7c38c1dbe9
de-persist /etc/machine-id, and generate it from the ssh key instead
...
note that /etc/machine-id now contains a different value than before,
meaning `journalctl` will not show logs from before the time of this
change.
2022-10-30 21:02:41 -07:00
b3b45ec0f2
fix host ssh key persistence
2022-10-30 20:03:00 -07:00
34d77542e7
impermanence: ensure /etc/ssh is populated before we decode machine secrets during activation
...
the impermanence activation scripts don't appear to mount folders --
only files. rather, the impermanence module creates fstab entries for
each bind mount folder, and *something* (systemd?) mounts these *after*
/run/current-system/activate is run.
therefore, if we want access to a bind-mounted directory during
activateion, we have to manually mount it.
i.e. `mount /etc/ssh/host_keys`.
2022-10-30 05:59:55 -07:00
e3bf585382
persist ssh host keys in a subdirectory
2022-10-25 02:09:27 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
f68bc342e8
fix activationScript ordering to remove sops double-decrypt hack
2022-10-23 06:53:05 -07:00
2b14648587
servo: persist the maildir
...
this way i don't lose my mail on every reboot...
wow i can't believe it took me this long to make the connection.
2022-10-22 07:00:56 -07:00
0753aa59e9
refactor: move default home impermanence dirs to modules/universal/users.nix
2022-10-22 06:09:53 -07:00
55cbce17c2
refactor: impermanence: remove duplicate function map-service-dirs
2022-10-22 06:03:04 -07:00
ebf3152ced
refactor: purge impermanence.home-files
option
...
persisting individual files doesn't work super well. we can do without
it and things are simpler.
2022-10-22 05:56:04 -07:00
b43103a024
refactor: move .zsh_history impermanence definition into zsh.nix
2022-10-22 04:02:40 -07:00
6e01c59d08
default-initialize gnome keyrings, and persist them to disk
2022-10-06 17:29:10 -07:00
3184c6cfb6
net: switch to iwd for better experience
...
iwd, v.s. wpa_supplicant, has smarter metrics for choosing which
wireless networks to connect to when multiple are in range.
2022-09-29 06:08:33 -07:00
370ae917b9
home: persist vlc state
2022-09-26 17:48:55 -07:00
2316b4a3ce
NetworkManager: store (and deploy) wifi connections to all devices
...
i haven't saved the hard-wired connection on desko/servo, but i think
that's alright: they should be DHCP'd.
2022-09-22 18:28:03 -07:00
c0a41def22
impermanence: don't persist authorized_keys.d
2022-08-31 17:25:57 -07:00
9976c82946
impermanence: don't persist _all_ of /etc/ssh -- just the important parts
2022-08-03 14:54:36 -07:00
1a9dfe22ba
image builder: integrate impermanence so that we create such things as /var/log
...
untested
2022-08-01 14:37:19 -07:00
b53d2f945d
impermanence: remove /srv
...
this is for "service directories": public, protocol-based fs access.
e.g. /srv/ftp might be a share which is exposed over FTP.
/srv/www might be a share which is exposed over www (or webdav).
2022-08-01 13:36:42 -07:00
451816f623
rename config.{colinsane -> sane}
2022-08-01 00:23:49 -07:00
ede10dd1c8
impermanence: don't persist /var/lib/nixos
2022-07-14 22:06:19 -07:00
99d55167f6
impermanence: only persist service directories if those services are enabled.
2022-07-10 17:58:16 -07:00
e2d7d63ebe
impermanence: move application-level impermanence to their package definition
2022-07-10 17:43:57 -07:00
9d71041530
impermanence: move the base persisted home-dirs into home-manager, alongside XDG dirs
2022-07-10 15:25:04 -07:00
31e404b04f
impermanence: abstract the creation of service directories
...
better would be to not directly call out user/group, but force them to
be looked up.
2022-07-10 15:15:34 -07:00
01a47932f7
impermanence: abstract the creation of root-owned system directories
2022-07-10 15:07:56 -07:00
5c6f616c97
impermanence: abstract the creation of ~/ sub-dirs
2022-07-10 14:42:33 -07:00
b2bd8d5f89
persist: zcash directory
2022-07-09 01:00:17 -07:00
461398143c
add monero (as package and as persisted directory)
2022-07-08 21:56:49 -07:00
db6dc8e08c
persist Signal
2022-07-06 15:14:36 -07:00
a100100e79
impermanence: move import into flake.nix
2022-07-06 14:17:29 -07:00
25e3c8e2f6
persist the Element session keys
2022-07-01 01:05:46 -07:00
d404f279de
partial rustup support
2022-06-30 20:45:40 -07:00
e0dda018ae
impermanence: persist more dirs which were eating space on servo
2022-06-30 14:20:38 -07:00
3cee86298e
impermanence: persist the home/records folder
2022-06-30 13:49:54 -07:00
9123c98595
sops: decrypt secrets AFTER /nix/ssh has been mounted
2022-06-30 01:32:03 -07:00
313d698b97
impermanence: set perms for all these files
2022-06-29 03:58:27 -07:00
92488dd890
complete servo image & port to impermanence
...
there might still be some bugs to work out here.
this produces a workable image, but with some uncertainty
around that swapfile (the first attempt had /swapfile living on a
tmpfs).
2022-06-29 01:17:53 -07:00
42ddd90796
impermanence: persist ~/use
2022-06-26 04:22:57 -07:00
ae55ddb5a7
impermanence: cache discord creds
2022-06-25 22:11:16 -07:00
a011abc7ef
add desko /var/lib entries to impermanence
2022-06-25 21:18:02 -07:00
26a756f6a4
impermanence: don't preserve /mnt
...
directories which are mentioned in `config.fileSystems` automatically
get directories created in /mnt
2022-06-25 15:37:12 -07:00
8c1149b21b
impermanence: preserve spotify config
2022-06-24 21:15:58 -07:00
436ade540f
tune /var/lib impermanence (for lappy)
2022-06-24 21:10:49 -07:00
187c2f2406
lappy: switch back to the existing fs uuids
2022-06-23 16:28:12 -07:00
44f63c31da
move nixos config from /etc/nixos to /home/colin/dev/nixos
2022-06-21 02:23:19 -07:00
aefd31b1f6
impermanence: granualize the /home/colin mounts
2022-06-21 01:59:31 -07:00
55f82260d5
impermanence: persist /etc/machine-id
2022-06-21 00:02:57 -07:00
fa131fe39f
lappy: enable impermanence
...
it mostly went smooth, though i lost a .ssh key.
probably the best upgrade process is to do most of the heavy work in the
initrd:
write the new nix config, notably, configuring a tmpfs / mount
and moving the previous / to /nix.
then boot and in the initrd, move all the `/nix/nix/...` items
up a level.
2022-06-20 03:28:01 -07:00