From a4c279286595e92f44e7eb55964df08b0b92706a Mon Sep 17 00:00:00 2001 From: Mohammad Rafiq Date: Wed, 2 Apr 2025 03:32:00 +0800 Subject: [PATCH] fix(impermanence): move persist dirs to home-manager module so permissions work right --- flake.nix | 7 +++-- modules/filesystems/impermanence.nix | 13 +++++--- modules/programs/scripts/deploy.sh | 47 ++++++++++++++-------------- 3 files changed, 37 insertions(+), 30 deletions(-) diff --git a/flake.nix b/flake.nix index 01acf6e..e5458bc 100644 --- a/flake.nix +++ b/flake.nix @@ -52,8 +52,11 @@ ./modules/hardware/cpu_intel.nix ]) (lib.optionals (hostname == "apollo") [ - mkDiskConfig - "/dev/disk/by-id/nvme-eui.002538d221b47b01" + (import ./modules/filesystems/impermanence.nix { + inherit inputs lib; + device = "/dev/disk/by-id/nvme-eui.002538d221b47b01"; + + }) ./modules/hardware/cpu_intel.nix ]) ]; diff --git a/modules/filesystems/impermanence.nix b/modules/filesystems/impermanence.nix index cdff177..ad80f10 100644 --- a/modules/filesystems/impermanence.nix +++ b/modules/filesystems/impermanence.nix @@ -11,7 +11,6 @@ ]; # Disk Partitioning disko.devices.disk.main = { - # device = "/dev/disk/by-id/nvme-eui.01000000000000008ce38e04019a68ab"; inherit device; type = "disk"; content.type = "gpt"; @@ -103,6 +102,7 @@ ''; # Directories to persist between boots + programs.fuse.userAllowOther = true; fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { # Hide the mounts from showing up in the file manager. @@ -112,14 +112,17 @@ "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/machine-id" ]; - users.rafiq = { - directories = [ - "repos" - ]; + }; + + home-manager.users.rafiq = { + imports = [ inputs.impermanence.homeManagerModules.impermanence ]; + home.persistence."/persist/home/rafiq" = { files = [ ".config/sops/age/keys.txt" ".ssh/id_ed25519" ]; + # Allows root and other users to access the bindfs files. + allowOther = true; }; }; } diff --git a/modules/programs/scripts/deploy.sh b/modules/programs/scripts/deploy.sh index 96b926f..7bfc657 100755 --- a/modules/programs/scripts/deploy.sh +++ b/modules/programs/scripts/deploy.sh @@ -1,43 +1,44 @@ # Set default values -flake=".#default" # Default flake attribute if none is provided +flake=".#default" # Default flake attribute if none is provided target_host="nixos@" # Default target host # Process command-line arguments while [[ $# -gt 0 ]]; do case "$1" in - --flake) - flake="$2" - shift # past argument - shift # past value - ;; - --target-host) - target_host="$2" - shift # past argument - shift # past value - ;; - *) - echo "Unknown option: $1" >&2 - exit 1 - ;; + --flake) + flake="$2" + shift # past argument + shift # past value + ;; + --target-host) + target_host="$2" + shift # past argument + shift # past value + ;; + *) + echo "Unknown option: $1" >&2 + exit 1 + ;; esac done # Prepare temporary directory and copy necessary files root=$(mktemp -d) -mkdir -p ${root}/persist -root=${root}/persist -sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* ${root} -sudo cp --verbose --archive --parents ~/.ssh/id_ed25519 ${root} -sudo cp --verbose --archive --parents ~/.config/sops/age/keys.txt ${root} +# Files should be copied to the persist directory +# because that's where impermanence looks for them in. +mkdir -p "${root}"/persist +root_persist=${root}/persist +sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* "${root_persist}" +sudo cp --verbose --archive --parents /home/rafiq/.ssh/id_ed25519 "${root_persist}" +sudo cp --verbose --archive --parents /home/rafiq/.config/sops/age/keys.txt "${root_persist}" # Run nixos-anywhere +# Copy over the necesary files to the persist directory. sudo nix run github:nix-community/nixos-anywhere -- \ --flake "${flake}" \ --target-host "${target_host}" \ - --copy-host-keys \ --extra-files "${root}" \ - --chown /home/rafiq/.config 1000:100 \ - --chown /home/rafiq/.ssh 1000:100 + --chown /persist/home/rafiq 1000:100 # Clean up the temporary directory sudo rm -rf "$root"