From d7c8638fea0ea396286dd28292637210351ef4e3 Mon Sep 17 00:00:00 2001
From: colin <colin@uninsane.org>
Date: Wed, 4 Jan 2023 01:54:13 +0000
Subject: [PATCH] impermanence: add a storeDescription field per store

---
 modules/impermanence/default.nix        | 15 ++++++++++++++-
 modules/impermanence/stores/crypt.nix   |  4 ++++
 modules/impermanence/stores/private.nix |  3 +++
 3 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/modules/impermanence/default.nix b/modules/impermanence/default.nix
index 7b1f9e84..5ab8787f 100644
--- a/modules/impermanence/default.nix
+++ b/modules/impermanence/default.nix
@@ -12,6 +12,15 @@ let
 
   storeType = types.submodule {
     options = {
+      storeDescription = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = ''
+          an optional description of the store, which is rendered like
+            {store.name}: {store.storeDescription}
+          for example, a store named "private" could have description "ecnrypted to the user's password and decrypted on login".
+        '';
+      };
       mountpt = mkOption {
         type = types.str;
       };
@@ -69,7 +78,11 @@ let
     options = mapAttrs (store: store-cfg: mkOption {
       default = [];
       type = types.listOf contextualizedDirOrShorthand;
-      description = "directories to persist in ${store}";
+      description = let
+        suffix = if store-cfg.storeDescription != null then
+          ": ${store-cfg.storeDescription}"
+        else "";
+      in "directories to persist in ${store}${suffix}";
     }) cfg.stores;
   };
 
diff --git a/modules/impermanence/stores/crypt.nix b/modules/impermanence/stores/crypt.nix
index 12113b3f..a61cf396 100644
--- a/modules/impermanence/stores/crypt.nix
+++ b/modules/impermanence/stores/crypt.nix
@@ -33,6 +33,10 @@ in
 lib.mkIf config.sane.impermanence.enable
 {
   sane.impermanence.stores."cryptClearOnBoot" = {
+    storeDescription = ''
+      stored to disk, but encrypted to an in-memory key and cleared on every boot
+      so that it's unreadable after power-off
+    '';
     mountpt = "/mnt/impermanence/crypt/clearedonboot";
   };
 
diff --git a/modules/impermanence/stores/private.nix b/modules/impermanence/stores/private.nix
index c9c31c6e..45ded1a6 100644
--- a/modules/impermanence/stores/private.nix
+++ b/modules/impermanence/stores/private.nix
@@ -5,6 +5,9 @@ let
 in lib.mkIf config.sane.impermanence.enable
 {
   sane.impermanence.stores."private" = {
+    storeDescription = ''
+      encrypted to the user's password and auto-unlocked at login
+    '';
     mountpt = "/home/colin/private";
     # files stored under here *must* have the /home/colin prefix.
     # internally, this prefix is removed so that e.g.