rrvsh/pantheon
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix(impermanence): move persist dirs to home-manager module so permissions work right

Browse source
This commit is contained in:
Mohammad Rafiq 2025-04-02 03:32:00 +08:00
parent a3311e8be6
commit a4c2792865
No known key found for this signature in database
3 changed files with 37 additions and 30 deletions
Download patch file Download diff file Expand all files Collapse all files

7
flake.nix
View file

@ -52,8 +52,11 @@
./modules/hardware/cpu_intel.nix ./modules/hardware/cpu_intel.nix
]) ])
(lib.optionals (hostname == "apollo") [ (lib.optionals (hostname == "apollo") [
mkDiskConfig (import ./modules/filesystems/impermanence.nix {
"/dev/disk/by-id/nvme-eui.002538d221b47b01" inherit inputs lib;
device = "/dev/disk/by-id/nvme-eui.002538d221b47b01";
})
./modules/hardware/cpu_intel.nix ./modules/hardware/cpu_intel.nix
]) ])
]; ];

13
modules/filesystems/impermanence.nix
View file

@ -11,7 +11,6 @@
]; ];
# Disk Partitioning # Disk Partitioning
disko.devices.disk.main = { disko.devices.disk.main = {
# device = "/dev/disk/by-id/nvme-eui.01000000000000008ce38e04019a68ab";
inherit device; inherit device;
type = "disk"; type = "disk";
content.type = "gpt"; content.type = "gpt";
@ -103,6 +102,7 @@
''; '';
# Directories to persist between boots # Directories to persist between boots
programs.fuse.userAllowOther = true;
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = { environment.persistence."/persist" = {
# Hide the mounts from showing up in the file manager. # Hide the mounts from showing up in the file manager.
@ -112,14 +112,17 @@
"/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/machine-id" "/etc/machine-id"
]; ];
users.rafiq = { };
directories = [
"repos" home-manager.users.rafiq = {
]; imports = [ inputs.impermanence.homeManagerModules.impermanence ];
home.persistence."/persist/home/rafiq" = {
files = [ files = [
".config/sops/age/keys.txt" ".config/sops/age/keys.txt"
".ssh/id_ed25519" ".ssh/id_ed25519"
]; ];
# Allows root and other users to access the bindfs files.
allowOther = true;
}; };
}; };
} }

17
modules/programs/scripts/deploy.sh
View file

@ -24,20 +24,21 @@ done
# Prepare temporary directory and copy necessary files # Prepare temporary directory and copy necessary files
root=$(mktemp -d) root=$(mktemp -d)
mkdir -p ${root}/persist # Files should be copied to the persist directory
root=${root}/persist # because that's where impermanence looks for them in.
sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* ${root} mkdir -p "${root}"/persist
sudo cp --verbose --archive --parents ~/.ssh/id_ed25519 ${root} root_persist=${root}/persist
sudo cp --verbose --archive --parents ~/.config/sops/age/keys.txt ${root} sudo cp --verbose --archive --parents /etc/ssh/ssh_host_* "${root_persist}"
sudo cp --verbose --archive --parents /home/rafiq/.ssh/id_ed25519 "${root_persist}"
sudo cp --verbose --archive --parents /home/rafiq/.config/sops/age/keys.txt "${root_persist}"
# Run nixos-anywhere # Run nixos-anywhere
# Copy over the necesary files to the persist directory.
sudo nix run github:nix-community/nixos-anywhere -- \ sudo nix run github:nix-community/nixos-anywhere -- \
--flake "${flake}" \ --flake "${flake}" \
--target-host "${target_host}" \ --target-host "${target_host}" \
--copy-host-keys \
--extra-files "${root}" \ --extra-files "${root}" \
--chown /home/rafiq/.config 1000:100 \ --chown /persist/home/rafiq 1000:100
--chown /home/rafiq/.ssh 1000:100
# Clean up the temporary directory # Clean up the temporary directory
sudo rm -rf "$root" sudo rm -rf "$root"