6ab5dd8a8f
modules/persist: ensure that the mountpoint for the private store is created at boot
2024-02-25 07:51:24 +00:00
4023960dc0
README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext
...
to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc #< if you did the symlink earlier
```
2024-02-23 18:02:17 +00:00
fff9f9d49a
README: MANUAL MIGRATION: move "private" store to /nix/persist/private
...
to migrate the data, first unmount `~/private` (`sane-private-lock`), then:
```sh
$ sudo mv /nix/persist/home/colin/private /nix/persist
$ switch
$ reboot
```
2024-02-23 16:01:09 +00:00
d7402ae170
persist: stores: make naming more consistent
2024-02-23 14:57:20 +00:00
6267e7f966
tidy up small persist/private nitpicks
2024-02-23 14:44:38 +00:00
120a41b169
persistence: split /var/log persistence into dedicated "initrd" store
2024-02-23 14:42:47 +00:00
aa0991bd6c
persistence: cleanup so it all works well with symlink-based stores
2024-02-23 13:09:44 +00:00
057b9e3fed
replace links/references to ~/private/FOO with just ~/FOO
2024-02-23 07:06:29 +00:00
a402822084
move "private" store to /mnt/persist/private instead of ~/private
...
this will allow me to add all of ~ to a sandbox without giving all of ~/private
2024-02-23 07:06:29 +00:00
80ecdcc4f9
persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist"
2024-02-23 07:06:29 +00:00
0864790bb7
docs: modules/persist: document the "origin" store parameter
2024-02-23 07:06:29 +00:00
478747a96e
modules/persist: change default mounting method to symlink
...
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
that's causing problems with sandboxing, particularly ~/private.
that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
if `realpath` doesn't evaluate to `/nix/persist`, then it's not
persisted.
2024-02-23 07:06:29 +00:00
6acd363f55
sane.persist.root-on-tmpfs -> sane.root-on-tmpfs
2023-11-09 00:15:04 +00:00
28d4a4b065
persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image)
2023-11-08 15:33:15 +00:00
9ad1be40b2
persist: stores: crypt: remove unrecognized nodev flag
2023-09-13 06:07:04 +00:00
910d0fa59e
persist: remove the nosuid flag since gocryptfs cant parse it here
2023-09-13 05:13:43 +00:00
8011e78e21
persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy
2023-09-12 04:58:56 +00:00
db72f5e11f
fs: generated.script.scriptArgs -> generated.command
2023-07-08 11:15:23 +00:00
8753e5e0c6
fs: remove legacy generated.script.script
option
2023-07-08 11:15:23 +00:00
558b35fee0
prepare fs.generated.script users to not assume a shell
2023-07-08 11:15:23 +00:00
8f57394cd2
persist: create the backing path as a dependency of the VFS path
2023-07-08 02:08:18 +00:00
0a519eddb4
persist: allow persisting of individual files, not just directories
...
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
2023-07-08 01:31:14 +00:00
3d56117d65
gocryptfs: remove "defaults" flag
2023-06-10 23:21:42 +00:00
dc1cd7a9a5
sane.persist: make it default-true for my hosts
2023-03-11 08:36:14 +00:00
5f24e029af
persist stores: make private/crypt support backing stores that aren't /nix/persist
2023-01-31 03:38:41 +00:00
98b542332b
persist: crypt store: make paths overridable
2023-01-31 03:36:15 +00:00
70b62e9f76
persist stores: define the path for private
at the host level
2023-01-31 03:29:53 +00:00
e4bff9b5ef
refactor: persist: remove dead code
2023-01-30 10:51:41 +00:00
ec22c128e0
remove reference to /home/colin from modules/persist
2023-01-30 10:48:32 +00:00
c1f3fc502d
sane.users.<user>.persist: forward to sane.persist.home
2023-01-30 10:34:36 +00:00
8ad4d8a4f9
nits: fix comments/improve docs
2023-01-27 00:00:50 +00:00
a829a8e027
persist: fix permission mapping when acl is specified as toplevel attribute
2023-01-13 01:50:08 +00:00
6ca3e7086e
merge: simplify the implementation and make fully compatible with lib.mkMerge
2023-01-09 11:14:59 +00:00
9ca6a1c907
way overcomplicated way to merge toplevel config
2023-01-09 09:42:17 +00:00
dbb78088f4
refactor: cleanup instances where we map to attrs to be more resilient against duplicate names
2023-01-09 03:48:07 +00:00
f17ae1ca7b
refactor: avoid using // where we know the sets should be disjoint
2023-01-09 03:11:14 +00:00
1d0cadce85
persist: configure the private
store to symlink everyting by default
2023-01-06 14:44:32 +00:00
e8342b8044
persist: clean up the "byPath" conversions
2023-01-06 14:20:30 +00:00
40e642bfc3
persist: add a 'method' option to allow symlinking in favor of binding
2023-01-06 14:05:49 +00:00
f008565e22
persist: for options common to entries specified by both path and store, move to a common submodule
2023-01-06 13:58:36 +00:00
4ea2835d9d
persist: handle inline acl options more cleanly
2023-01-06 13:47:59 +00:00
a7bac5de18
persist: convert the sane.persist.home.<store> => mappings back to a strongly-typed module & add a byPath
shorthand
2023-01-06 13:06:39 +00:00
b0950e90f4
persist: prefer mkMerge instead of manually folding attrsets
2023-01-06 12:44:29 +00:00
d8cd0e1f57
persist: fold redundant lines
2023-01-06 12:39:55 +00:00
fd7d67ee05
persist: simplify & remove dead code
2023-01-06 12:28:55 +00:00
1a712b4d47
rename sane.persist.{all -> byPath}
2023-01-06 12:19:03 +00:00
4520e1d1f5
persist: auto-map user-provided store values earlier
2023-01-06 11:56:22 +00:00
841a2a3bcb
persist: change sane.persist.all
to be an attrsOf that maps path to settings
2023-01-06 11:52:28 +00:00
fe816e9110
persist: lift sane.persist.dirs.{home,sys} up one level
2023-01-06 11:29:13 +00:00
426e0c3ae2
persist: lift sane.persist.dirs.all
up to sane.persist.all
2023-01-06 11:24:11 +00:00