From b6102124a115dbfdafc12c082f9bd6474a1bd0ba Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 26 Oct 2023 12:50:59 +0000 Subject: [PATCH 01/30] overlays: add 'gruvbox-nvim-old-diff' I dislike the new style of diff [1]. Thankfully somebody wrote a patch to configure it [2] (though not completely to my liking, so the local patch here is a bit different). I used it as a basis, but made it always revert, rather than configurable. [1]: https://github.com/ellisonleao/gruvbox.nvim/issues/290 [2]: https://github.com/ellisonleao/gruvbox.nvim/pull/291 --- overlays/gruvbox-nvim-old-diff/default.nix | 4 +++ overlays/gruvbox-nvim-old-diff/generated.nix | 24 ++++++++++++++++ .../gruvbox-nvim-old-diff/old-colours.patch | 28 +++++++++++++++++++ 3 files changed, 56 insertions(+) create mode 100644 overlays/gruvbox-nvim-old-diff/default.nix create mode 100644 overlays/gruvbox-nvim-old-diff/generated.nix create mode 100644 overlays/gruvbox-nvim-old-diff/old-colours.patch diff --git a/overlays/gruvbox-nvim-old-diff/default.nix b/overlays/gruvbox-nvim-old-diff/default.nix new file mode 100644 index 0000000..832e71d --- /dev/null +++ b/overlays/gruvbox-nvim-old-diff/default.nix @@ -0,0 +1,4 @@ +self: prev: +{ + vimPlugins = prev.vimPlugins.extend (self.callPackage ./generated.nix { }); +} diff --git a/overlays/gruvbox-nvim-old-diff/generated.nix b/overlays/gruvbox-nvim-old-diff/generated.nix new file mode 100644 index 0000000..05f6271 --- /dev/null +++ b/overlays/gruvbox-nvim-old-diff/generated.nix @@ -0,0 +1,24 @@ +{ vimUtils, fetchFromGitHub }: + +_final: _prev: { + gruvbox-nvim = vimUtils.buildVimPlugin { + pname = "gruvbox.nvim"; + version = "2023-10-07"; + + src = fetchFromGitHub { + owner = "ellisonleao"; + repo = "gruvbox.nvim"; + rev = "477c62493c82684ed510c4f70eaf83802e398898"; + sha256 = "0250c24c6n6yri48l288irdawhqs16qna3y74rdkgjd2jvh66vdm"; + }; + + patches = [ + # Inspired by https://github.com/ellisonleao/gruvbox.nvim/pull/291 + ./old-colours.patch + ]; + + meta = { + homepage = "https://github.com/ellisonleao/gruvbox.nvim/"; + }; + }; +} diff --git a/overlays/gruvbox-nvim-old-diff/old-colours.patch b/overlays/gruvbox-nvim-old-diff/old-colours.patch new file mode 100644 index 0000000..99c39b4 --- /dev/null +++ b/overlays/gruvbox-nvim-old-diff/old-colours.patch @@ -0,0 +1,28 @@ +From 416b3c9c5e783d173ac0fd5310a76c1b144b92c1 Mon Sep 17 00:00:00 2001 +From: eeeXun +Date: Thu, 19 Oct 2023 02:34:12 +0800 +Subject: feat: make invert_diff configurable + +--- + README.md | 3 ++- + lua/gruvbox.lua | 7 ++++--- + 2 files changed, 6 insertions(+), 4 deletions(-) + +diff --git a/lua/gruvbox.lua b/lua/gruvbox.lua +index ceba0735..a319fc6a 100644 +--- a/lua/gruvbox.lua ++++ b/lua/gruvbox.lua +@@ -360,9 +361,9 @@ local function get_groups() + PmenuSel = { fg = colors.bg2, bg = colors.blue, bold = config.bold }, + PmenuSbar = { bg = colors.bg2 }, + PmenuThumb = { bg = colors.bg4 }, +- DiffDelete = { bg = colors.dark_red }, +- DiffAdd = { bg = colors.dark_green }, +- DiffChange = { bg = colors.dark_aqua }, +- DiffText = { bg = colors.yellow, fg = colors.bg0 }, ++ DiffDelete = { fg = colors.bg0, bg = colors.red, reverse = config.inverse }, ++ DiffAdd = { fg = colors.bg0, bg = colors.green, reverse = config.inverse }, ++ DiffChange = { fg = colors.bg0, bg = colors.aqua, reverse = config.inverse }, ++ DiffText = { bg = colors.yellow, fg = colors.bg0, reverse = config.inverse }, + SpellCap = { link = "GruvboxBlueUnderline" }, + SpellBad = { link = "GruvboxRedUnderline" }, From eebc8c8d848f1914fe57fb91e115a0ef1e018a10 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 18 Oct 2023 15:26:35 +0000 Subject: [PATCH 02/30] home: vim: migrate to 'none-ls-nvim' This is the community-maintained fork of the plug-in. --- home/vim/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/home/vim/default.nix b/home/vim/default.nix index ec18f5c..871bf40 100644 --- a/home/vim/default.nix +++ b/home/vim/default.nix @@ -67,7 +67,7 @@ in nvim-lspconfig # Easy LSP configuration lsp-format-nvim # Simplified formatting configuration lsp_lines-nvim # Show diagnostics *over* regions - null-ls-nvim # LSP integration for linters and formatters + none-ls-nvim # LSP integration for linters and formatters nvim-treesitter.withAllGrammars # Better highlighting nvim-treesitter-textobjects # More textobjects nvim-ts-context-commentstring # Comment string in nested language blocks From 0f5f848c7e2176b838af4fc6c37e7bc328883fcf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 26 Oct 2023 13:47:29 +0000 Subject: [PATCH 03/30] home: firefox: migrate deprecated option --- home/firefox/default.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/home/firefox/default.nix b/home/firefox/default.nix index 7374b63..85a1d59 100644 --- a/home/firefox/default.nix +++ b/home/firefox/default.nix @@ -33,13 +33,10 @@ in enable = true; package = pkgs.firefox.override { - cfg = { - enableTridactylNative = cfg.tridactyl.enable; - }; - - extraNativeMessagingHosts = with pkgs; ([ ] + nativeMessagingHosts = ([ ] + ++ lib.optional cfg.tridactyl.enable pkgs.tridactyl-native # Watch videos using mpv - ++ lib.optional cfg.ff2mpv.enable ambroisie.ff2mpv-go + ++ lib.optional cfg.ff2mpv.enable pkgs.ambroisie.ff2mpv-go ); }; From 3cd1789ec962571b3a3f3a06e076f1c60e183cfc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 13:45:36 +0200 Subject: [PATCH 04/30] flake: add 'impermanence' --- flake.lock | 17 +++++++++++++++++ flake.nix | 7 +++++++ 2 files changed, 24 insertions(+) diff --git a/flake.lock b/flake.lock index 5fd6c45..1c7b71b 100644 --- a/flake.lock +++ b/flake.lock @@ -145,6 +145,22 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "impermanence", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1698134075, @@ -212,6 +228,7 @@ "flake-parts": "flake-parts", "futils": "futils", "home-manager": "home-manager", + "impermanence": "impermanence", "nixpkgs": "nixpkgs", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks" diff --git a/flake.nix b/flake.nix index 8e46ea3..7970759 100644 --- a/flake.nix +++ b/flake.nix @@ -39,6 +39,13 @@ }; }; + impermanence = { + type = "github"; + owner = "nix-community"; + repo = "impermanence"; + ref = "master"; + }; + nixpkgs = { type = "github"; owner = "NixOS"; From ed6e7513bbc9407732f20d1918edd987569df38a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 13:52:04 +0200 Subject: [PATCH 05/30] WIP: modules: systems: add persist This is the module that takes care of configuring impermanence at the system level. WIP: * address FIXMEs * activate home-manager persistence? * set `programs.fuse.userAllowOther = true;` ? * point `age` to persisted paths [1] ? * make sure all services and modules are persisted correctly... [1]: https://github.com/lovesegfault/nix-config/commit/b1d18d25b8cc1e50c521020442b907de377a147d --- modules/system/default.nix | 1 + modules/system/persist/default.nix | 67 ++++++++++++++++++++++++++++++ 2 files changed, 68 insertions(+) create mode 100644 modules/system/persist/default.nix diff --git a/modules/system/default.nix b/modules/system/default.nix index 9fe3b57..b3d9385 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -9,6 +9,7 @@ ./language ./nix ./packages + ./persist ./podman ./users ]; diff --git a/modules/system/persist/default.nix b/modules/system/persist/default.nix new file mode 100644 index 0000000..4c0682c --- /dev/null +++ b/modules/system/persist/default.nix @@ -0,0 +1,67 @@ +# Ephemeral root configuration +{ config, inputs, lib, ... }: +let + cfg = config.my.system.persist; +in +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + options.my.system.persist = with lib; { + enable = mkEnableOption "stateless system configuration"; + + mountPoint = lib.mkOption { + type = types.str; + default = "/persistent"; + example = "/etc/nix/persist"; + description = '' + Which mount point should be used to persist this system's files and + directories. + ''; + }; + + files = lib.mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + "/etc/nix/id_rsa" + ]; + description = '' + Additional files in the root to link to persistent storage. + ''; + }; + + directories = lib.mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + "/var/lib/libvirt" + ]; + description = '' + Additional directories in the root to link to persistent storage. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment.persistence."${cfg.mountPoint}" = { + files = [ + "/etc/machine-id" + ] + ++ cfg.files + ; + + directories = [ + "/etc/nixos" + "/var/log" + "/var/lib/systemd/coredump" + ] + ++ (lib.optionals config.virtualisation.docker.enable [ + "/var/lib/docker" + ]) + ++ cfg.directories + ; + }; + }; +} From 3ef8c051e7255f2e869ef020dfafa3de40f67da4 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:05:42 +0200 Subject: [PATCH 06/30] modules: services: ssh-server: persist host keys --- modules/services/ssh-server/default.nix | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/modules/services/ssh-server/default.nix b/modules/services/ssh-server/default.nix index 9ae0fa8..0cabc6f 100644 --- a/modules/services/ssh-server/default.nix +++ b/modules/services/ssh-server/default.nix @@ -20,6 +20,14 @@ in }; }; + # Persist SSH keys + my.system.persist.files = [ + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + # Opens the relevant UDP ports. programs.mosh.enable = true; }; From 3f8fa8375f25345a4a9a3df4c391ed79ac6850de Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:06:03 +0200 Subject: [PATCH 07/30] modules: hardware: netowrking persist connections --- modules/hardware/networking/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/hardware/networking/default.nix b/modules/hardware/networking/default.nix index f0806fe..51dcfce 100644 --- a/modules/hardware/networking/default.nix +++ b/modules/hardware/networking/default.nix @@ -22,6 +22,11 @@ in config = lib.mkMerge [ (lib.mkIf cfg.wireless.enable { networking.networkmanager.enable = true; + + # Persist NetworkManager files + my.system.persist.directories = [ + "/etc/NetworkManager/system-connections" + ]; }) ]; } From 84d8e18d7097b6a66b088f6056f92c7f53c02410 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:06:26 +0200 Subject: [PATCH 08/30] modules: hardware: bluetooth: persist connections --- modules/hardware/bluetooth/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/hardware/bluetooth/default.nix b/modules/hardware/bluetooth/default.nix index 2d840f9..3dd44e6 100644 --- a/modules/hardware/bluetooth/default.nix +++ b/modules/hardware/bluetooth/default.nix @@ -18,6 +18,13 @@ in services.blueman.enable = true; } + # Persist bluetooth files + { + my.system.persist.directories = [ + "/var/lib/bluetooth" + ]; + } + # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { hardware.pulseaudio = { From 0933d7e269e0715eb7a686e3c8a1087b92cd0a8b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:19:57 +0200 Subject: [PATCH 09/30] modules: services: blog: persist website data --- modules/services/blog/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/services/blog/default.nix b/modules/services/blog/default.nix index 4b646c3..6752ac2 100644 --- a/modules/services/blog/default.nix +++ b/modules/services/blog/default.nix @@ -42,5 +42,12 @@ in # Those are all subdomains, no problem my.services.nginx.virtualHosts = hostsInfo; + + my.system.persist.directories = [ + "/var/www/blog" + "/var/www/cv" + "/var/www/dev" + "/var/www/key" + ]; }; } From de7375c35643fe0e90e03c74adc9634566522abc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:05 +0100 Subject: [PATCH 10/30] modules: services: calibre-web: persist library --- modules/services/calibre-web/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/calibre-web/default.nix b/modules/services/calibre-web/default.nix index 858851c..b6e70d8 100644 --- a/modules/services/calibre-web/default.nix +++ b/modules/services/calibre-web/default.nix @@ -54,6 +54,11 @@ in ]; }; + my.system.persist.directories = [ + "/var/lib/${config.services.calibre-web.dataDir}" + cfg.libraryPath + ]; + services.fail2ban.jails = { calibre-web = '' enabled = true From 6f354de7e2b4fb408c081a8e49568e889d314ec3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:16 +0100 Subject: [PATCH 11/30] modules: services: flood: persist data --- modules/services/flood/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/flood/default.nix b/modules/services/flood/default.nix index ff5d941..79b6c75 100644 --- a/modules/services/flood/default.nix +++ b/modules/services/flood/default.nix @@ -46,5 +46,9 @@ in inherit (cfg) port; } ]; + + my.system.persist.directories = [ + "/var/lib/${cfg.stateDir}" + ]; }; } From 9a0804a491bd1fde946079268afd68283fbb164a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:28 +0100 Subject: [PATCH 12/30] modules: services: gitea: persist repositories --- modules/services/gitea/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/gitea/default.nix b/modules/services/gitea/default.nix index 28a448d..93edf57 100644 --- a/modules/services/gitea/default.nix +++ b/modules/services/gitea/default.nix @@ -135,6 +135,11 @@ in ]; }; + my.system.persist.directories = [ + config.services.gitea.lfs.contentDir + config.services.gitea.repositoryRoot + ]; + services.fail2ban.jails = { gitea = '' enabled = true From a6d6b6a39ea1706f87afb0c0d3afe09776067205 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:32 +0100 Subject: [PATCH 13/30] modules: services: matrix: persist data --- modules/services/matrix/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/matrix/default.nix b/modules/services/matrix/default.nix index 52b60c5..87494c9 100644 --- a/modules/services/matrix/default.nix +++ b/modules/services/matrix/default.nix @@ -257,5 +257,9 @@ in config.services.matrix-synapse.dataDir ]; }; + + my.system.persist.directories = [ + config.services.matrix-synapse.dataDir + ]; }; } From d44d7b4c067fa66c7f611193fe805e2ff56dfd2f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:42 +0100 Subject: [PATCH 14/30] modules: services: paperless: persist data --- modules/services/paperless/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/paperless/default.nix b/modules/services/paperless/default.nix index 1ca1f66..702627d 100644 --- a/modules/services/paperless/default.nix +++ b/modules/services/paperless/default.nix @@ -164,5 +164,10 @@ in config.services.paperless.mediaDir ]; }; + + my.system.persist.directories = [ + config.services.paperless-ng.dataDir + config.services.paperless-ng.mediaDir + ]; }; } From 303aff429643a274dfa93dc7aa3007801e5cd7eb Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:58 +0100 Subject: [PATCH 15/30] modules: services: postgresql-backup: persist data --- modules/services/postgresql-backup/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/postgresql-backup/default.nix b/modules/services/postgresql-backup/default.nix index dff5494..3d6c03b 100644 --- a/modules/services/postgresql-backup/default.nix +++ b/modules/services/postgresql-backup/default.nix @@ -24,5 +24,9 @@ in (config.services.postgresqlBackup.location + "/*.prev.sql.gz") ]; }; + + my.system.persist.directories = [ + config.services.postgresqlBackup.location + ]; }; } From 09520a42acbe5b68de03629e73d225dbb8b0b701 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:13:13 +0100 Subject: [PATCH 16/30] modules: services: postgresql: persist data --- modules/services/postgresql/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/services/postgresql/default.nix b/modules/services/postgresql/default.nix index 6f51f3e..175c1ce 100644 --- a/modules/services/postgresql/default.nix +++ b/modules/services/postgresql/default.nix @@ -18,6 +18,13 @@ in }; }) + # Only persist directory if the actual service is enabled + (lib.mkIf config.services.postgresql.enable { + my.system.persist.directories = [ + config.services.postgresql.dataDir + ]; + }) + # Taken from the manual (lib.mkIf cfg.upgradeScript { containers.temp-pg.config.services.postgresql = { From 358574e41787a5e19a5fa55885c3c9d59bf07089 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 14:30:25 +0100 Subject: [PATCH 17/30] modules: services: indexers: persist data --- modules/services/indexers/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/services/indexers/default.nix b/modules/services/indexers/default.nix index fb06a0b..28a7007 100644 --- a/modules/services/indexers/default.nix +++ b/modules/services/indexers/default.nix @@ -34,6 +34,10 @@ in port = jackettPort; } ]; + + my.system.persist.directories = [ + config.services.jackett.dataDir + ]; }) (lib.mkIf cfg.nzbhydra.enable { @@ -47,6 +51,10 @@ in port = nzbhydraPort; } ]; + + my.system.persist.directories = [ + config.services.nzbhydra2.dataDir + ]; }) (lib.mkIf cfg.prowlarr.enable { @@ -61,6 +69,10 @@ in } ]; + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.prowlarr.serviceConfig.StateDirectory}" + ]; + services.fail2ban.jails = { prowlarr = '' enabled = true From 81cd8f085ec937a0cf31cde42d8cd074dec547d6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:05 +0100 Subject: [PATCH 18/30] modules: services: jellyfin: persist data --- modules/services/jellyfin/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/jellyfin/default.nix b/modules/services/jellyfin/default.nix index 2fcf51e..0692dcc 100644 --- a/modules/services/jellyfin/default.nix +++ b/modules/services/jellyfin/default.nix @@ -35,5 +35,9 @@ in }; } ]; + + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.jellyfin.serviceConfig.StateDirectory}" + ]; }; } From 6cad8a541db0d3696058a9226d056a88d6dfdf63 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:12 +0100 Subject: [PATCH 19/30] modules: services: lohr: persist data --- modules/services/lohr/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/lohr/default.nix b/modules/services/lohr/default.nix index 245567c..7aac1ac 100644 --- a/modules/services/lohr/default.nix +++ b/modules/services/lohr/default.nix @@ -104,5 +104,9 @@ in inherit (cfg) port; } ]; + + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.lohr.serviceConfig.StateDirectory}" + ]; }; } From 5f0f7d18d561a2f3bc107567b98ec602e2c57419 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:23 +0100 Subject: [PATCH 20/30] modules: services: navidrome: persist data --- modules/services/navidrome/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/navidrome/default.nix b/modules/services/navidrome/default.nix index 6c001fd..08c6a88 100644 --- a/modules/services/navidrome/default.nix +++ b/modules/services/navidrome/default.nix @@ -53,5 +53,9 @@ in inherit (cfg) port; } ]; + + my.system.persist.directories = [ + "/var/lib/${config.systemd.services.navidrome.serviceConfig.StateDirectory}" + ]; }; } From f019c7b26cc7da6c30adfefb5293a263dde63e8f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:35 +0100 Subject: [PATCH 21/30] modules: services: nextcloud: persist data --- modules/services/nextcloud/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/nextcloud/default.nix b/modules/services/nextcloud/default.nix index 260e73e..b9578f8 100644 --- a/modules/services/nextcloud/default.nix +++ b/modules/services/nextcloud/default.nix @@ -82,5 +82,10 @@ in "${config.services.nextcloud.home}/data/appdata_*/preview" ]; }; + + my.system.persist.directories = [ + config.services.nextcloud.home + config.services.nextcloud.datadir + ]; }; } From b28082995365cb0c5fc1bb640b57741bc87a644d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:20:11 +0100 Subject: [PATCH 22/30] modules: services: podgrab: persist data --- modules/services/podgrab/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/podgrab/default.nix b/modules/services/podgrab/default.nix index 9793d60..2994fc8 100644 --- a/modules/services/podgrab/default.nix +++ b/modules/services/podgrab/default.nix @@ -37,5 +37,10 @@ in inherit (cfg) port; } ]; + + my.system.persist.directories = + builtins.map + (d: "/var/lib/${d}") + config.systemd.services.podgrab.serviceConfig.StateDirectory; }; } From 73dbe296f3d1634cfbf15c7405a2f847c30850b0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:21:42 +0100 Subject: [PATCH 23/30] modules: services: rss-bridge: persist data --- modules/services/rss-bridge/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/rss-bridge/default.nix b/modules/services/rss-bridge/default.nix index 85e37c2..66858dc 100644 --- a/modules/services/rss-bridge/default.nix +++ b/modules/services/rss-bridge/default.nix @@ -20,5 +20,9 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + my.system.persist.directories = [ + config.services.rss-bridge.dataDir + ]; }; } From 704c3ba4f6145e705365b04500d7c0f3e6c479b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:44 +0100 Subject: [PATCH 24/30] modules: services: sabnzbd: persist data --- modules/services/sabnzbd/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/sabnzbd/default.nix b/modules/services/sabnzbd/default.nix index 7ab145f..ef13d4b 100644 --- a/modules/services/sabnzbd/default.nix +++ b/modules/services/sabnzbd/default.nix @@ -25,6 +25,10 @@ in } ]; + my.system.persist.files = [ + config.services.sabnzbd.configFile + ]; + services.fail2ban.jails = { sabnzbd = '' enabled = true From f9e85ad8ff073f443edcf73b91a745a75e57d604 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:50 +0100 Subject: [PATCH 25/30] modules: services: transmission: persist data --- modules/services/transmission/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/transmission/default.nix b/modules/services/transmission/default.nix index 28df477..37e4f0f 100644 --- a/modules/services/transmission/default.nix +++ b/modules/services/transmission/default.nix @@ -91,5 +91,9 @@ in allowedTCPPorts = [ cfg.peerPort ]; allowedUDPPorts = [ cfg.peerPort ]; }; + + my.system.persist.directories = [ + config.services.transmission.home + ]; }; } From 5a84204234230811ea86823b731bb6aa109fdcc7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:37:51 +0100 Subject: [PATCH 26/30] modules: services: nginx: persist SSL certificates --- modules/services/nginx/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/nginx/default.nix b/modules/services/nginx/default.nix index dcaaa0f..a2f357f 100644 --- a/modules/services/nginx/default.nix +++ b/modules/services/nginx/default.nix @@ -470,5 +470,9 @@ in } ]; }; + + my.system.persist.directories = [ + config.users.user.acme.home + ]; }; } From 49bb821db768bbf1da93a9dad9b0dbeedf2470cd Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:40:29 +0100 Subject: [PATCH 27/30] modules: services: monitoring: persist data --- modules/services/monitoring/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/monitoring/default.nix b/modules/services/monitoring/default.nix index 829bfe0..c7489f4 100644 --- a/modules/services/monitoring/default.nix +++ b/modules/services/monitoring/default.nix @@ -131,5 +131,10 @@ in inherit (cfg.grafana) port; } ]; + + my.system.persist.directories = [ + config.services.grafana.dataDir + "/var/lib/${config.services.prometheus.stateDir}" + ]; }; } From c960d91744e1d238267d22259ec05bdb838c4e63 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:58:07 +0100 Subject: [PATCH 28/30] modules: services: pirate: persist data --- modules/services/pirate/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/services/pirate/default.nix b/modules/services/pirate/default.nix index 59f9794..cfabc90 100644 --- a/modules/services/pirate/default.nix +++ b/modules/services/pirate/default.nix @@ -18,6 +18,11 @@ let enable = true; group = "media"; }; + + # Thankfully those old style services all define users with homes + my.system.persist.directories = [ + config.users.user.${service}.home + ]; }; mkRedirection = service: { From b535717ab43e53b879d7a4d20e34ad420952a9b6 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 21:51:04 +0100 Subject: [PATCH 29/30] modules: services: quassel: persist data --- modules/services/quassel/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/services/quassel/default.nix b/modules/services/quassel/default.nix index ec686e1..18d084a 100644 --- a/modules/services/quassel/default.nix +++ b/modules/services/quassel/default.nix @@ -46,5 +46,9 @@ in # Because Quassel does not use the socket, I simply trust its connection authentication = "host quassel quassel localhost trust"; }; + + my.system.persist.directories = [ + config.services.quassel.dataDir + ]; }; } From d9eeeb5b5220ae13a7d0c338ea29e2c5de93d748 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 21 Sep 2023 15:55:56 +0000 Subject: [PATCH 30/30] WIP: add notes for missing persistence/backup TODO: * Look at for more inspiration https://github.com/nix-community/impermanence/pull/108 * Do home-manager * Common files https://github.com/nix-community/impermanence/issues/10 --- modules/services/grocy/default.nix | 3 +++ modules/services/miniflux/default.nix | 3 +++ modules/services/tandoor-recipes/default.nix | 3 +++ modules/services/vikunja/default.nix | 2 ++ modules/system/persist/default.nix | 1 + 5 files changed, 12 insertions(+) diff --git a/modules/services/grocy/default.nix b/modules/services/grocy/default.nix index 87927d6..4a3183e 100644 --- a/modules/services/grocy/default.nix +++ b/modules/services/grocy/default.nix @@ -36,5 +36,8 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + # FIXME: backup + # FIXME: persistence }; } diff --git a/modules/services/miniflux/default.nix b/modules/services/miniflux/default.nix index 6d9ffc8..4667912 100644 --- a/modules/services/miniflux/default.nix +++ b/modules/services/miniflux/default.nix @@ -49,5 +49,8 @@ in inherit (cfg) port; } ]; + + # FIXME: backup + # FIXME: persistence }; } diff --git a/modules/services/tandoor-recipes/default.nix b/modules/services/tandoor-recipes/default.nix index d78bef3..82350d7 100644 --- a/modules/services/tandoor-recipes/default.nix +++ b/modules/services/tandoor-recipes/default.nix @@ -75,5 +75,8 @@ in inherit (cfg) port; } ]; + + # FIXME: backup + # FIXME: persistence }; } diff --git a/modules/services/vikunja/default.nix b/modules/services/vikunja/default.nix index 1cdef5f..076dd4a 100644 --- a/modules/services/vikunja/default.nix +++ b/modules/services/vikunja/default.nix @@ -119,5 +119,7 @@ in config.services.vikunja.settings.files.basepath ]; }; + + # FIXME: persistence }; } diff --git a/modules/system/persist/default.nix b/modules/system/persist/default.nix index 4c0682c..18302f3 100644 --- a/modules/system/persist/default.nix +++ b/modules/system/persist/default.nix @@ -60,6 +60,7 @@ in ++ (lib.optionals config.virtualisation.docker.enable [ "/var/lib/docker" ]) + # FIXME: podman ++ cfg.directories ; };