diff options
Diffstat (limited to 'profiles/state.nix')
| -rw-r--r-- | profiles/state.nix | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/profiles/state.nix b/profiles/state.nix new file mode 100644 index 0000000..0869d11 --- /dev/null +++ b/profiles/state.nix @@ -0,0 +1,59 @@ +{ + adminUser, + config, + lib, + ... +}: +{ + system.activationScripts = lib.mkIf config.ephemeralRoot { + "createPersistentStorageDirs".deps = [ + "var-lib-private-permissions" + "home-user-permissions" + "users" + "groups" + ]; + "var-lib-private-permissions" = { + deps = [ "specialfs" ]; + text = '' + mkdir -p /persist/var/lib/private + chmod 0700 /persist/var/lib/private + ''; + }; + "home-user-permissions" = { + deps = [ "specialfs" ]; + text = '' + mkdir -p /persist/save/home/${adminUser.name} + chown -R ${toString adminUser.uid}:${toString adminUser.gid} /persist/save/home/${adminUser.name} + chmod 0700 /persist/save/home/${adminUser.name} + ''; + }; + }; + + environment.persistence."/persist" = { + enable = config.ephemeralRoot; + hideMounts = true; + directories = [ + "/root" + "/var/lib/containers" + "/var/lib/nixos" + "/var/lib/systemd" + "/var/log" + ]; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + ]; + }; + + environment.persistence."/persist/save" = { + enable = config.ephemeralRoot; + hideMounts = true; + users.${adminUser.name} = { + directories = [ ]; + files = [ + ".ssh/known_hosts" + ]; + }; + }; +} |