colin
/
nix-files
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
6,209 Commits 119 Branches 0 Tags 14 MiB
Commit Graph

53 Commits

Author SHA1 Message Date
Colin 6ab5dd8a8f modules/persist: ensure that the mountpoint for the private store is created at boot 2024-02-25 07:51:24 +00:00
Colin 4023960dc0 README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext 
to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc  #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc  #< if you did the symlink earlier
```
 2024-02-23 18:02:17 +00:00
Colin fff9f9d49a README: MANUAL MIGRATION: move "private" store to /nix/persist/private 
to migrate the data, first unmount `~/private` (`sane-private-lock`), then:
```sh
$ sudo mv /nix/persist/home/colin/private /nix/persist
$ switch
$ reboot
```
 2024-02-23 16:01:09 +00:00
Colin d7402ae170 persist: stores: make naming more consistent 2024-02-23 14:57:20 +00:00
Colin 6267e7f966 tidy up small persist/private nitpicks 2024-02-23 14:44:38 +00:00
Colin 120a41b169 persistence: split /var/log persistence into dedicated "initrd" store 2024-02-23 14:42:47 +00:00
Colin aa0991bd6c persistence: cleanup so it all works well with symlink-based stores 2024-02-23 13:09:44 +00:00
Colin 057b9e3fed replace links/references to ~/private/FOO with just ~/FOO 2024-02-23 07:06:29 +00:00
Colin a402822084 move "private" store to /mnt/persist/private instead of ~/private 
this will allow me to add all of ~ to a sandbox without giving all of ~/private
 2024-02-23 07:06:29 +00:00
Colin 80ecdcc4f9 persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist" 2024-02-23 07:06:29 +00:00
Colin 0864790bb7 docs: modules/persist: document the "origin" store parameter 2024-02-23 07:06:29 +00:00
Colin 478747a96e modules/persist: change default mounting method to symlink 
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
   that's causing problems with sandboxing, particularly ~/private.
   that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
   if `realpath` doesn't evaluate to `/nix/persist`, then it's not
   persisted.
 2024-02-23 07:06:29 +00:00
Colin 6acd363f55 sane.persist.root-on-tmpfs -> sane.root-on-tmpfs 2023-11-09 00:15:04 +00:00
Colin 28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
Colin 9ad1be40b2 persist: stores: crypt: remove unrecognized nodev flag 2023-09-13 06:07:04 +00:00
Colin 910d0fa59e persist: remove the nosuid flag since gocryptfs cant parse it here 2023-09-13 05:13:43 +00:00
Colin 8011e78e21 persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy 2023-09-12 04:58:56 +00:00
Colin db72f5e11f fs: generated.script.scriptArgs -> generated.command 2023-07-08 11:15:23 +00:00
Colin 8753e5e0c6 fs: remove legacy `generated.script.script` option 2023-07-08 11:15:23 +00:00
Colin 558b35fee0 prepare fs.generated.script users to not assume a shell 2023-07-08 11:15:23 +00:00
Colin 8f57394cd2 persist: create the backing path as a dependency of the VFS path 2023-07-08 02:08:18 +00:00
Colin 0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin 3d56117d65 gocryptfs: remove "defaults" flag 2023-06-10 23:21:42 +00:00
Colin dc1cd7a9a5 sane.persist: make it default-true for my hosts 2023-03-11 08:36:14 +00:00
Colin 5f24e029af persist stores: make private/crypt support backing stores that aren't /nix/persist 2023-01-31 03:38:41 +00:00
Colin 98b542332b persist: crypt store: make paths overridable 2023-01-31 03:36:15 +00:00
Colin 70b62e9f76 persist stores: define the path for `private` at the host level 2023-01-31 03:29:53 +00:00
Colin e4bff9b5ef refactor: persist: remove dead code 2023-01-30 10:51:41 +00:00
Colin ec22c128e0 remove reference to /home/colin from modules/persist 2023-01-30 10:48:32 +00:00
Colin c1f3fc502d sane.users.<user>.persist: forward to sane.persist.home 2023-01-30 10:34:36 +00:00
colin 8ad4d8a4f9 nits: fix comments/improve docs 2023-01-27 00:00:50 +00:00
colin a829a8e027 persist: fix permission mapping when acl is specified as toplevel attribute 2023-01-13 01:50:08 +00:00
colin 6ca3e7086e merge: simplify the implementation and make fully compatible with lib.mkMerge 2023-01-09 11:14:59 +00:00
colin 9ca6a1c907 way overcomplicated way to merge toplevel config 2023-01-09 09:42:17 +00:00
colin dbb78088f4 refactor: cleanup instances where we map to attrs to be more resilient against duplicate names 2023-01-09 03:48:07 +00:00
colin f17ae1ca7b refactor: avoid using // where we know the sets should be disjoint 2023-01-09 03:11:14 +00:00
colin 1d0cadce85 persist: configure the `private` store to symlink everyting by default 2023-01-06 14:44:32 +00:00
colin e8342b8044 persist: clean up the "byPath" conversions 2023-01-06 14:20:30 +00:00
colin 40e642bfc3 persist: add a 'method' option to allow symlinking in favor of binding 2023-01-06 14:05:49 +00:00
colin f008565e22 persist: for options common to entries specified by both path and store, move to a common submodule 2023-01-06 13:58:36 +00:00
colin 4ea2835d9d persist: handle inline acl options more cleanly 2023-01-06 13:47:59 +00:00
colin a7bac5de18 persist: convert the sane.persist.home.<store> => mappings back to a strongly-typed module & add a `byPath` shorthand 2023-01-06 13:06:39 +00:00
colin b0950e90f4 persist: prefer mkMerge instead of manually folding attrsets 2023-01-06 12:44:29 +00:00
colin d8cd0e1f57 persist: fold redundant lines 2023-01-06 12:39:55 +00:00
colin fd7d67ee05 persist: simplify & remove dead code 2023-01-06 12:28:55 +00:00
colin 1a712b4d47 rename sane.persist.{all -> byPath} 2023-01-06 12:19:03 +00:00
colin 4520e1d1f5 persist: auto-map user-provided store values earlier 2023-01-06 11:56:22 +00:00
colin 841a2a3bcb persist: change `sane.persist.all` to be an attrsOf that maps path to settings 2023-01-06 11:52:28 +00:00
colin fe816e9110 persist: lift sane.persist.dirs.{home,sys} up one level 2023-01-06 11:29:13 +00:00
colin 426e0c3ae2 persist: lift `sane.persist.dirs.all` up to `sane.persist.all` 2023-01-06 11:24:11 +00:00