diff --git a/hosts/common/configs/system/docker/default.nix b/hosts/common/configs/system/docker/default.nix index dfd8fb2..0a819f3 100644 --- a/hosts/common/configs/system/docker/default.nix +++ b/hosts/common/configs/system/docker/default.nix @@ -18,7 +18,7 @@ }; environment = { - persistence."/persist/state"."/var/lib/docker" = { }; + persistence."/persist/state"."/var/lib/docker".create = "directory"; systemPackages = with pkgs; [ docker-compose ]; }; diff --git a/hosts/common/configs/system/impermanence/default.nix b/hosts/common/configs/system/impermanence/default.nix index fc8d7d2..7075569 100644 --- a/hosts/common/configs/system/impermanence/default.nix +++ b/hosts/common/configs/system/impermanence/default.nix @@ -1,9 +1,4 @@ -{ - config, - lib, - pkgs, - ... -}: +{ config, pkgs, ... }: { imports = [ ./options.nix ]; diff --git a/hosts/common/configs/system/impermanence/options.nix b/hosts/common/configs/system/impermanence/options.nix index 05e161d..a5399a5 100644 --- a/hosts/common/configs/system/impermanence/options.nix +++ b/hosts/common/configs/system/impermanence/options.nix @@ -121,6 +121,16 @@ in type = str; readOnly = true; }; + + create = mkOption { + type = enum [ + "none" + "file" + "directory" + ]; + default = "none"; + description = "Whether to create the file or directory in persistence if it does not exist."; + }; }; } ) @@ -257,6 +267,7 @@ in source=${lib.strings.escapeShellArg c._sourceRoot} target=${lib.strings.escapeShellArg c._targetRoot} path=${lib.strings.escapeShellArg c.path} + create=${lib.strings.escapeShellArg c.create} ${builtins.readFile ./scripts/start.sh} ''; @@ -264,6 +275,7 @@ in source=${lib.strings.escapeShellArg c._sourceRoot} target=${lib.strings.escapeShellArg c._targetRoot} path=${lib.strings.escapeShellArg c.path} + create=${lib.strings.escapeShellArg c.create} ${builtins.readFile ./scripts/stop.sh} ''; diff --git a/hosts/common/configs/system/impermanence/scripts/start.sh b/hosts/common/configs/system/impermanence/scripts/start.sh index 37186e5..f693901 100644 --- a/hosts/common/configs/system/impermanence/scripts/start.sh +++ b/hosts/common/configs/system/impermanence/scripts/start.sh @@ -1,22 +1,49 @@ # shellcheck shell=bash # shellcheck disable=SC2154 -echo "Starting impermanence mount with source: $source, target: $target, path: $path." +echo "Starting impermanence mount with source: $source, target: $target, path: $path, create: $create" source_current="$source" target_current="$target" -IFS='/' read -ra path_parts <<< "$path" -unset "path_parts[-1]" +IFS='/' read -ra parts <<< "$path" +leaf="${parts[-1]}" -for part in "${path_parts[@]}"; do - source_current="$source_current/$part" - target_current="$target_current/$part" +for part in "${parts[@]}"; do + source_current+="/$part" + target_current+="/$part" - if [[ ! -d "$source_current" ]]; then + if [[ -e "$source_current" ]]; then + read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")" + + if [[ -d "$source_current" ]]; then + install -d -m "$mode" -o "$owner" -g "$group" "$target_current" + continue + fi + + if [[ "$part" != "$leaf" ]]; then + echo "Error: $source_current is not a directory, persistence for $path can not be applied." + exit 1 + fi + + install -m "$mode" -o "$owner" -g "$group" /dev/null "$target_current" + fi + + if [[ "$create" == "none" ]]; then break fi - read -r mode owner group <<< "$(stat -c '%a %u %g' "$source_current")" - install -d -m "$mode" -o "$owner" -g "$group" "$target_current" + if [[ -e "$target_current" ]]; then + template="$target_current" + else + template="${source_current%/*}" + fi + + read -r mode owner group <<< "$(stat -c '%a %u %g' "$template")" + + if [[ "$part" == "$leaf" && "$create" == "file" ]]; then + install -m "$mode" -o "$owner" -g "$group" /dev/null "$source_current" + else + install -d -m "$mode" -o "$owner" -g "$group" "$source_current" + fi done diff --git a/hosts/common/configs/system/impermanence/scripts/stop.sh b/hosts/common/configs/system/impermanence/scripts/stop.sh index b053f05..e8ab2ea 100644 --- a/hosts/common/configs/system/impermanence/scripts/stop.sh +++ b/hosts/common/configs/system/impermanence/scripts/stop.sh @@ -1,7 +1,7 @@ # shellcheck shell=bash # shellcheck disable=SC2154 -echo "Stopping impermanence mount with source: $source, target: $target, path: $path." +echo "Stopping impermanence mount with source: $source, target: $target, path: $path, create: $create" source_current="$source" target_current="$target" diff --git a/hosts/common/configs/system/nix-install/install.sh b/hosts/common/configs/system/nix-install/install.sh index 095cd19..3b60da8 100644 --- a/hosts/common/configs/system/nix-install/install.sh +++ b/hosts/common/configs/system/nix-install/install.sh @@ -73,16 +73,17 @@ copy_keys() { local user user=$(basename "$path") + mkdir -p "$root/persist/state/home/$user/.config/sops-nix" cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt" - done -} -set_permissions() { - for path in "$flake/hosts/$host/users"/*; do - local user - user=$(basename "$path") - chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/state/home/$user" + owner=$(cat "$flake/hosts/$host/users/$user/uid") + group=100 + chown "$owner:$group" \ + "$root/persist/state/home/$user" \ + "$root/persist/state/home/$user/.config" \ + "$root/persist/state/home/$user/.config/sops-nix" \ + "$root/persist/state/home/$user/.config/sops-nix/key.txt" done } @@ -144,26 +145,18 @@ main() { set_password_file case "$mode" in - install) - prepare_disk "destroy,format,mount" - copy_keys - set_permissions - install - if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi - if [[ "$reboot_flag" == "true" ]]; then finish; fi - ;; - repair) - prepare_disk "mount" - copy_keys - install - if [[ "$copy_config_flag" == "true" ]]; then copy_config; fi - if [[ "$reboot_flag" == "true" ]]; then finish; fi - ;; + install) prepare_disk "destroy,format,mount";; + repair) prepare_disk "mount";; *) echo "Invalid mode: $mode" usage ;; esac + + copy_keys + install + [[ "$copy_config_flag" == "true" ]] && copy_config + [[ "$reboot_flag" == "true" ]] && finish } main "$@" diff --git a/hosts/common/configs/system/podman/default.nix b/hosts/common/configs/system/podman/default.nix index 2f9e59f..aa4108f 100644 --- a/hosts/common/configs/system/podman/default.nix +++ b/hosts/common/configs/system/podman/default.nix @@ -14,7 +14,7 @@ }; environment = { - persistence."/persist/state"."/var/lib/containers" = { }; + persistence."/persist/state"."/var/lib/containers".create = "directory"; systemPackages = with pkgs; [ podman-compose diff --git a/hosts/common/configs/user/console/docker/default.nix b/hosts/common/configs/user/console/docker/default.nix index 03f66ff..fe1c93b 100644 --- a/hosts/common/configs/user/console/docker/default.nix +++ b/hosts/common/configs/user/console/docker/default.nix @@ -37,7 +37,7 @@ lib.mkMerge [ }; } (lib.mkIf rootless { - environment.persistence."/persist/state"."${home}/.local/share/docker" = { }; + environment.persistence."/persist/state"."${home}/.local/share/docker".create = "directory"; systemd.user = { services.docker.after = [ diff --git a/hosts/common/configs/user/console/podman/default.nix b/hosts/common/configs/user/console/podman/default.nix index 64b03b6..c00c619 100644 --- a/hosts/common/configs/user/console/podman/default.nix +++ b/hosts/common/configs/user/console/podman/default.nix @@ -9,7 +9,7 @@ ... }: { - environment.persistence."/persist/state"."${home}/.local/share/containers" = { }; + environment.persistence."/persist/state"."${home}/.local/share/containers".create = "directory"; home-manager.users.${user} = { imports = [ inputs.quadlet-nix.homeManagerModules.quadlet ]; diff --git a/hosts/installer/README.md b/hosts/installer/README.md index 6998716..21f7e73 100644 --- a/hosts/installer/README.md +++ b/hosts/installer/README.md @@ -4,15 +4,9 @@ I have automated myself out of a job. How to use: 1. Boot into installer -2. Unlock luks partition +2. Connect to the internet with `sudo nmcli device wifi connect "" [--ask]` -3. Connect to the internet with `nmcli` - - ```bash - sudo nmcli device wifi connect "" [--ask] - ``` - -4. Run `sudo nix-install /etc/nixos -m install|repair -h host [-k key] [-c] [-r]"` +3. Run `sudo nix-install /etc/nixos -m install|repair -h host [-k key] [-c] [-r]"` ## Reinstalling the Installer