colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
5,895 Commits 125 Branches 1 Tag 12 MiB
d57aa473ac
Commit Graph

23 Commits

Author SHA1 Message Date
Colin
7ab148ea58 servo: migrate /var/media to be 100% on zfs pool 2024-04-04 06:20:50 +00:00
Colin
410097480f docs: servo: fs: fix setfacl typo 2024-04-03 09:48:10 +00:00
Colin
d3ad661970 servo: zfs: enable reflink support 2024-03-31 03:48:34 +00:00
Colin
5ed29ceb47 servo: /var/media: fixup permissions so everything is r/w by "media" group, including sftpgo 2024-03-28 23:14:40 +00:00
Colin
4d6d79cc81 servo: /var/lib/uninsane/media -> /var/media 2024-03-05 18:44:30 +00:00
Colin
53d76920e4 servo: persist more specifically the /var/lib/uninsane/media directory 2024-03-05 18:39:23 +00:00
Colin
c6ebcfe66e servo: port legacy /var/lib users over to "method = bind" persistence 
i may wittle these down in the future
 2024-02-23 15:49:54 +00:00
Colin
c23e4dc9c7 servo: note why i use file.text instead of symlink.text here 2024-02-23 08:14:27 +00:00
Colin
478747a96e modules/persist: change default mounting method to symlink 
this changes the plaintext and cryptClearOnBoot stores: private was already symlink-based.
this isn't strictly necessary: the rationale is:
1. `mount` syscall *requires* CAP_SYS_ADMIN (i.e. superuser/suid).
   that's causing problems with sandboxing, particularly ~/private.
   that doesn't affect other stores *yet*, but it may in the future.
2. visibility. i.e. it makes *clear* where anything is persisted.
   if `realpath` doesn't evaluate to `/nix/persist`, then it's not
   persisted.
 2024-02-23 07:06:29 +00:00
Colin
8644e6705a servo: decrease ZFS cache size 2024-01-11 00:20:52 +00:00
Colin
21be1b392e servo: switch external storage to zfs pool 2023-12-07 08:57:26 +00:00
Colin
8772aaec65 zfs: dont ship on moby 2023-12-03 00:58:49 +00:00
Colin
a9f932408c servo: add zfs dataset 2023-12-02 17:38:00 +00:00
Colin
5996e1f301 servo: fix sane.persist ext store 2023-11-13 05:27:14 +00:00
Colin
8b25bc96a4 rescue: enable root-on-tmpfs, and consolidate those definitions 2023-11-09 00:15:30 +00:00
Colin
28d4a4b065 persistence: move stores behind a byStore attr to support disabling persistence altogether (for e.g. rescue image) 2023-11-08 15:33:15 +00:00
Colin
edf936820a transmission: fix permission-related errors 2023-09-07 06:14:11 +00:00
Colin
8a0efb3e40 servo: bump /tmp space to 32 GB 2023-08-11 07:10:25 +00:00
Colin
962ffeab7e re-enable zramSwap on all devices 
this is critical on moby, though even with this swap, we run out of CMA (videoram) instead -- just later
 2023-07-13 23:37:30 +00:00
Colin
d3d9b30f29 consolidate /tmp fs into hosts/modules/roles 2023-07-13 22:04:28 +00:00
Colin
0a519eddb4 persist: allow persisting of individual files, not just directories 
i actually do already, with ~/.ssh/id_ed25519 -- it works only as a fluke
 2023-07-08 01:31:14 +00:00
Colin
1d11c9b342 servo: persist media/datasets 
it has to be under media so that transmission can see it
 2023-07-05 09:04:50 +00:00
colin
d13bcc49ab refactor hosts directory, and move ssh keys out of modules/data 
longer-term, i want hosts/by-name to define host-specific data
that's accessible via the other hosts (things like pubkeys).

also the secrets management needs some rethinking. there's really not
much point in me specifiying where *exactly* a secret comes from at its
use site. i should really be specifying secret store manifests; i.e.
"servo.yaml contains secrets X Y and Z", and leaving the rest up to
auto-computing.
 2023-01-19 23:23:43 +00:00