fix "rescue" host to eval again
This commit is contained in:
parent
ff8cfc9372
commit
c380f61bea
|
@ -6,7 +6,7 @@
|
||||||
|
|
||||||
boot.loader.efi.canTouchEfiVariables = false;
|
boot.loader.efi.canTouchEfiVariables = false;
|
||||||
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
sane.image.extraBootFiles = [ pkgs.bootpart-uefi-x86_64 ];
|
||||||
sane.persist.enable = false;
|
sane.persist.enable = false; # what we mean here is that the image is immutable; `/` is still tmpfs.
|
||||||
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
|
sane.nixcache.enable = false; # don't want to be calling out to dead machines that we're *trying* to rescue
|
||||||
|
|
||||||
# auto-login at shell
|
# auto-login at shell
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{ config, ... }:
|
{ config, lib, ... }:
|
||||||
{
|
{
|
||||||
sane.user.persist.byStore.plaintext = [
|
sane.user.persist.byStore.plaintext = [
|
||||||
"archive"
|
"archive"
|
||||||
|
@ -29,14 +29,17 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
# convenience
|
# convenience
|
||||||
sane.user.fs.".persist/private".symlink.target = config.sane.persist.stores.private.origin;
|
sane.user.fs = let
|
||||||
sane.user.fs.".persist/plaintext".symlink.target = config.sane.persist.stores.plaintext.origin;
|
persistEnabled = config.sane.persist.enable;
|
||||||
sane.user.fs.".persist/ephemeral".symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin;
|
in {
|
||||||
|
".persist/private" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.private.origin; };
|
||||||
|
".persist/plaintext" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.plaintext.origin; };
|
||||||
|
".persist/ephemeral" = lib.mkIf persistEnabled { symlink.target = config.sane.persist.stores.cryptClearOnBoot.origin; };
|
||||||
|
|
||||||
sane.user.fs."nixos".symlink.target = "dev/nixos";
|
"nixos".symlink.target = "dev/nixos";
|
||||||
|
|
||||||
sane.user.fs."Books/servo".symlink.target = "/mnt/servo/media/Books";
|
"Books/servo".symlink.target = "/mnt/servo/media/Books";
|
||||||
sane.user.fs."Videos/servo".symlink.target = "/mnt/servo/media/Videos";
|
"Videos/servo".symlink.target = "/mnt/servo/media/Videos";
|
||||||
# sane.user.fs."Music/servo".symlink.target = "/mnt/servo/media/Music";
|
"Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
|
||||||
sane.user.fs."Pictures/servo-macros".symlink.target = "/mnt/servo/media/Pictures/macros";
|
};
|
||||||
}
|
}
|
||||||
|
|
|
@ -28,7 +28,7 @@ in
|
||||||
|
|
||||||
fs.".local/share/keyrings/default" = {
|
fs.".local/share/keyrings/default" = {
|
||||||
file.text = "Default_keyring.keyring"; #< no trailing newline
|
file.text = "Default_keyring.keyring"; #< no trailing newline
|
||||||
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
# wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||||
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
||||||
"gnome-keyring.service" # TODO: sane.programs should declare this dependency for us
|
"gnome-keyring.service" # TODO: sane.programs should declare this dependency for us
|
||||||
];
|
];
|
||||||
|
@ -43,7 +43,7 @@ in
|
||||||
lock-on-idle=false
|
lock-on-idle=false
|
||||||
lock-after=false
|
lock-after=false
|
||||||
'';
|
'';
|
||||||
wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
# wantedBy = [ config.sane.fs."${config.sane.persist.stores.private.origin}".unit ];
|
||||||
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
wantedBeforeBy = [ #< don't create this as part of `multi-user.target`
|
||||||
"gnome-keyring.service"
|
"gnome-keyring.service"
|
||||||
];
|
];
|
||||||
|
|
|
@ -42,7 +42,7 @@
|
||||||
# - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix>
|
# - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix>
|
||||||
pamMount = let
|
pamMount = let
|
||||||
priv = config.fileSystems."${config.sane.persist.stores.private.origin}";
|
priv = config.fileSystems."${config.sane.persist.stores.private.origin}";
|
||||||
in {
|
in lib.mkIf config.sane.persist.enable {
|
||||||
fstype = priv.fsType;
|
fstype = priv.fsType;
|
||||||
path = priv.device;
|
path = priv.device;
|
||||||
mountpoint = priv.mountPoint;
|
mountpoint = priv.mountPoint;
|
||||||
|
|
|
@ -71,9 +71,11 @@ in
|
||||||
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
|
# N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
|
||||||
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
|
# during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
|
||||||
# TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
|
# TODO: this should go in the same dir as `/var/log`, then. i.e. `stores.initrd` (but rename to `stores.early`).
|
||||||
environment.etc."ssh/host_keys".source = let
|
environment.etc."ssh/host_keys" = let
|
||||||
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
|
plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
|
||||||
in "${plaintextBacking}/etc/ssh/host_keys";
|
in lib.mkIf config.sane.persist.enable {
|
||||||
|
source = "${plaintextBacking}/etc/ssh/host_keys";
|
||||||
|
};
|
||||||
|
|
||||||
# let openssh find our host keys
|
# let openssh find our host keys
|
||||||
services.openssh.hostKeys = [
|
services.openssh.hostKeys = [
|
||||||
|
|
Loading…
Reference in New Issue