colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix "rescue" host to eval again

This commit is contained in:
Colin 2024-02-28 14:19:45 +00:00
parent ff8cfc9372
commit c380f61bea
5 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
hosts/by-name/rescue/default.nix
View File

@ -6,7 +6,7 @@
boot.loader.efi.canTouchEfiVariables = false; boot.loader.efi.canTouchEfiVariables = false;
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ]; sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
sane.persist.enable = false; sane.persist.enable = false; # what we mean here is that the image is immutable; `/` is still tmpfs.
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
# auto-login at shell # auto-login at shell

21
hosts/common/home/fs.nix
View File

@ -1,4 +1,4 @@
{ config, ... }: { config, lib, ... }:
{ {
sane.user.persist.byStore.plaintext = [ sane.user.persist.byStore.plaintext = [
"archive" "archive"
@ -29,14 +29,17 @@
]; ];
# convenience # convenience
sane.user.fs.".persist/private".symlink.target = config.sane.persist.stores.private.origin; sane.user.fs = let
sane.user.fs.".persist/plaintext".symlink.target = config.sane.persist.stores.plaintext.origin; persistEnabled = config.sane.persist.enable;
sane.user.fs.".persist/ephemeral".symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin; in {
".persist/private" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.private.origin; };
".persist/plaintext" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.plaintext.origin; };
".persist/ephemeral" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin; };
sane.user.fs."nixos".symlink.target = "dev/nixos"; "nixos".symlink.target = "dev/nixos";
sane.user.fs."Books/servo".symlink.target = "/mnt/servo/media/Books"; "Books/servo".symlink.target = "/mnt/servo/media/Books";
sane.user.fs."Videos/servo".symlink.target = "/mnt/servo/media/Videos"; "Videos/servo".symlink.target = "/mnt/servo/media/Videos";
# sane.user.fs."Music/servo".symlink.target = "/mnt/servo/media/Music"; "Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
sane.user.fs."Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros"; };
} }

4
hosts/common/programs/gnome-keyring/default.nix
View File

@ -28,7 +28,7 @@ in
fs.".local/share/keyrings/default" = { fs.".local/share/keyrings/default" = {
file.text = "Default_keyring.keyring"; #< no trailing newline file.text = "Default_keyring.keyring"; #< no trailing newline
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ]; # wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
wantedBeforeBy = [ #< don't create this as part of `multi-user.target` wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
"gnome-keyring.service" # TODO: sane.programs should declare this dependency for us "gnome-keyring.service" # TODO: sane.programs should declare this dependency for us
]; ];
@ -43,7 +43,7 @@ in
lock-on-idle=false lock-on-idle=false
lock-after=false lock-after=false
''; '';
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ]; # wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
wantedBeforeBy = [ #< don't create this as part of `multi-user.target` wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
"gnome-keyring.service" "gnome-keyring.service"
]; ];

2
hosts/common/users/colin.nix
View File

@ -42,7 +42,7 @@
# - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix> # - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix>
pamMount = let pamMount = let
priv = config.fileSystems."${config.sane.persist.stores.private.origin}"; priv = config.fileSystems."${config.sane.persist.stores.private.origin}";
in { in lib.mkIf config.sane.persist.enable {
fstype = priv.fsType; fstype = priv.fsType;
path = priv.device; path = priv.device;
mountpoint = priv.mountPoint; mountpoint = priv.mountPoint;

6
modules/ssh.nix
View File

@ -71,9 +71,11 @@ in
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script). # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
# TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`). # TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
environment.etc."ssh/host_keys".source = let environment.etc."ssh/host_keys" = let
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind; plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
in "${plaintextBacking}/etc/ssh/host_keys"; in lib.mkIf config.sane.persist.enable {
source = "${plaintextBacking}/etc/ssh/host_keys";
};
# let openssh find our host keys # let openssh find our host keys
services.openssh.hostKeys = [ services.openssh.hostKeys = [