;
|
||||
|
|
|
@ -71,9 +71,11 @@ in
|
|||
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
|
||||
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
|
||||
# TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
|
||||
environment.etc."ssh/host_keys".source = let
|
||||
environment.etc."ssh/host_keys" = let
|
||||
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
|
||||
in "${plaintextBacking}/etc/ssh/host_keys";
|
||||
in lib.mkIf config.sane.persist.enable {
|
||||
source = "${plaintextBacking}/etc/ssh/host_keys";
|
||||
};
|
||||
|
||||
# let openssh find our host keys
|
||||
services.openssh.hostKeys = [
|
||||
|
|
Loading…
Reference in New Issue