fix(impermanence): move persist dirs to home-manager module so permissions work right

2025-04-02 03:32:00 +08:00 · 2025-04-02 03:32:00 +08:00 · a4c2792865
commit a4c2792865
parent a3311e8be6
3 changed files with 37 additions and 30 deletions
--- a/flake.nix
+++ b/flake.nix
@ -52,8 +52,11 @@
                ./modules/hardware/cpu_intel.nix
              ])
              (lib.optionals (hostname == "apollo") [
-                mkDiskConfig
-                "/dev/disk/by-id/nvme-eui.002538d221b47b01"
+                (import ./modules/filesystems/impermanence.nix {
+                  inherit inputs lib;
+                  device = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
+
+                })
                ./modules/hardware/cpu_intel.nix
              ])
            ];
--- a/modules/filesystems/impermanence.nix
+++ b/modules/filesystems/impermanence.nix
@ -11,7 +11,6 @@
  ];
  # Disk Partitioning
  disko.devices.disk.main = {
-    # device = "/dev/disk/by-id/nvme-eui.01000000000000008ce38e04019a68ab";
    inherit device;
    type = "disk";
    content.type = "gpt";
@ -103,6 +102,7 @@
    	'';

  # Directories to persist between boots
+  programs.fuse.userAllowOther = true;
  fileSystems."/persist".neededForBoot = true;
  environment.persistence."/persist" = {
    # Hide the mounts from showing up in the file manager.
@ -112,14 +112,17 @@
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/machine-id"
    ];
-    users.rafiq = {
-      directories = [
-        "repos"
-      ];
+  };
+
+  home-manager.users.rafiq = {
+    imports = [ inputs.impermanence.homeManagerModules.impermanence ];
+    home.persistence."/persist/home/rafiq" = {
      files = [
        ".config/sops/age/keys.txt"
        ".ssh/id_ed25519"
      ];
+      # Allows root and other users to access the bindfs files.
+      allowOther = true;
    };
  };
 }
--- a/modules/programs/scripts/deploy.sh
+++ b/modules/programs/scripts/deploy.sh
@ -1,43 +1,44 @@
 # Set default values
-flake=".#default" # Default flake attribute if none is provided
+flake=".#default"              # Default flake attribute if none is provided
 target_host="nixos@<hostname>" # Default target host

 # Process command-line arguments
 while [[ $# -gt 0 ]]; do
  case "$1" in
-    --flake)
-      flake="$2"
-      shift # past argument
-      shift # past value
-      ;;
-    --target-host)
-      target_host="$2"
-      shift # past argument
-      shift # past value
-      ;;
-    *)
-      echo "Unknown option: $1" >&2
-      exit 1
-      ;;
+  --flake)
+    flake="$2"
+    shift # past argument
+    shift # past value
+    ;;
+  --target-host)
+    target_host="$2"
+    shift # past argument
+    shift # past value
+    ;;
+  *)
+    echo "Unknown option: $1" >&2
+    exit 1
+    ;;
  esac
 done

 # Prepare temporary directory and copy necessary files
 root=$(mktemp -d)
-mkdir -p ${root}/persist
-root=${root}/persist
-sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* ${root}
-sudo cp --verbose --archive --parents ~/.ssh/id_ed25519 ${root}
-sudo cp --verbose --archive --parents ~/.config/sops/age/keys.txt ${root}
+# Files should be copied to the persist directory
+# because that's where impermanence looks for them in.
+mkdir -p "${root}"/persist
+root_persist=${root}/persist
+sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* "${root_persist}"
+sudo cp --verbose --archive --parents /home/rafiq/.ssh/id_ed25519 "${root_persist}"
+sudo cp --verbose --archive --parents /home/rafiq/.config/sops/age/keys.txt "${root_persist}"

 # Run nixos-anywhere
+# Copy over the necesary files to the persist directory.
 sudo nix run github:nix-community/nixos-anywhere -- \
  --flake "${flake}" \
  --target-host "${target_host}" \
-  --copy-host-keys \
  --extra-files "${root}" \
-  --chown /home/rafiq/.config 1000:100 \
-  --chown /home/rafiq/.ssh 1000:100
+  --chown /persist/home/rafiq 1000:100

 # Clean up the temporary directory
 sudo rm -rf "$root"