colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

persist: stores: make naming more consistent

Browse Source
This commit is contained in:
Colin
2024-02-23 14:57:20 +00:00
parent bd7ca20361
commit d7402ae170
3 changed files with 22 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
modules/persist/stores/crypt.nix
View File

@@ -2,9 +2,9 @@
let let
persist-base = "/nix/persist"; persist-base = "/nix/persist";
device = config.sane.persist.stores."cryptClearOnBoot".origin; origin = config.sane.persist.stores."cryptClearOnBoot".origin;
key = "${device}.key"; key = "${origin}.key";
underlying = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ]; backing = sane-lib.path.concat [ persist-base "crypt/clearedonboot" ];
in in
lib.mkIf config.sane.persist.enable lib.mkIf config.sane.persist.enable
{ {
@@ -17,8 +17,8 @@ lib.mkIf config.sane.persist.enable
}; };
fileSystems."${device}" = { fileSystems."${origin}" = {
device = underlying; device = backing;
fsType = "fuse.gocryptfs"; fsType = "fuse.gocryptfs";
options = [ options = [
# "nodev" # "Unknown parameter 'nodev'". gocryptfs requires this be passed as `-ko nodev` # "nodev" # "Unknown parameter 'nodev'". gocryptfs requires this be passed as `-ko nodev`
@@ -30,18 +30,18 @@ lib.mkIf config.sane.persist.enable
noCheck = true; noCheck = true;
}; };
# let sane.fs know about our fileSystem and automatically add the appropriate dependencies # let sane.fs know about our fileSystem and automatically add the appropriate dependencies
sane.fs."${device}".mount = { sane.fs."${origin}".mount = {
# technically the dependency on the keyfile is extraneous because that *happens* to # technically the dependency on the keyfile is extraneous because that *happens* to
# be needed to init the store. # be needed to init the store.
depends = let depends = let
cryptfile = config.sane.fs."${underlying}/gocryptfs.conf"; cryptfile = config.sane.fs."${backing}/gocryptfs.conf";
keyfile = config.sane.fs."${key}"; keyfile = config.sane.fs."${key}";
in [ keyfile.unit cryptfile.unit ]; in [ keyfile.unit cryptfile.unit ];
}; };
# let sane.fs know how to initialize the gocryptfs store, # let sane.fs know how to initialize the gocryptfs store,
# and that it MUST do so # and that it MUST do so
sane.fs."${underlying}/gocryptfs.conf".generated = let sane.fs."${backing}/gocryptfs.conf".generated = let
script = pkgs.writeShellScript "init-gocryptfs-store" '' script = pkgs.writeShellScript "init-gocryptfs-store" ''
backing="$1" backing="$1"
passfile="$2" passfile="$2"
@@ -54,7 +54,7 @@ lib.mkIf config.sane.persist.enable
${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing" ${pkgs.gocryptfs}/bin/gocryptfs -quiet -passfile "$passfile" -init "$backing"
''; '';
in { in {
command = [ "${script}" underlying key ]; command = [ "${script}" backing key ];
# we need the key in order to initialize the store # we need the key in order to initialize the store
depends = [ config.sane.fs."${key}".unit ]; depends = [ config.sane.fs."${key}".unit ];
}; };

10
modules/persist/stores/plaintext.nix
View File

@@ -3,13 +3,15 @@
let let
# TODO: parameterize! # TODO: parameterize!
persist-base = "/nix/persist"; persist-base = "/nix/persist";
plaintext-dir = config.sane.persist.stores."plaintext".origin; origin = config.sane.persist.stores."plaintext".origin;
plaintext-backing-dir = persist-base; #< TODO: scope this! backing = persist-base; #< TODO: scope this!
in lib.mkIf config.sane.persist.enable { in {
sane.persist.stores."plaintext" = { sane.persist.stores."plaintext" = {
origin = lib.mkDefault "/mnt/persist/plaintext"; origin = lib.mkDefault "/mnt/persist/plaintext";
}; };
# TODO: scope this! # TODO: scope this!
sane.fs."${plaintext-dir}".mount.bind = plaintext-backing-dir; sane.fs = lib.mkIf config.sane.persist.enable {
"${origin}".mount.bind = backing;
};
} }

14
modules/persist/stores/private.nix
View File

@@ -3,9 +3,9 @@
let let
# TODO: parameterize! # TODO: parameterize!
persist-base = "/nix/persist"; persist-base = "/nix/persist";
private-dir = config.sane.persist.stores."private".origin; origin = config.sane.persist.stores."private".origin;
# TODO: remove the `prefix` part of this (will require data migration) # TODO: remove the `prefix` part of this (will require data migration)
private-backing-dir = sane-lib.path.concat [ persist-base config.sane.persist.stores."private".prefix "private" ]; backing = sane-lib.path.concat [ persist-base config.sane.persist.stores."private".prefix "private" ];
in in
lib.mkIf config.sane.persist.enable lib.mkIf config.sane.persist.enable
{ {
@@ -17,7 +17,7 @@ lib.mkIf config.sane.persist.enable
''; '';
origin = lib.mkDefault "/mnt/persist/private"; origin = lib.mkDefault "/mnt/persist/private";
defaultOrdering = let defaultOrdering = let
private-unit = config.sane.fs."${private-dir}".unit; private-unit = config.sane.fs."${origin}".unit;
in { in {
# auto create only after the store is mounted # auto create only after the store is mounted
wantedBy = [ private-unit ]; wantedBy = [ private-unit ];
@@ -27,8 +27,8 @@ lib.mkIf config.sane.persist.enable
defaultMethod = "symlink"; defaultMethod = "symlink";
}; };
fileSystems."${private-dir}" = { fileSystems."${origin}" = {
device = private-backing-dir; device = backing;
fsType = "fuse.gocryptfs"; fsType = "fuse.gocryptfs";
options = [ options = [
"noauto" # don't try to mount, until the user logs in! "noauto" # don't try to mount, until the user logs in!
@@ -44,9 +44,9 @@ lib.mkIf config.sane.persist.enable
}; };
# let sane.fs know about the mount # let sane.fs know about the mount
sane.fs."${private-dir}".mount = {}; sane.fs."${origin}".mount = {};
# it also needs to know that the underlying device is an ordinary folder # it also needs to know that the underlying device is an ordinary folder
sane.fs."${private-backing-dir}".dir = {}; sane.fs."${backing}".dir = {};
# TODO: could add this *specifically* to the .mount file for the encrypted fs? # TODO: could add this *specifically* to the .mount file for the encrypted fs?
system.fsPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs system.fsPackages = [ pkgs.gocryptfs ]; # fuse needs to find gocryptfs