5a2bbcce3b
move plaintext home-dirs out of home-manager module into users module
2023-01-03 07:35:42 +00:00
327e6b536f
impermanence: large refactor, and experimental bind mounting of things from ~/private
2023-01-03 07:22:37 +00:00
bace7403e7
Merge branch 'staging/nixpkgs-2022-12-31'
2023-01-03 03:05:21 +00:00
57f5521ef3
grpc: unpin (seems to build OK)
2023-01-03 03:05:07 +00:00
9e32211c12
impermanence: cange "encryptedClearOnBoot" to a broader "store" argument
...
in the future it can support ~/private as a backing store
2023-01-03 03:04:19 +00:00
edf6bd4455
fs: add a "mount.bind" option & use it for impermanence bind-mounts
2023-01-03 02:45:23 +00:00
a9a14786f9
packages: disable fractal (unused, slow build)
2023-01-02 23:35:43 +00:00
eade5fe16e
flake update: 2022-12-22 -> 2022-12-31
...
```
• Updated input 'nixpkgs':
'github:NixOS/nixpkgs/652e92b8064949a11bc193b90b74cb727f2a1405' (2022-12-22)
→ 'github:NixOS/nixpkgs/8ba56d7c0d7490680f2d51ba46a141eca7c46afa' (2022-12-31)
• Updated input 'nixpkgs-stable':
'github:NixOS/nixpkgs/dac57a4eccf1442e8bf4030df6fcbb55883cb682' (2022-12-24)
→ 'github:NixOS/nixpkgs/6a0d2701705c3cf6f42c15aa92b7885f1f8a477f' (2022-12-30)
• Updated input 'sops-nix':
'github:Mic92/sops-nix/855b8d51fc3991bd817978f0f093aa6ae0fae738' (2022-12-25)
→ 'github:Mic92/sops-nix/b35586cc5abacd4eba9ead138b53e2a60920f781' (2023-01-01)
• Updated input 'sops-nix/nixpkgs-stable':
'github:NixOS/nixpkgs/939c05a176b8485971463c18c44f48e56a7801c9' (2022-12-24)
→ 'github:NixOS/nixpkgs/feda52be1d59f13b9aa02f064b4f14784b9a06c8' (2022-12-31)
```
2023-01-02 22:34:22 +00:00
be222c1d70
trust-dns: allow shorthand assignment of record lists
2023-01-02 13:23:52 +00:00
88a33dd5de
snippets: add private links
2023-01-02 13:23:29 +00:00
875e923197
declare ~/private in fileSystems and reuse for pamMount
2023-01-02 11:34:02 +00:00
54dd643cf0
trust-dns: make a note about another DNS library we could draw from
2023-01-02 11:33:32 +00:00
3c726f148b
remove some stale references to mobile-nixos
2023-01-02 10:00:20 +00:00
e225e2e704
modules/packages: directly set impermanence.home-dirs instead of working through home-manager
2023-01-02 07:45:05 +00:00
cf0bf8190e
modules/packages: clean up loose typing of sane.packages
2023-01-02 07:16:16 +00:00
b8f7f68d4c
packages: telegram: persist data in private storage
2023-01-02 07:06:58 +00:00
7a3aae8c97
fs: tidy
2022-12-31 12:38:50 +00:00
89e519810d
impermanence: clean up the bind mounts
2022-12-31 12:31:49 +00:00
0e920230ba
impermanence: fix systemd service ordering for crypt mount
2022-12-31 12:18:27 +00:00
6ffae00e17
fs: rename "service" option to "unit" option
2022-12-31 11:31:16 +00:00
be19985440
impermanence: crypt: more robust perms and ordering of backing device
2022-12-31 10:45:43 +00:00
f7e3e7294a
impermanence: transform gocryptfs key generation from activation script to systemd unit
2022-12-31 10:15:08 +00:00
d745e3c1ee
impermanence: remove fuse module: we don't need it now that we're mounting after activation
2022-12-31 09:13:31 +00:00
c1890ce82b
impermanence: cleanup some previously verbose code
2022-12-31 09:09:51 +00:00
53a0b621d8
impermanence: use sane.fs to inherit permissions instead of specifying defaults here
2022-12-31 01:04:49 +00:00
aeb2f63d65
impermanence: defer to fs.nix module for permissions & dir creation
2022-12-31 00:38:15 +00:00
528ffdb58e
add a new 'fs.nix' file i'll use to factor the impermanence stuff better
2022-12-30 14:45:34 +00:00
b6887b305e
impermanence: split out the root-on-tmpfs stuff
2022-12-30 04:35:34 +00:00
08dfc80c98
impermanence: split out sops setup
2022-12-30 04:31:24 +00:00
5a273213f6
sops: remove sops.age.sshKeyPaths override: sops gets this from openssh config already
2022-12-30 03:49:31 +00:00
0a6d88dfc1
impermanence: simplify /etc/ssh/host_keys setup
2022-12-30 03:34:59 +00:00
50dfd482cf
document plans for better handling of /etc/ssh
2022-12-29 19:19:51 +00:00
9743aee79d
ssh keys: document the issues i'm seeing
2022-12-29 18:42:59 +00:00
0819899102
remove dead commented-out code
2022-12-29 18:34:03 +00:00
d3ff68217e
impermanence: enable hyphenated folder names
2022-12-29 18:29:27 +00:00
1a96859994
impermanence: re-enable mpv watch_later dir
2022-12-29 18:10:40 +00:00
af92a2250e
impermanence: fix up circular dependencies and permissions
...
this is now a proof of concept. still has some rough edges.
2022-12-29 18:03:41 +00:00
d00f9b15d7
impermanence: fix typo in permissions service
2022-12-29 17:16:27 +00:00
aa1c1f40cb
WIP: impermanence rework (gut 3rd-party lib)
2022-12-29 16:38:58 +00:00
530b2d6385
impermanence: factor out some helpers for generating fileSystems and services
2022-12-29 08:42:15 +00:00
e6919dd16f
impermanence: use systemd/fileSystems for the crypt mounts, instead of 3rd-party impermanence
2022-12-29 01:17:40 +00:00
760f2ac66d
move ~/.cache into encrypted private dir
2022-12-29 01:17:40 +00:00
8e5ca11259
cleanup gocryptfs mounting
...
there's possibly some latent issues. i think my changes to the gocryptfs
package *might* not be necessary: if you work via the fuse front-door,
it's a lot harder to get it into these weird places.
2022-12-29 01:17:40 +00:00
121936620a
impermanence: add support for encrypted clear-on-boot storage
...
this is useful for when we need to store files to disk purely due to
their size, but don't actually want them to be persisted.
2022-12-29 01:17:40 +00:00
f5b49e014c
net: add parent's wifi
2022-12-29 00:57:36 +00:00
4bdb34775d
consolidate filesystems./ across devices
2022-12-28 01:36:22 +00:00
f5fbc206f5
package signaldctl (partially tested)
...
it includes an extra `bin/generator` output: i'm not sure if this is
necessary yet or not.
2022-12-28 00:48:44 +00:00
a9096f3312
sane-scripts: remove /run/wrappers hack now that prologue is fixed in resholve
2022-12-26 10:02:51 +00:00
67cddecab4
Merge branch 'staging/nixpkgs-2022-12-22'
2022-12-26 09:30:21 +00:00
9a002c99eb
python-data template: add requests module
2022-12-26 09:29:23 +00:00
