impermanence: add a storeDescription field per store
This commit is contained in:
parent
9d7d1acc80
commit
d7c8638fea
|
@ -12,6 +12,15 @@ let
|
||||||
|
|
||||||
storeType = types.submodule {
|
storeType = types.submodule {
|
||||||
options = {
|
options = {
|
||||||
|
storeDescription = mkOption {
|
||||||
|
type = types.nullOr types.str;
|
||||||
|
default = null;
|
||||||
|
description = ''
|
||||||
|
an optional description of the store, which is rendered like
|
||||||
|
{store.name}: {store.storeDescription}
|
||||||
|
for example, a store named "private" could have description "ecnrypted to the user's password and decrypted on login".
|
||||||
|
'';
|
||||||
|
};
|
||||||
mountpt = mkOption {
|
mountpt = mkOption {
|
||||||
type = types.str;
|
type = types.str;
|
||||||
};
|
};
|
||||||
|
@ -69,7 +78,11 @@ let
|
||||||
options = mapAttrs (store: store-cfg: mkOption {
|
options = mapAttrs (store: store-cfg: mkOption {
|
||||||
default = [];
|
default = [];
|
||||||
type = types.listOf contextualizedDirOrShorthand;
|
type = types.listOf contextualizedDirOrShorthand;
|
||||||
description = "directories to persist in ${store}";
|
description = let
|
||||||
|
suffix = if store-cfg.storeDescription != null then
|
||||||
|
": ${store-cfg.storeDescription}"
|
||||||
|
else "";
|
||||||
|
in "directories to persist in ${store}${suffix}";
|
||||||
}) cfg.stores;
|
}) cfg.stores;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -33,6 +33,10 @@ in
|
||||||
lib.mkIf config.sane.impermanence.enable
|
lib.mkIf config.sane.impermanence.enable
|
||||||
{
|
{
|
||||||
sane.impermanence.stores."cryptClearOnBoot" = {
|
sane.impermanence.stores."cryptClearOnBoot" = {
|
||||||
|
storeDescription = ''
|
||||||
|
stored to disk, but encrypted to an in-memory key and cleared on every boot
|
||||||
|
so that it's unreadable after power-off
|
||||||
|
'';
|
||||||
mountpt = "/mnt/impermanence/crypt/clearedonboot";
|
mountpt = "/mnt/impermanence/crypt/clearedonboot";
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
@ -5,6 +5,9 @@ let
|
||||||
in lib.mkIf config.sane.impermanence.enable
|
in lib.mkIf config.sane.impermanence.enable
|
||||||
{
|
{
|
||||||
sane.impermanence.stores."private" = {
|
sane.impermanence.stores."private" = {
|
||||||
|
storeDescription = ''
|
||||||
|
encrypted to the user's password and auto-unlocked at login
|
||||||
|
'';
|
||||||
mountpt = "/home/colin/private";
|
mountpt = "/home/colin/private";
|
||||||
# files stored under here *must* have the /home/colin prefix.
|
# files stored under here *must* have the /home/colin prefix.
|
||||||
# internally, this prefix is removed so that e.g.
|
# internally, this prefix is removed so that e.g.
|
||||||
|
|
Loading…
Reference in New Issue
Block a user