christoph/flake-nixinator
1
Fork 0
Code Activity

Modules/Impermanence: Add impermanence module and enable opt-in state for nixinator

Browse Source
This commit is contained in:
Christoph Urlacher
2025-07-16 02:20:35 +02:00
parent 8350598d99
commit 67116c82b1
5 changed files with 129 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
home/modules/fish/default.nix
View File

@ -138,7 +138,7 @@ in {
b = "z -"; # jump to previous dir
mkdir = "mkdir -p"; # also create parents (-p)
blk = batify "lsblk -o NAME,LABEL,PARTLABEL,FSTYPE,SIZE,FSUSE%,MOUNTPOINT";
blkid = batify "lsblk -o NAME,LABEL,FSTYPE,SIZE,PARTLABEL,MODEL,ID,UUID";
blkids = batify "lsblk -o NAME,LABEL,FSTYPE,SIZE,PARTLABEL,MODEL,ID,UUID";
watch = "watch -d -c -n 0.5";
nd = "nix develop";
nb = "nix build -L";

1
system/modules/default.nix
View File

@ -4,6 +4,7 @@
./desktopportal
./docker
./fonts
./impermanence
./mime
./network
./polkit

116
system/modules/impermanence/default.nix Normal file
View File

@ -0,0 +1,116 @@
{
config,
lib,
mylib,
username,
...
}: let
inherit (config.modules) impermanence;
in {
options.modules.impermanence = import ./options.nix {inherit lib mylib;};
config = let
# NOTE: Setting user/group/mode only has an effect if the
# directory is created by impermanence!
m777 = "u=rwx,g=rwx,o=rwx";
m755 = "u=rwx,g=rx,o=rx";
m711 = "u=rwx,g=x,o=x";
m700 = "u=rwx,g=,o=";
m644 = "u=rw,g=r,o=r";
m600 = "u=rw,g=,o=";
m444 = "u=r,g=r,o=r";
mkDir = user: directory: mode: {
inherit directory mode;
user = config.users.users.${user}.name;
group = config.users.users.${user}.group;
};
mkFile = user: file: mode: {
inherit file;
parentDirectory = {
inherit mode;
user = config.users.users.${user}.name;
group = config.users.users.${user}.group;
};
};
in
lib.mkIf impermanence.enable {
environment.persistence."/persist" = let
mkRDir = mkDir "root";
mkRFile = mkFile "root";
mkUDir = mkDir "${username}";
mkUFile = mkFile "${username}";
in {
hideMounts = true; # Sets x-gvfs-hide option
files = [
(mkRFile "/etc/adjtime" m644)
(mkRFile "/etc/machine-id" m444)
];
directories = [
(mkRDir "/etc/NetworkManager" m755)
(mkRDir "/etc/ssh" m755)
(mkRDir "/var/db/sudo" m711)
(mkRDir "/var/lib/bluetooth" m755) # m700
(mkRDir "/var/lib/containers" m755)
(mkRDir "/var/lib/flatpak" m755)
(mkRDir "/var/lib/NetworkManager" m755)
(mkRDir "/var/lib/nixos" m755)
(mkRDir "/var/lib/systemd" m755)
(mkRDir "/var/tmp" m777)
];
users.${username} = {
files = [
(mkUFile ".ssh/known_hosts" m755) # m644
(mkUFile ".secrets/spotify_client_id" m755) # m644
(mkUFile ".secrets/spotify_client_secret" m755) # m644
(mkUFile ".secrets/youtube_music_cookies" m755) # m644
(mkUFile ".secrets/age/age.key" m755) # m600
];
directories = [
(mkUDir "Downloads" m755)
(mkUDir "Documents" m755)
(mkUDir "GitRepos" m755)
(mkUDir "NixFlake" m755)
(mkUDir "Notes" m755)
(mkUDir "Pictures" m755)
(mkUDir "Projects" m755)
(mkUDir "Public" m755)
(mkUDir "Unity" m755)
(mkUDir "Videos" m755)
(mkUDir ".gnupg" m755) # m600
(mkUDir ".mozilla/firefox" m755) # TODO: Remove this someday
(mkUDir ".mozilla/native-messaging-hosts" m755)
(mkUDir ".ollama" m755)
(mkUDir ".var/app" m755)
(mkUDir ".vim/undo" m755)
(mkUDir ".cache/fish/generated_completions" m755)
(mkUDir ".config/Ferdium" m755)
(mkUDir ".config/fish/completions" m755)
(mkUDir ".config/kdeconnect" m755)
(mkUDir ".config/keepassxc" m755)
(mkUDir ".config/Msty" m755)
(mkUDir ".config/Nextcloud" m755)
(mkUDir ".local/share/flatpak" m755)
(mkUDir ".local/share/nix" m755)
(mkUDir ".local/share/nvim/sessions" m755)
(mkUDir ".local/share/zoxide" m755)
(mkUDir ".local/state/astal/notifd" m755)
];
};
};
};
}

9
system/modules/impermanence/options.nix Normal file
View File

@ -0,0 +1,9 @@
{
lib,
mylib,
...
}: {
enable = lib.mkEnableOption "Enable opt-in state using impermanence.";
# TODO: Options for host-specific config
}

2
system/nixinator/default.nix
View File

@ -14,6 +14,8 @@
];
modules = {
impermanence.enable = true;
network = {
useNetworkManager = true;