my nixos configuration
0
fork

Configure Feed

Select the types of activity you want to include in your feed.

bring in the better brainrotos impermanence module

https://github.com/thundertheidiot/brainrotos/blob/main/modules/nixos/impermanence.nix

Thunder 01e6b62a ffe97ed0

+168 -164
+4
hosts/framework/default.nix
··· 88 88 workstation.displayManager = "gdm"; 89 89 90 90 impermanence.enable = true; 91 + impermanence.directories = [ 92 + "/var/lib/fwupd" 93 + "/var/cache/fwupd" 94 + ]; 91 95 92 96 user = "thunder"; 93 97
+160 -164
modules/impermanence.nix
··· 1 1 { 2 2 lib, 3 - mlib, 4 3 config, 5 4 pkgs, 6 5 ... 7 6 }: let 8 7 cfg = config.meow.impermanence; 9 8 10 - inherit (lib) mkIf mkMerge; 9 + inherit (lib) mkIf mkMerge isString; 10 + inherit (lib.options) mkOption; 11 + inherit (lib.lists) flatten; 12 + inherit (lib.strings) concatStringsSep replaceStrings; 13 + inherit (lib.attrsets) filterAttrs mapAttrsToList listToAttrs; 14 + inherit (lib.types) listOf bool str attrs either; 11 15 in { 12 16 options = { 13 - meow.impermanence = let 14 - inherit (mlib) mkOpt mkEnOpt; 15 - inherit (lib.types) listOf str attrs; 16 - in { 17 - enable = mkEnOpt "This impermanence module serves as a helper to using a tmpfs as your rootfs."; 18 - persist = mkOpt str "" { 19 - description = "Directory to use for persistance."; 17 + meow.impermanence = { 18 + enable = mkOption { 19 + type = bool; 20 + default = true; 21 + description = "Enable impermanence"; 22 + }; 23 + 24 + persist = mkOption { 25 + type = str; 26 + default = "/nix/persist"; 27 + description = "Directory to use for persistance of files."; 20 28 }; 21 29 22 - directories = mkOpt (listOf attrs) [] { 23 - description = "Extra directories to persist."; 30 + directories = mkOption { 31 + type = listOf (either attrs str); 32 + default = []; 33 + apply = let 34 + mkDir' = { 35 + path, 36 + persistPath ? "${cfg.persist}/rootfs/${path}", 37 + permissions ? "1777", 38 + user ? "root", 39 + group ? "root", 40 + wantedBy ? [], 41 + before ? [], 42 + }: { 43 + inherit path persistPath permissions user group wantedBy before; 44 + }; 45 + 46 + mkDir = dir: 47 + if isString dir 48 + then mkDir' {path = dir;} 49 + else mkDir' dir; 50 + in 51 + list: map mkDir list; 52 + description = "Directories to persist across reboots."; 24 53 }; 25 54 26 - ensureDirectories = mkOpt (listOf str) [] { 27 - description = "Directories to ensure creation of."; 55 + files = mkOption { 56 + type = listOf (either attrs str); 57 + default = []; 58 + apply = let 59 + mkFile' = { 60 + path, 61 + persistPath ? "${cfg.persist}/rootfs/${path}", 62 + permissions ? "1777", 63 + user ? "root", 64 + group ? "root", 65 + wantedBy ? [], 66 + before ? [], 67 + }: { 68 + inherit path persistPath permissions user group wantedBy before; 69 + }; 70 + 71 + mkFile = file: 72 + if isString file 73 + then mkFile' {path = file;} 74 + else mkFile' file; 75 + in 76 + list: map mkFile list; 77 + description = "Files to persist across reboots."; 28 78 }; 29 79 }; 30 80 }; 31 81 32 - config = mkIf cfg.enable (mkMerge [ 33 - # Ensure directory creation 34 - { 35 - system.activationScripts = let 36 - inherit (builtins) concatStringsSep; 37 - in { 38 - ensure_directories = concatStringsSep "\n" ( 39 - map 40 - (dir: "mkdir --parents \"${dir}\"") 41 - cfg.ensureDirectories 42 - ); 43 - }; 44 - } 45 - # Directories 46 - (let 47 - mkMount = path: let 48 - inherit (builtins) isString isAttrs; 82 + config = mkMerge [ 83 + (mkIf cfg.enable { 84 + meow.impermanence.directories = [ 85 + { 86 + path = "/var/log"; 87 + permissions = "711"; 88 + } 89 + "/root/.cache/nix" 90 + "/var/lib/systemd" 91 + "/etc/NetworkManager/system-connections" 92 + "/var/lib/fwupd" 93 + "/var/cache/fwupd" 94 + "/var/db/sudo" 95 + ]; 96 + 97 + meow.impermanence.files = [ 98 + "/etc/localtime" 99 + ]; 100 + }) 101 + 102 + # Create and mount directories 103 + (mkIf cfg.enable { 104 + systemd.mounts = map (dir: 105 + with dir; { 106 + where = path; 107 + what = persistPath; 108 + type = "none"; 109 + options = "bind,X-fstrim.notrim,x-gvfs-hidden"; 49 110 50 - mkMount' = { 51 - path, 52 - persistPath ? "${cfg.persist}/rootfs/${path}", 53 - permissions ? "1777", 54 - user ? "root", 55 - group ? "root", 56 - }: { 57 - inherit persistPath path permissions user group; 58 - }; 59 - in 60 - if (isString path) 61 - then mkMount' {inherit path;} 62 - else if (isAttrs path) 63 - then mkMount' path 64 - else throw "Path provided to impermanence module is not a string or an attrset."; 111 + before = ["graphical.target"] ++ before; 112 + wantedBy = ["graphical.target"] ++ wantedBy; 113 + }) 114 + cfg.directories; 65 115 66 - persistMounts = paths': let 67 - inherit (builtins) listToAttrs; 116 + systemd.tmpfiles.rules = flatten (map (dir: 117 + with dir; [ 118 + "d ${persistPath} ${permissions} ${user} ${group} - -" 119 + "d ${path} ${permissions} ${user} ${group} - -" 120 + ]) 121 + cfg.directories); 122 + }) 68 123 69 - paths = map (p: mkMount p) (builtins.filter (i: i != null) paths'); 70 - in 71 - listToAttrs (map (p: 72 - with p; { 73 - name = let 74 - pname = 75 - builtins.replaceStrings ["/"] ["_"] 76 - path; 77 - in "persist-${pname}"; 78 - enable = true; 124 + # Create and mount files 125 + (mkIf cfg.enable { 126 + boot.postBootCommands = 127 + concatStringsSep " " 128 + (map (file: 129 + with file; '' 130 + if [ -e "${persistPath}" ] || [ -L "${persistPath}" ]; then 131 + cp -P "${persistPath}" "${path}" 132 + fi 133 + '') 134 + cfg.files); 135 + 136 + systemd.services = listToAttrs (map 137 + (file: 138 + with file; let 139 + name = "persist-${replaceStrings ["/"] ["_"] path}"; 140 + in { 141 + inherit name; 79 142 value = { 80 - description = "Bind mount ${path}."; 81 - wantedBy = 82 - if config.meow.workstation.enable 83 - then ["graphical.target"] 84 - else ["multi-user.target"]; 85 - before = 86 - if config.meow.workstation.enable 87 - then ["graphical.target"] 88 - else ["multi-user.target"]; 143 + wantedBy = ["graphical.target"]; 89 144 path = [pkgs.util-linux]; 90 - unitConfig.DefaultDependencies = false; 145 + unitConfig.defaultDependencies = true; 91 146 serviceConfig = { 92 147 Type = "oneshot"; 93 148 RemainAfterExit = true; 94 - ExecStart = pkgs.writeShellScript "mount_${path}" '' 95 - mkdir --parents ${path} 96 - mkdir --parents ${persistPath} 97 - 98 - mount -o bind,X-fstrim.notrim,x-gvfs-hidden ${persistPath} ${path} 99 - chmod ${permissions} ${persistPath} 100 - chmod ${permissions} ${path} 101 - chown ${user}:${group} ${persistPath} 102 - chown ${user}:${group} ${path} 149 + # Service is stopped before shutdown 150 + ExecStop = pkgs.writeShellScript name '' 151 + mkdir --parents "$(dirname ${persistPath})" 152 + cp -P "${path}" "${persistPath}" 103 153 ''; 104 - ExecStop = "umount ${path} && rm ${path}"; 105 154 }; 106 155 }; 107 156 }) 108 - paths); 157 + cfg.files); 158 + }) 109 159 110 - environmentEtcSource = loc: { 111 - source = "${cfg.persist}/rootfs/etc/${loc}"; 112 - }; 113 - in { 114 - systemd.services = persistMounts (cfg.directories 115 - ++ [ 116 - { 117 - path = "/var/log"; 118 - permissions = "711"; 119 - } 120 - "/var/lib/bluetooth" 121 - # "/var/lib/nixos" 122 - "/root/.cache/nix" 123 - "/etc/NetworkManager/system-connections" 124 - "/var/lib/systemd" 125 - # { 126 - # path = "/var/lib/flatpak"; 127 - # persistPath = "${cfg.persist}/flatpak"; 128 - # permissions = "755"; 129 - # } 130 - { 131 - path = "/var/lib/docker"; 132 - persistPath = "${cfg.persist}/docker"; 133 - permissions = "710"; 134 - } 135 - { 136 - path = "/var/lib/containers"; 137 - persistPath = "${cfg.persist}/containers"; 138 - permissions = "710"; 139 - } 140 - "/var/lib/fwupd" 141 - "/var/cache/fwupd" 142 - ( 143 - if config.services.fprintd.enable 144 - then { 145 - path = "/var/lib/fprint"; 146 - } 147 - else null 148 - ) 149 - # ( 150 - # if config.services.displayManager.sddm.enable 151 - # then { 152 - # path = "/var/lib/sddm"; 153 - # permissions = "750"; 154 - # user = "sddm"; 155 - # group = "sddm"; 156 - # } 157 - # else null 158 - # ) 159 - ]); 160 + ### fixes/hacks 160 161 161 - # logrotate permission fix for updates 162 - systemd.tmpfiles.rules = [ 163 - "d /var/log 0711 root root - -" 164 - ]; 162 + # home directories 163 + (mkIf cfg.enable { 164 + systemd.tmpfiles.rules = 165 + mapAttrsToList 166 + (name: user: "d ${user.home} 0700 ${name} ${user.group} - -") 167 + (filterAttrs (_name: attrs: attrs.createHome) config.users.users); 168 + }) 165 169 166 - environment.etc = builtins.listToAttrs (builtins.map (loc: { 170 + # machine id 171 + (mkIf cfg.enable { 172 + environment.etc = listToAttrs (map (loc: { 167 173 name = loc; 168 - value = environmentEtcSource loc; 174 + value = {source = "${cfg.persist}/rootfs/etc/${loc}";}; 169 175 }) ["machine-id"]); 170 176 }) 171 - # /etc/shadow 172 - (let 173 - pShadow = "${cfg.persist}/rootfs/etc/shadow"; 174 - in { 175 - system.activationScripts = { 176 - # The first copy accounts for reactivation after startup, this example scenario should explain that 177 - # 1. User starts up their computer 178 - # 2. ${pShadow} is copied over /etc/shadow 179 - # 3. User changes their password 180 - # 4. User updates their system, reactivating the configuration 181 - # 5. The old unchanged ${pShadow} is copied over /etc/shadow 182 - # 6. User is very confused, as their password has changed back 183 - etc_shadow = '' 184 - mkdir --parents "${cfg.persist}/rootfs/etc" 185 - [ -f "/etc/shadow" ] && cp /etc/shadow ${pShadow} 186 - [ -f "${pShadow}" ] && cp ${pShadow} /etc/shadow 187 - ''; 188 - 189 - users.deps = ["etc_shadow"]; 190 - }; 191 177 192 - systemd.services."etc_shadow_persistence" = { 178 + # /etc/shadow (passwords) 179 + # cannot be handled through files, must run before user setup 180 + (mkIf cfg.enable { 181 + systemd.services."etc_shadow_persistence" = let 182 + pShadow = "${cfg.persist}/rootfs/etc/shadow"; 183 + in { 193 184 enable = true; 194 185 description = "Persist /etc/shadow on shutdown."; 195 - wantedBy = ["multi-user.target"]; 196 - path = [pkgs.util-linux]; 186 + wantedBy = ["sysinit.target"]; 187 + before = ["systemd-sysusers.service"]; 188 + unitConfig.RequiresMountsFor = ["${cfg.persist}"]; 197 189 unitConfig.defaultDependencies = true; 190 + path = [pkgs.util-linux]; 198 191 serviceConfig = { 199 192 Type = "oneshot"; 200 193 RemainAfterExit = true; 194 + ExecStart = pkgs.writeShellScript "restore_etc_shadow" '' 195 + mkdir -p /etc 196 + [ -f "${pShadow}" ] && cp ${pShadow} /etc/shadow 197 + [ -f /etc/shadow ] && chmod 600 /etc/shadow 198 + ''; 201 199 # Service is stopped before shutdown 202 200 ExecStop = pkgs.writeShellScript "persist_etc_shadow" '' 203 201 mkdir --parents "${cfg.persist}/rootfs/etc" ··· 206 204 }; 207 205 }; 208 206 }) 207 + 209 208 # Program configuration 210 - { 211 - services.ollama.home = "${cfg.persist}/ollama"; 209 + (mkIf cfg.enable { 212 210 sops.age.keyFile = "${cfg.persist}/sops-key.txt"; 213 211 214 - system.activationScripts = { 215 - openssh_dir.text = "mkdir --parents ${cfg.persist}/ssh"; 216 - }; 212 + systemd.tmpfiles.rules = ["d ${cfg.persist}/ssh 755 root root - -"]; 217 213 218 214 services.openssh.hostKeys = [ 219 215 { ··· 226 222 bits = 4096; 227 223 } 228 224 ]; 229 - } 230 - ]); 225 + }) 226 + ]; 231 227 }
+4
modules/workstation/audio.nix
··· 13 13 }; 14 14 15 15 config = mkIf cfg { 16 + meow.impermanence.directories = [ 17 + "/var/lib/bluetooth" 18 + ]; 19 + 16 20 hardware.bluetooth = { 17 21 enable = true; 18 22 powerOnBoot = true;