From d68a99d67cea2c53ff2f42da42c452b1cb9c01fb Mon Sep 17 00:00:00 2001 From: Christoph Urlacher Date: Wed, 16 Jul 2025 16:24:46 +0200 Subject: [PATCH] Modules/Impermanence: Set home ownership --- system/modules/impermanence/default.nix | 51 +++++++++++++++++++++---- 1 file changed, 43 insertions(+), 8 deletions(-) diff --git a/system/modules/impermanence/default.nix b/system/modules/impermanence/default.nix index f5e778ae..5dca78bb 100644 --- a/system/modules/impermanence/default.nix +++ b/system/modules/impermanence/default.nix @@ -23,17 +23,17 @@ in { mkDir = user: directory: mode: { inherit directory mode; - user = config.users.users.${user}.name; - group = config.users.users.${user}.group; + # user = config.users.users.${user}.name; + # group = config.users.users.${user}.group; }; mkFile = user: file: mode: { inherit file; - parentDirectory = { - inherit mode; - user = config.users.users.${user}.name; - group = config.users.users.${user}.group; - }; + # parentDirectory = { + # inherit mode; + # user = config.users.users.${user}.name; + # group = config.users.users.${user}.group; + # }; }; in lib.mkIf impermanence.enable { @@ -55,6 +55,8 @@ in { (mkRDir "/etc/secureboot" m755) (mkRDir "/etc/ssh" m755) + (mkRDir "/nix/var" m755) + # https://github.com/nix-community/impermanence/issues/253 (mkRDir "/usr/systemd-placeholder" m755) @@ -63,9 +65,10 @@ in { (mkRDir "/var/lib/bluetooth" m755) # m700 (mkRDir "/var/lib/containers" m755) (mkRDir "/var/lib/flatpak" m755) - (mkRDir "/var/lib/NetworkManager" m755) (mkRDir "/var/lib/libvirt" m755) + (mkRDir "/var/lib/NetworkManager" m755) (mkRDir "/var/lib/nixos" m755) + (mkRDir "/var/lib/private/ollama" m755) (mkRDir "/var/lib/systemd" m755) (mkRDir "/var/tmp" m777) @@ -126,11 +129,34 @@ in { (mkUDir ".local/share/zoxide" m755) (mkUDir ".local/state/astal/notifd" m755) + (mkUDir ".local/state/nix" m755) (mkUDir ".local/state/nvim" m755) ]; }; }; + systemd.services."impermanence-fix-home-ownership" = let + homeDir = "/home/${username}"; + homeUser = builtins.toString config.users.users.${username}.uid; + homeGroup = builtins.toString config.users.groups.${config.users.users.${username}.group}.gid; + in { + description = "Fix impermanent home ownership"; + # wantedBy = ["local-fs.target"]; + # partOf = ["local-fs.target"]; + after = ["local-fs.target"]; # Execute afer home.mount + before = ["network-online.target"]; # Execute before NFS mounts + serviceConfig.Type = "oneshot"; + + script = '' + if [[ -d ${homeDir} ]]; then + chown -R ${homeUser}:${homeGroup} ${homeDir} + echo "Set ownership for ${homeDir} to ${homeUser}:${homeGroup}" + else + echo "ERROR: Home ${homeDir} does not exist!" + fi + ''; + }; + # Because we have a LUKS encrypted drive # we use a systemd service to cleanup the volumes boot.initrd.systemd = { @@ -140,6 +166,9 @@ in { backupDuration = "7"; # Days mountDir = "/btrfs_tmp"; persistDir = "${mountDir}/persist"; + + homeUser = builtins.toString config.users.users.${username}.uid; + homeGroup = builtins.toString config.users.groups.${config.users.users.${username}.group}.gid; in { description = "Clean impermanent btrfs subvolumes"; wantedBy = ["initrd.target"]; @@ -205,6 +234,12 @@ in { btrfs subvolume create ${mountDir}/home echo "Created new subvolumes ${mountDir}/root and ${mountDir}/home" + chown -R ${homeUser}:${homeGroup} ${mountDir}/home/${username} + echo "Set permissions for ${mountDir}/home/${username} to ${homeUser}:${homeGroup}" + + chown -R ${homeUser}:${homeGroup} ${persistDir}/home/${username} + echo "Set permissions for ${persistDir}/home/${username} to ${homeUser}:${homeGroup}" + umount ${mountDir} rmdir ${mountDir} '';