colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
7,585 Commits 141 Branches 1 Tag
55175e5957ed7520ce2694b35b51f6f8045d30a7
Commit Graph

75 Commits

Author SHA1 Message Date
Colin
020e5f8c6e /mnt/persist/private: split waiting on the keyfile out of the mount process 2024-08-06 02:03:55 +00:00
Colin
809c3af7fa /mnt/persist/private: minor improvements to file permissions 2024-08-06 01:26:53 +00:00
Colin
93cb1bc546 /mnt/persist/private: sandbox in a way that the actual gocryptfs instance doesn't get CAP_SYS_ADMIN 2024-08-06 00:52:48 +00:00
Colin
53acab834c refactor: persist/stores/ephemeral: move to its own source directory 2024-08-05 23:05:02 +00:00
Colin
3a0610b029 /mnt/persist/ephemeral: sandbox in a way that the actual gocryptfs instance doesn't get CAP_SYS_ADMIN 
instead, only fuse does, and the capability is lost during the handoff between fuse and gocryptfs
 2024-08-05 23:04:14 +00:00
Colin
74662df720 persist/{private,ephemeral}: mount via fuse 
gocryptfs is compatible with --drop-permissions style of mount.fuse3. only, i can't actually use that today because i need to keep permissions :o

but maybe i'll enable that in the future
 2024-08-03 18:51:58 +00:00
Colin
eaeb8380dc fs: enable @basic-api everywhere, since its required by systemd restart logic 2024-08-02 09:13:55 +00:00
Colin
9dbb2a6266 sane.fs: take in the role of generating systemd.mounts files 2024-08-02 07:33:21 +00:00
Colin
113b107d73 persist: fix ordering so stores arent required by local-fs.target 
maybe they should be, but then there's weird stuff about getty depending on sysinit.target, and that being blocked by the private store...
 2024-08-02 06:20:39 +00:00
Colin
96dfe79a8c fs: persist/private: harden systemd mount file 2024-08-02 05:17:44 +00:00
Colin
6e5bde17aa cleanup: persist/private: simplify 2024-08-02 05:00:55 +00:00
Colin
515aab5370 cleanup: persist/private: encode the dependencies more precisely, rather than just having it all depend on default.target 2024-08-02 04:50:33 +00:00
Colin
f925dd9a20 fs: isolate /mnt/servo/* and /mnt/persist/ephemeral a bit more 2024-08-02 04:45:14 +00:00
Colin
efc16a9e80 persist: harden the "ephemeral" store mount environment 
there's only so much this can actually achieve. it's still quite possible for someone who knows what they're doing to do large amounts of damage
 2024-08-01 22:40:55 +00:00
Colin
ace03bb0e9 persist/private: actually do enable "auto", for servo where i dont auto-tty-login as colin 
this doesn't seem to block the boot
 2024-07-26 22:02:57 +00:00
Colin
f4df121e3d persist/private: s6: use systemd to explicitly start the mount, rather than assume it's already been initiated 2024-07-26 14:01:31 +00:00
Colin
96f786de20 persist/private: fix so systemd actually knows when the mount has completed 2024-07-26 12:44:32 +00:00
Colin
fcbbfc4a65 fix s6 service ordering: unl0kr -> (wait for mount) -> sway 
note that the systemd-aware mount never completes -- it's stuck in 'activating' forever. that's the next challenge
 2024-07-26 12:18:14 +00:00
Colin
af905a2f58 unl0kr: split the gocryptfs unlocking into its own separate service 
/mnt/persist/private can be depended on by both s6 user services and systemd system services (which will become useful for servo)

/mnt/persist/private can be unlocked by dropping the key in remotely, however that won't kill unl0kr

TODO: fix unl0kr to not also output text to the tty

TODO: ensure gocryptfs mount can handle being fed a wrong password
 2024-07-26 08:08:21 +00:00
Colin
b554d32133 fix permissions of /nix/persist/private, to be user-writable 
this is important for my rsync-net backup scripts, which need to record timestamps in there
 2024-07-25 18:42:45 +00:00
Colin
874b7aecfa persist: rename "cryptClearOnBoot" to "ephemeral" 2024-07-25 12:11:46 +00:00
Colin
cf8e9f798d persist/crypt: simplify the fileSystems definitions 
turns out you can just declare your own fs type, that's cool
 2024-07-25 12:11:46 +00:00
Colin
6ab5dd8a8f modules/persist: ensure that the mountpoint for the private store is created at boot 2024-02-25 07:51:24 +00:00
Colin
4023960dc0 README: MANUAL MIGRATION: move "plaintext" store to /nix/persist/plaintext 
to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc  #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc  #< if you did the symlink earlier
```
 2024-02-23 18:02:17 +00:00
Colin
fff9f9d49a README: MANUAL MIGRATION: move "private" store to /nix/persist/private 
to migrate the data, first unmount `~/private` (`sane-private-lock`), then:
```sh
$ sudo mv /nix/persist/home/colin/private /nix/persist
$ switch
$ reboot
```
 2024-02-23 16:01:09 +00:00
Colin
d7402ae170 persist: stores: make naming more consistent 2024-02-23 14:57:20 +00:00
Colin
6267e7f966 tidy up small persist/private nitpicks 2024-02-23 14:44:38 +00:00
Colin
120a41b169 persistence: split /var/log persistence into dedicated "initrd" store 2024-02-23 14:42:47 +00:00
Colin
aa0991bd6c persistence: cleanup so it all works well with symlink-based stores 2024-02-23 13:09:44 +00:00
Colin
057b9e3fed replace links/references to ~/private/FOO with just ~/FOO 2024-02-23 07:06:29 +00:00
Colin
a402822084 move "private" store to /mnt/persist/private instead of ~/private 
this will allow me to add all of ~ to a sandbox without giving all of ~/private
 2024-02-23 07:06:29 +00:00
Colin
80ecdcc4f9 persist: plaintext: consider "/mnt/persist/plaintext" as the logical root, and abstract away "/nix/persist" 2024-02-23 07:06:29 +00:00
Colin
0864790bb7 docs: modules/persist: document the "origin" store parameter 2024-02-23 07:06:29 +00:00
Colin
478747a96e modules/persist: change default mounting method to symlink 
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
   that's causing problems with sandboxing, particularly ~/private.
   that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
   if `realpath` doesn't evaluate to `/nix/persist`, then it's not
   persisted.
 2024-02-23 07:06:29 +00:00
Colin
6acd363f55 sane.persist.root-on-tmpfs -> sane.root-on-tmpfs 2023-11-09 00:15:04 +00:00
Colin
28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
Colin
9ad1be40b2 persist: stores: crypt: remove unrecognized nodev flag 2023-09-13 06:07:04 +00:00
Colin
910d0fa59e persist: remove the nosuid flag since gocryptfs cant parse it here 2023-09-13 05:13:43 +00:00
Colin
8011e78e21 persist: cryptClearOnBoot: note rare (but predictable) bug during redeploy 2023-09-12 04:58:56 +00:00
Colin
db72f5e11f fs: generated.script.scriptArgs -> generated.command 2023-07-08 11:15:23 +00:00
Colin
8753e5e0c6 fs: remove legacy generated.script.script option 2023-07-08 11:15:23 +00:00
Colin
558b35fee0 prepare fs.generated.script users to not assume a shell 2023-07-08 11:15:23 +00:00
Colin
8f57394cd2 persist: create the backing path as a dependency of the VFS path 2023-07-08 02:08:18 +00:00
Colin
0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin
3d56117d65 gocryptfs: remove "defaults" flag 2023-06-10 23:21:42 +00:00
Colin
dc1cd7a9a5 sane.persist: make it default-true for my hosts 2023-03-11 08:36:14 +00:00
Colin
5f24e029af persist stores: make private/crypt support backing stores that aren't /nix/persist 2023-01-31 03:38:41 +00:00
Colin
98b542332b persist: crypt store: make paths overridable 2023-01-31 03:36:15 +00:00
Colin
70b62e9f76 persist stores: define the path for private at the host level 2023-01-31 03:29:53 +00:00
Colin
e4bff9b5ef refactor: persist: remove dead code 2023-01-30 10:51:41 +00:00