From 9fc7d324812abc8b8aa65b7da7437a4a2b3b0fe3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 12:50:29 +0000 Subject: [PATCH 01/52] home: tmux: add sloppy window switching bindings Another set of bindings which were setup by `tmux-sensible`, that I want to enable explicitly to avoid issues when it is disabled by default. --- modules/home/tmux/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/home/tmux/default.nix b/modules/home/tmux/default.nix index 23dff05..ca99fdc 100644 --- a/modules/home/tmux/default.nix +++ b/modules/home/tmux/default.nix @@ -84,6 +84,10 @@ in # Refresh configuration bind-key -N "Source tmux.conf" R source-file ${config.xdg.configHome}/tmux/tmux.conf \; display-message "Sourced tmux.conf!" + # Accept sloppy Ctrl key when switching windows, on top of default mapping + bind-key -N "Select the previous window" C-p previous-window + bind-key -N "Select the next window" C-n next -window + # Better vim mode bind-key -T copy-mode-vi 'v' send -X begin-selection ${ From e03db8642a57b52c18e05b4862eab9eb5cd4029d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 19:58:50 +0000 Subject: [PATCH 02/52] nixos: system: packages: remove 'wget' --- modules/nixos/system/packages/default.nix | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/modules/nixos/system/packages/default.nix b/modules/nixos/system/packages/default.nix index ebea06f..6a78ff6 100644 --- a/modules/nixos/system/packages/default.nix +++ b/modules/nixos/system/packages/default.nix @@ -1,5 +1,5 @@ # Common packages -{ config, lib, pkgs, ... }: +{ config, lib, ... }: let cfg = config.my.system.packages; in @@ -13,10 +13,6 @@ in }; config = lib.mkIf cfg.enable { - environment.systemPackages = with pkgs; [ - wget - ]; - programs = { vim = { enable = true; From 7b21943693845d9675858b0a685b7056b9e0178d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:46:39 +0000 Subject: [PATCH 03/52] nixos: services: grocy: backup data --- modules/nixos/services/grocy/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix index 9045b03..3f04959 100644 --- a/modules/nixos/services/grocy/default.nix +++ b/modules/nixos/services/grocy/default.nix @@ -37,6 +37,12 @@ in useACMEHost = config.networking.domain; }; + my.services.backup = { + paths = [ + config.services.grocy.dataDir + ]; + }; + # NOTE: unfortunately grocy does not log connection failures for fail2ban }; } From 1dcf5a1f1c75a7b099db49328a9d054bef08c7b8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:06 +0000 Subject: [PATCH 04/52] nixos: services: mealie: backup data --- modules/nixos/services/mealie/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/mealie/default.nix b/modules/nixos/services/mealie/default.nix index 664d5ba..630231f 100644 --- a/modules/nixos/services/mealie/default.nix +++ b/modules/nixos/services/mealie/default.nix @@ -72,6 +72,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/mealie" + ]; + }; + services.fail2ban.jails = { mealie = '' enabled = true From e40247ed8180c6fd523dc582499258838364faaf Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:51 +0000 Subject: [PATCH 05/52] nixos: services: tandoor-recipes: backup data --- modules/nixos/services/tandoor-recipes/default.nix | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 3447bee..219f4b9 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -83,6 +83,12 @@ in }; }; + my.services.backup = { + paths = [ + "/var/lib/tandoor-recipes" + ]; + }; + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } From 99a3bd25873dd55c3540fdd90e34499bad73bd4d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 11 Nov 2023 18:35:24 +0000 Subject: [PATCH 06/52] flake: add 'impermanence' --- flake.lock | 17 +++++++++++++++++ flake.nix | 7 +++++++ 2 files changed, 24 insertions(+) diff --git a/flake.lock b/flake.lock index cd3f50c..55d50b0 100644 --- a/flake.lock +++ b/flake.lock @@ -150,6 +150,22 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1697303681, + "narHash": "sha256-caJ0rXeagaih+xTgRduYtYKL1rZ9ylh06CIrt1w5B4g=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "0f317c2e9e56550ce12323eb39302d251618f5b5", + "type": "github" + }, + "original": { + "owner": "nix-community", + "ref": "master", + "repo": "impermanence", + "type": "github" + } + }, "nixpkgs": { "locked": { "lastModified": 1732521221, @@ -214,6 +230,7 @@ "flake-parts": "flake-parts", "futils": "futils", "home-manager": "home-manager", + "impermanence": "impermanence", "nixpkgs": "nixpkgs", "nur": "nur", "pre-commit-hooks": "pre-commit-hooks", diff --git a/flake.nix b/flake.nix index a07ee15..5a5b0ef 100644 --- a/flake.nix +++ b/flake.nix @@ -43,6 +43,13 @@ }; }; + impermanence = { + type = "github"; + owner = "nix-community"; + repo = "impermanence"; + ref = "master"; + }; + nixpkgs = { type = "github"; owner = "NixOS"; From fa732c88e414a5653db62fdb67feee322cacd8b2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 13:52:04 +0200 Subject: [PATCH 07/52] WIP: nixos: system: add persist This is the module that takes care of configuring impermanence at the system level. WIP: * address FIXMEs * activate home-manager persistence? * set `programs.fuse.userAllowOther = true;` ? * point `age` to persisted paths [1] ? * make sure all services and modules are persisted correctly... [1]: https://github.com/lovesegfault/nix-config/commit/b1d18d25b8cc1e50c521020442b907de377a147d --- modules/nixos/system/default.nix | 1 + modules/nixos/system/persist/default.nix | 66 ++++++++++++++++++++++++ 2 files changed, 67 insertions(+) create mode 100644 modules/nixos/system/persist/default.nix diff --git a/modules/nixos/system/default.nix b/modules/nixos/system/default.nix index e6fb25b..3531847 100644 --- a/modules/nixos/system/default.nix +++ b/modules/nixos/system/default.nix @@ -9,6 +9,7 @@ ./language ./nix ./packages + ./persist ./podman ./polkit ./printing diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix new file mode 100644 index 0000000..e0a1eeb --- /dev/null +++ b/modules/nixos/system/persist/default.nix @@ -0,0 +1,66 @@ +# Ephemeral root configuration +{ config, inputs, lib, ... }: +let + cfg = config.my.system.persist; +in +{ + imports = [ + inputs.impermanence.nixosModules.impermanence + ]; + + options.my.system.persist = with lib; { + enable = mkEnableOption "stateless system configuration"; + + mountPoint = lib.mkOption { + type = types.str; + default = "/persistent"; + example = "/etc/nix/persist"; + description = '' + Which mount point should be used to persist this system's files and + directories. + ''; + }; + + files = lib.mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + "/etc/nix/id_rsa" + ]; + description = '' + Additional files in the root to link to persistent storage. + ''; + }; + + directories = lib.mkOption { + type = with types; listOf str; + default = [ ]; + example = [ + "/var/lib/libvirt" + ]; + description = '' + Additional directories in the root to link to persistent storage. + ''; + }; + }; + + config = lib.mkIf cfg.enable { + environment.persistence."${cfg.mountPoint}" = { + files = [ + "/etc/machine-id" # Machine-specific ID + "/etc/adjtime" # Clock drift factor and offsets + ] + ++ cfg.files + ; + + directories = [ + "/etc/nixos" # In case it's storage directory of our configuration + "/var/log" # Logs + "/var/lib/nixos" # UID/GID maps + "/var/lib/systemd/coredump" # Coredumps + ] + ++ cfg.directories + ; + }; + }; +} From 2a20ecbd1e4282ed6d21b21936e3b5a17509ca3e Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 29 Nov 2024 22:24:38 +0000 Subject: [PATCH 08/52] nixos: system: persist: filter unique entries To make sure that different modules configuring the same values don't run into any issues (e.g: download clients sharing a download directory). --- modules/nixos/system/persist/default.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index e0a1eeb..212f902 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -50,7 +50,7 @@ in "/etc/machine-id" # Machine-specific ID "/etc/adjtime" # Clock drift factor and offsets ] - ++ cfg.files + ++ lib.unique cfg.files ; directories = [ @@ -59,7 +59,7 @@ in "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" # Coredumps ] - ++ cfg.directories + ++ lib.unique cfg.directories ; }; }; From 55fd694c69728ccd5c8f9fe8f0fbab3080b12a9f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Nov 2024 14:53:34 +0000 Subject: [PATCH 09/52] nixos: system: docker: persist data --- modules/nixos/system/docker/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/system/docker/default.nix b/modules/nixos/system/docker/default.nix index f051814..cab9fb5 100644 --- a/modules/nixos/system/docker/default.nix +++ b/modules/nixos/system/docker/default.nix @@ -23,5 +23,9 @@ in ]; }; }; + + my.system.persist.directories = [ + "/var/lib/docker" + ]; }; } From 257c0675e26b19c951bcc646997475d9d576df4f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 7 Nov 2024 14:53:50 +0000 Subject: [PATCH 10/52] nixos: system: podman: persist data --- modules/nixos/system/podman/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/system/podman/default.nix b/modules/nixos/system/podman/default.nix index 52630c7..8400dfd 100644 --- a/modules/nixos/system/podman/default.nix +++ b/modules/nixos/system/podman/default.nix @@ -44,5 +44,9 @@ in ]; }; }; + + my.system.persist.directories = [ + "/var/lib/containers" + ]; }; } From 8607b3c57783a469cb798b3acea7101a086b3911 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:06:26 +0200 Subject: [PATCH 11/52] nixos: hardware: bluetooth: persist connections --- modules/nixos/hardware/bluetooth/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/hardware/bluetooth/default.nix b/modules/nixos/hardware/bluetooth/default.nix index e9b1991..efce5c4 100644 --- a/modules/nixos/hardware/bluetooth/default.nix +++ b/modules/nixos/hardware/bluetooth/default.nix @@ -18,6 +18,13 @@ in services.blueman.enable = true; } + # Persist bluetooth files + { + my.system.persist.directories = [ + "/var/lib/bluetooth" + ]; + } + # Support for additional bluetooth codecs (lib.mkIf cfg.loadExtraCodecs { hardware.pulseaudio = { From 2f3b9950e19056bcc98245956fe8d7897c699cae Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:06:03 +0200 Subject: [PATCH 12/52] nixos: hardware: networking persist connections --- modules/nixos/hardware/networking/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/nixos/hardware/networking/default.nix b/modules/nixos/hardware/networking/default.nix index f0806fe..dac5e9a 100644 --- a/modules/nixos/hardware/networking/default.nix +++ b/modules/nixos/hardware/networking/default.nix @@ -22,6 +22,16 @@ in config = lib.mkMerge [ (lib.mkIf cfg.wireless.enable { networking.networkmanager.enable = true; + + # Persist NetworkManager files + my.system.persist.files = [ + "/var/lib/NetworkManager/secret_key" + "/var/lib/NetworkManager/seen-bssids" + "/var/lib/NetworkManager/timestamps" + ]; + my.system.persist.directories = [ + "/etc/NetworkManager/system-connections" + ]; }) ]; } From 4e2055da7f38abf60acad58e2716e2153aa913be Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:05:42 +0200 Subject: [PATCH 13/52] nixos: services: ssh-server: persist host keys --- modules/nixos/services/ssh-server/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/ssh-server/default.nix b/modules/nixos/services/ssh-server/default.nix index 9ae0fa8..c4d1fd6 100644 --- a/modules/nixos/services/ssh-server/default.nix +++ b/modules/nixos/services/ssh-server/default.nix @@ -20,6 +20,13 @@ in }; }; + # Persist SSH keys + my.system.persist.files = + let + pubAndPrivKey = key: [ key.path "${key.path}.pub" ]; + in + lib.concatMap pubAndPrivKey config.services.openssh.hostKeys; + # Opens the relevant UDP ports. programs.mosh.enable = true; }; From ef88c7561ba1387c3ebb80f4c9bb1703b6d506c3 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:45:43 +0000 Subject: [PATCH 14/52] nixos: services: aria: persist data --- modules/nixos/services/aria/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/aria/default.nix b/modules/nixos/services/aria/default.nix index acbf0b7..be35909 100644 --- a/modules/nixos/services/aria/default.nix +++ b/modules/nixos/services/aria/default.nix @@ -69,6 +69,11 @@ in }; }; + my.system.persist.directories = [ + cfg.downloadDir + "/var/lib/aria2" + ]; + # NOTE: unfortunately aria2 does not log connection failures for fail2ban }; } From 4fb244764896acc9d945f3ab095b18787630a84f Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:45:58 +0000 Subject: [PATCH 15/52] nixos: services: audiobookshelf: persist data --- modules/nixos/services/audiobookshelf/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/audiobookshelf/default.nix b/modules/nixos/services/audiobookshelf/default.nix index 04ec8b9..5e79990 100644 --- a/modules/nixos/services/audiobookshelf/default.nix +++ b/modules/nixos/services/audiobookshelf/default.nix @@ -34,6 +34,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/${config.services.audiobookshelf.dataDir}" + ]; + services.fail2ban.jails = { audiobookshelf = '' enabled = true From 7d8a18c968501852e9d5f5b7cf80a821d214d5c9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 22 Oct 2021 14:19:57 +0200 Subject: [PATCH 16/52] nixos: services: blog: persist website data --- modules/nixos/services/blog/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/blog/default.nix b/modules/nixos/services/blog/default.nix index e4d2d42..aadc4f0 100644 --- a/modules/nixos/services/blog/default.nix +++ b/modules/nixos/services/blog/default.nix @@ -41,5 +41,12 @@ in # Those are all subdomains, no problem my.services.nginx.virtualHosts = hostsInfo; + + my.system.persist.directories = [ + "/var/www/blog" + "/var/www/cv" + "/var/www/dev" + "/var/www/key" + ]; }; } From 5c5738e1d847e4a3f31c854d36477cc353441dd9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:05 +0100 Subject: [PATCH 17/52] nixos: services: calibre-web: persist library --- modules/nixos/services/calibre-web/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/calibre-web/default.nix b/modules/nixos/services/calibre-web/default.nix index b7bf9df..8a8af33 100644 --- a/modules/nixos/services/calibre-web/default.nix +++ b/modules/nixos/services/calibre-web/default.nix @@ -53,6 +53,11 @@ in ]; }; + my.system.persist.directories = [ + "/var/lib/${config.services.calibre-web.dataDir}" + cfg.libraryPath + ]; + services.fail2ban.jails = { calibre-web = '' enabled = true From 5f607efee8fe5076f72968b07abdb1dcdd674af9 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:46:13 +0000 Subject: [PATCH 18/52] nixos: services: fail2ban: persist data --- modules/nixos/services/fail2ban/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/fail2ban/default.nix b/modules/nixos/services/fail2ban/default.nix index be5f7da..8dcc80d 100644 --- a/modules/nixos/services/fail2ban/default.nix +++ b/modules/nixos/services/fail2ban/default.nix @@ -33,5 +33,9 @@ in bantime = "10m"; }; }; + + my.system.persist.directories = [ + "/var/lib/fail2ban" + ]; }; } From bdc008d0fca4726dc41042b4ab56b7798df991d8 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:46:25 +0000 Subject: [PATCH 19/52] nixos: services: flood: persist data --- modules/nixos/services/flood/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/flood/default.nix b/modules/nixos/services/flood/default.nix index f3fe90b..b129617 100644 --- a/modules/nixos/services/flood/default.nix +++ b/modules/nixos/services/flood/default.nix @@ -28,6 +28,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/flood" + ]; + # NOTE: unfortunately flood does not log connection failures for fail2ban }; } From 82e56bf80c58d639f4f1763e15b2336ae7e23eca Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Tue, 2 Jul 2024 16:31:54 +0000 Subject: [PATCH 20/52] nixos: services: forgejo: persist repositories --- modules/nixos/services/forgejo/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/forgejo/default.nix b/modules/nixos/services/forgejo/default.nix index 511724b..b7cc0c5 100644 --- a/modules/nixos/services/forgejo/default.nix +++ b/modules/nixos/services/forgejo/default.nix @@ -147,6 +147,11 @@ in ]; }; + my.system.persist.directories = [ + config.services.forgejo.lfs.contentDir + config.services.forgejo.repositoryRoot + ]; + services.fail2ban.jails = { forgejo = '' enabled = true From fc98fe2b3ececa983e08a1ed38139dfdd99dca4d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:28 +0100 Subject: [PATCH 21/52] nixos: services: gitea: persist repositories --- modules/nixos/services/gitea/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/gitea/default.nix b/modules/nixos/services/gitea/default.nix index 95bdf42..76de5dd 100644 --- a/modules/nixos/services/gitea/default.nix +++ b/modules/nixos/services/gitea/default.nix @@ -131,6 +131,11 @@ in ]; }; + my.system.persist.directories = [ + config.services.gitea.lfs.contentDir + config.services.gitea.repositoryRoot + ]; + services.fail2ban.jails = { gitea = '' enabled = true From b8f4dd33ee68d468fbc123274920b58b30469990 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:46:39 +0000 Subject: [PATCH 22/52] nixos: services: grocy: persist data --- modules/nixos/services/grocy/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/grocy/default.nix b/modules/nixos/services/grocy/default.nix index 3f04959..57295f1 100644 --- a/modules/nixos/services/grocy/default.nix +++ b/modules/nixos/services/grocy/default.nix @@ -43,6 +43,10 @@ in ]; }; + my.system.persist.directories = [ + config.services.grocy.dataDir + ]; + # NOTE: unfortunately grocy does not log connection failures for fail2ban }; } From 4569fe8a2983d74ffaf5ce9a07599c1fa7d33459 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 14:30:25 +0100 Subject: [PATCH 23/52] nixos: services: indexers: persist data --- modules/nixos/services/indexers/default.nix | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/modules/nixos/services/indexers/default.nix b/modules/nixos/services/indexers/default.nix index 8a42345..58f845d 100644 --- a/modules/nixos/services/indexers/default.nix +++ b/modules/nixos/services/indexers/default.nix @@ -33,6 +33,10 @@ in port = jackettPort; }; }; + + my.system.persist.directories = [ + config.services.jackett.dataDir + ]; }) (lib.mkIf cfg.nzbhydra.enable { @@ -45,6 +49,10 @@ in port = nzbhydraPort; }; }; + + my.system.persist.directories = [ + config.services.nzbhydra2.dataDir + ]; }) (lib.mkIf cfg.prowlarr.enable { @@ -58,6 +66,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/prowlarr" + ]; + services.fail2ban.jails = { prowlarr = '' enabled = true From e4916ddb880e298478abb1f04a9a56df1cac4264 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:05 +0100 Subject: [PATCH 24/52] nixos: services: jellyfin: persist data --- modules/nixos/services/jellyfin/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/jellyfin/default.nix b/modules/nixos/services/jellyfin/default.nix index 6edeb67..3a421ec 100644 --- a/modules/nixos/services/jellyfin/default.nix +++ b/modules/nixos/services/jellyfin/default.nix @@ -38,6 +38,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/jellyfin" + ]; + services.fail2ban.jails = { jellyfin = '' enabled = true From 6f27b1578106193f39c6dc4bda50b3a8823bea5d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:46:55 +0000 Subject: [PATCH 25/52] nixos: services: komga: persist data --- modules/nixos/services/komga/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/komga/default.nix b/modules/nixos/services/komga/default.nix index e1dc780..15e4fbb 100644 --- a/modules/nixos/services/komga/default.nix +++ b/modules/nixos/services/komga/default.nix @@ -36,6 +36,10 @@ in }; }; + my.system.persist.directories = [ + config.services.komga.stateDir + ]; + services.fail2ban.jails = { komga = '' enabled = true From c7cc887322318b9c6c43bf921f367d44f230c86b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:12 +0100 Subject: [PATCH 26/52] nixos: services: lohr: persist data --- modules/nixos/services/lohr/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix index 21ed93b..c69075f 100644 --- a/modules/nixos/services/lohr/default.nix +++ b/modules/nixos/services/lohr/default.nix @@ -107,5 +107,9 @@ in }; }; }; + + my.system.persist.directories = [ + "/var/lib/lohr" + ]; }; } From 370c8354da3aab30defadab13a8d4bb0f38320e7 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:32 +0100 Subject: [PATCH 27/52] nixos: services: matrix: persist data --- modules/nixos/services/matrix/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/matrix/default.nix b/modules/nixos/services/matrix/default.nix index f423834..cb41a0f 100644 --- a/modules/nixos/services/matrix/default.nix +++ b/modules/nixos/services/matrix/default.nix @@ -214,5 +214,9 @@ in config.services.matrix-synapse.dataDir ]; }; + + my.system.persist.directories = [ + config.services.matrix-synapse.dataDir + ]; }; } From 629e5d99f5863255551badbba9442c2c16be2885 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:40:29 +0100 Subject: [PATCH 28/52] nixos: services: monitoring: persist data --- modules/nixos/services/monitoring/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/monitoring/default.nix b/modules/nixos/services/monitoring/default.nix index 49919c1..4415cb5 100644 --- a/modules/nixos/services/monitoring/default.nix +++ b/modules/nixos/services/monitoring/default.nix @@ -130,5 +130,10 @@ in inherit (cfg.grafana) port; }; }; + + my.system.persist.directories = [ + config.services.grafana.dataDir + "/var/lib/${config.services.prometheus.stateDir}" + ]; }; } From 178f6825c0313fc6dbd28dd15817e8db226bb913 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:23 +0100 Subject: [PATCH 29/52] nixos: services: navidrome: persist data --- modules/nixos/services/navidrome/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/navidrome/default.nix b/modules/nixos/services/navidrome/default.nix index c513b91..0fc3539 100644 --- a/modules/nixos/services/navidrome/default.nix +++ b/modules/nixos/services/navidrome/default.nix @@ -53,6 +53,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/navidrome" + ]; + services.fail2ban.jails = { navidrome = '' enabled = true From 260f1e9b5cbe2354706ea147cf39749bd5647b1d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:37:51 +0100 Subject: [PATCH 30/52] nixos: services: nginx: persist SSL certificates --- modules/nixos/services/nginx/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/nginx/default.nix b/modules/nixos/services/nginx/default.nix index 3bba9f4..ab69efd 100644 --- a/modules/nixos/services/nginx/default.nix +++ b/modules/nixos/services/nginx/default.nix @@ -486,5 +486,9 @@ in } ]; }; + + my.system.persist.directories = [ + "/var/lib/acme" + ]; }; } From 0dccde9edfb71f78038494b12357e0be87aaa863 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:11:35 +0100 Subject: [PATCH 31/52] nixos: services: nextcloud: persist data --- modules/nixos/services/nextcloud/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/nextcloud/default.nix b/modules/nixos/services/nextcloud/default.nix index fe94177..5452dac 100644 --- a/modules/nixos/services/nextcloud/default.nix +++ b/modules/nixos/services/nextcloud/default.nix @@ -92,6 +92,10 @@ in ]; }; + my.system.persist.directories = [ + config.services.nextcloud.home + ]; + services.fail2ban.jails = { nextcloud = '' enabled = true From b8325e8ea7dd703fa1848956efd75f058c9a0866 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:42 +0100 Subject: [PATCH 32/52] nixos: services: paperless: persist data --- modules/nixos/services/paperless/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/paperless/default.nix b/modules/nixos/services/paperless/default.nix index c8967e1..0754721 100644 --- a/modules/nixos/services/paperless/default.nix +++ b/modules/nixos/services/paperless/default.nix @@ -146,5 +146,10 @@ in config.services.paperless.mediaDir ]; }; + + my.system.persist.directories = [ + config.services.paperless.dataDir + config.services.paperless.mediaDir + ]; }; } From a1bc64cf48d732458416b1b60727a3ed15fab345 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:24 +0000 Subject: [PATCH 33/52] nixos: services: pdf-edit: persist data --- modules/nixos/services/pdf-edit/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/pdf-edit/default.nix b/modules/nixos/services/pdf-edit/default.nix index d59507b..180e520 100644 --- a/modules/nixos/services/pdf-edit/default.nix +++ b/modules/nixos/services/pdf-edit/default.nix @@ -54,6 +54,10 @@ in }; }; + my.system.persist.directories = [ + "/var/lib/stirling-pdf" + ]; + services.fail2ban.jails = { stirling-pdf = '' enabled = true From f860452c1c3612adf22ec82b41fce33581102987 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:58:07 +0100 Subject: [PATCH 34/52] nixos: services: servarr: persist data --- modules/nixos/services/servarr/default.nix | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/modules/nixos/services/servarr/default.nix b/modules/nixos/services/servarr/default.nix index e25d9cf..c0f57df 100644 --- a/modules/nixos/services/servarr/default.nix +++ b/modules/nixos/services/servarr/default.nix @@ -19,6 +19,16 @@ let enable = true; group = "media"; }; + + my.system.persist.directories = + let + # Bazarr breaks the mold unfortunately + dataDir = + if service != "bazarr" + then config.services.${service}.dataDir + else "/var/lib/bazarr"; + in + [ dataDir ]; }; mkRedirection = service: { From aa6baa82e8e0fc579327941a22c8af0f3c78b689 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:20:11 +0100 Subject: [PATCH 35/52] nixos: services: podgrab: persist data --- modules/nixos/services/podgrab/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/podgrab/default.nix b/modules/nixos/services/podgrab/default.nix index 3ced8d3..ec6ecb2 100644 --- a/modules/nixos/services/podgrab/default.nix +++ b/modules/nixos/services/podgrab/default.nix @@ -51,5 +51,10 @@ in inherit (cfg) port; }; }; + + my.system.persist.directories = [ + config.systemd.services.podgrab.environment.CONFIG + config.systemd.services.podgrab.environment.DATA + ]; }; } From 1f6c40c3ebe91e6870e60ee866f4cd8b56686278 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:13:13 +0100 Subject: [PATCH 36/52] nixos: services: postgresql: persist data --- modules/nixos/services/postgresql/default.nix | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/modules/nixos/services/postgresql/default.nix b/modules/nixos/services/postgresql/default.nix index bbe46d4..cea4c88 100644 --- a/modules/nixos/services/postgresql/default.nix +++ b/modules/nixos/services/postgresql/default.nix @@ -18,6 +18,13 @@ in }; }) + # Only persist directory if the actual service is enabled + (lib.mkIf config.services.postgresql.enable { + my.system.persist.directories = [ + config.services.postgresql.dataDir + ]; + }) + # Taken from the manual (lib.mkIf cfg.upgradeScript { environment.systemPackages = From b376366d7bc6ea1d75234ca64b7f6d13bd04fd7a Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 17:12:58 +0100 Subject: [PATCH 37/52] nixos: services: postgresql-backup: persist data --- modules/nixos/services/postgresql-backup/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/postgresql-backup/default.nix b/modules/nixos/services/postgresql-backup/default.nix index dff5494..3d6c03b 100644 --- a/modules/nixos/services/postgresql-backup/default.nix +++ b/modules/nixos/services/postgresql-backup/default.nix @@ -24,5 +24,9 @@ in (config.services.postgresqlBackup.location + "/*.prev.sql.gz") ]; }; + + my.system.persist.directories = [ + config.services.postgresqlBackup.location + ]; }; } From 795026e918c1a68afdd2a8cecff9cb0d931ae958 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:37 +0000 Subject: [PATCH 38/52] nixos: services: pyload: persist data --- modules/nixos/services/pyload/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/pyload/default.nix b/modules/nixos/services/pyload/default.nix index 7257d0f..ec5042b 100644 --- a/modules/nixos/services/pyload/default.nix +++ b/modules/nixos/services/pyload/default.nix @@ -53,6 +53,11 @@ in }; }; + my.system.persist.directories = [ + cfg.downloadDirectory + "/var/lib/pyload" + ]; + services.fail2ban.jails = { pyload = '' enabled = true From 31c20c5b1b5d83efe2db82ca140e5749663edf01 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 21:51:04 +0100 Subject: [PATCH 39/52] nixos: services: quassel: persist data --- modules/nixos/services/quassel/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/quassel/default.nix b/modules/nixos/services/quassel/default.nix index 695f9e0..0065195 100644 --- a/modules/nixos/services/quassel/default.nix +++ b/modules/nixos/services/quassel/default.nix @@ -46,5 +46,9 @@ in # Because Quassel does not use the socket, I simply trust its connection authentication = "host quassel quassel localhost trust"; }; + + my.system.persist.directories = [ + config.services.quassel.dataDir + ]; }; } From 217c69cc9f17aebd4231155caee27b86c7e901f5 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:21:42 +0100 Subject: [PATCH 40/52] nixos: services: rss-bridge: persist data --- modules/nixos/services/rss-bridge/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/rss-bridge/default.nix b/modules/nixos/services/rss-bridge/default.nix index 52b1030..977b431 100644 --- a/modules/nixos/services/rss-bridge/default.nix +++ b/modules/nixos/services/rss-bridge/default.nix @@ -22,5 +22,9 @@ in forceSSL = true; useACMEHost = config.networking.domain; }; + + my.system.persist.directories = [ + config.services.rss-bridge.dataDir + ]; }; } From 4c12fc00947dc6bd0e470c190d992f138d122dcc Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:44 +0100 Subject: [PATCH 41/52] nixos: services: sabnzbd: persist data --- modules/nixos/services/sabnzbd/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/sabnzbd/default.nix b/modules/nixos/services/sabnzbd/default.nix index 9e0d9c3..86202ab 100644 --- a/modules/nixos/services/sabnzbd/default.nix +++ b/modules/nixos/services/sabnzbd/default.nix @@ -24,6 +24,10 @@ in }; }; + my.system.persist.files = [ + config.services.sabnzbd.configFile + ]; + services.fail2ban.jails = { sabnzbd = '' enabled = true From 6b78d89065e7e18e8c0d0348e672f061b57d72c0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 21:47:51 +0000 Subject: [PATCH 42/52] nixos: services: tandoor-recipes: persist data --- modules/nixos/services/tandoor-recipes/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/tandoor-recipes/default.nix b/modules/nixos/services/tandoor-recipes/default.nix index 219f4b9..0bfa9fe 100644 --- a/modules/nixos/services/tandoor-recipes/default.nix +++ b/modules/nixos/services/tandoor-recipes/default.nix @@ -89,6 +89,10 @@ in ]; }; + my.system.persist.directories = [ + "/var/lib/tandoor-recipes" + ]; + # NOTE: unfortunately tandoor-recipes does not log connection failures for fail2ban }; } From a0b91a5d1803e1fcbdbd59ca606f60e105c3c675 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Fri, 5 Nov 2021 15:25:50 +0100 Subject: [PATCH 43/52] nixos: services: transmission: persist data --- modules/nixos/services/transmission/default.nix | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/modules/nixos/services/transmission/default.nix b/modules/nixos/services/transmission/default.nix index ac8b24d..a5393eb 100644 --- a/modules/nixos/services/transmission/default.nix +++ b/modules/nixos/services/transmission/default.nix @@ -91,6 +91,11 @@ in allowedUDPPorts = [ cfg.peerPort ]; }; + my.system.persist.directories = [ + cfg.downloadBase + config.services.transmission.home + ]; + # NOTE: unfortunately transmission does not log connection failures for fail2ban }; } From ac9eeea26de385a24bacabd3753fc3b65d795d88 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:16 +0100 Subject: [PATCH 44/52] nixos: services: vikunja: persist data --- modules/nixos/services/vikunja/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix index 2753da3..d902449 100644 --- a/modules/nixos/services/vikunja/default.nix +++ b/modules/nixos/services/vikunja/default.nix @@ -100,6 +100,10 @@ in ]; }; + my.system.persist.directories = [ + config.services.vikunja.settings.files.basepath + ]; + # NOTE: unfortunately vikunja does not log connection failures for fail2ban }; } From 489802efbef40e576bbde3806f4e63e4c6683534 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 3 Nov 2021 14:43:16 +0100 Subject: [PATCH 45/52] WIP: add notes for missing persistence/backup TODO: * Do home-manager * Look at for more inspiration github.com:nix-community/impermanence/pull/108 * Common files github.com:nix-community/impermanence/issues/10 * Useful config: github.com:chayleaf/dotfiles/blob/f77271b249e0c08368573c22a5c34f0737d3a766/system/modules/impermanence.nix --- modules/nixos/services/drone/runner-docker/default.nix | 2 ++ modules/nixos/services/drone/runner-exec/default.nix | 2 ++ modules/nixos/services/drone/server/default.nix | 2 ++ modules/nixos/services/nextcloud/collabora.nix | 2 ++ modules/nixos/services/woodpecker/agent-docker/default.nix | 2 ++ modules/nixos/services/woodpecker/agent-exec/default.nix | 2 ++ modules/nixos/services/woodpecker/server/default.nix | 2 ++ modules/nixos/system/printing/default.nix | 2 ++ 8 files changed, 16 insertions(+) diff --git a/modules/nixos/services/drone/runner-docker/default.nix b/modules/nixos/services/drone/runner-docker/default.nix index e53c608..1db263b 100644 --- a/modules/nixos/services/drone/runner-docker/default.nix +++ b/modules/nixos/services/drone/runner-docker/default.nix @@ -39,5 +39,7 @@ in extraGroups = [ "docker" ]; # Give access to the daemon }; users.groups.drone-runner-docker = { }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/drone/runner-exec/default.nix b/modules/nixos/services/drone/runner-exec/default.nix index a9bb563..c30a1a2 100644 --- a/modules/nixos/services/drone/runner-exec/default.nix +++ b/modules/nixos/services/drone/runner-exec/default.nix @@ -63,5 +63,7 @@ in group = "drone-runner-exec"; }; users.groups.drone-runner-exec = { }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/drone/server/default.nix b/modules/nixos/services/drone/server/default.nix index a3a1e49..b5d5df7 100644 --- a/modules/nixos/services/drone/server/default.nix +++ b/modules/nixos/services/drone/server/default.nix @@ -50,5 +50,7 @@ in inherit (cfg) port; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/nextcloud/collabora.nix b/modules/nixos/services/nextcloud/collabora.nix index f8f42a7..dce1a99 100644 --- a/modules/nixos/services/nextcloud/collabora.nix +++ b/modules/nixos/services/nextcloud/collabora.nix @@ -46,5 +46,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/agent-docker/default.nix b/modules/nixos/services/woodpecker/agent-docker/default.nix index 79d3299..2e74b67 100644 --- a/modules/nixos/services/woodpecker/agent-docker/default.nix +++ b/modules/nixos/services/woodpecker/agent-docker/default.nix @@ -38,5 +38,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/agent-exec/default.nix b/modules/nixos/services/woodpecker/agent-exec/default.nix index 24161b0..4210242 100644 --- a/modules/nixos/services/woodpecker/agent-exec/default.nix +++ b/modules/nixos/services/woodpecker/agent-exec/default.nix @@ -62,5 +62,7 @@ in ]; }; }; + + # FIXME: persistence? }; } diff --git a/modules/nixos/services/woodpecker/server/default.nix b/modules/nixos/services/woodpecker/server/default.nix index adf533e..5d25284 100644 --- a/modules/nixos/services/woodpecker/server/default.nix +++ b/modules/nixos/services/woodpecker/server/default.nix @@ -61,5 +61,7 @@ in port = cfg.rpcPort; }; }; + + # FIXME: persistence }; } diff --git a/modules/nixos/system/printing/default.nix b/modules/nixos/system/printing/default.nix index 0dfab0f..3e21b25 100644 --- a/modules/nixos/system/printing/default.nix +++ b/modules/nixos/system/printing/default.nix @@ -65,5 +65,7 @@ in # Allow resolution of '.local' addresses nssmdns4 = true; }; + + # FIXME: persistence? }; } From c7fc4c2c679c5f28809d6a3d7621258245a40ff2 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 22:00:58 +0000 Subject: [PATCH 46/52] WIP: even more directories? Maybe? --- modules/nixos/system/persist/default.nix | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 212f902..2e7bb07 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -58,6 +58,10 @@ in "/var/log" # Logs "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" # Coredumps + + "/var/lib/systemd" # FIXME: needed? + "/var/spool" # FIXME: needed? + "/var/tmp" # FIXME: needed? ] ++ lib.unique cfg.directories ; From 5abcc66191dc5323f8b77a7aec7c31b8a17eb007 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Thu, 28 Nov 2024 22:01:38 +0000 Subject: [PATCH 47/52] WIP: add note about 'iwd' --- modules/nixos/hardware/networking/default.nix | 2 ++ 1 file changed, 2 insertions(+) diff --git a/modules/nixos/hardware/networking/default.nix b/modules/nixos/hardware/networking/default.nix index dac5e9a..9e85966 100644 --- a/modules/nixos/hardware/networking/default.nix +++ b/modules/nixos/hardware/networking/default.nix @@ -23,6 +23,8 @@ in (lib.mkIf cfg.wireless.enable { networking.networkmanager.enable = true; + # IWD needs persistence if enabled + # Persist NetworkManager files my.system.persist.files = [ "/var/lib/NetworkManager/secret_key" From d5337709c63b6bfc26f369647ad9073a1285c14d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 30 Nov 2024 13:31:01 +0000 Subject: [PATCH 48/52] fixup! WIP: even more directories? Maybe? --- modules/nixos/system/persist/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 2e7bb07..6e58502 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -58,7 +58,7 @@ in "/var/log" # Logs "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" # Coredumps - + "/var/lib/systemd/coredump" "/var/lib/systemd" # FIXME: needed? "/var/spool" # FIXME: needed? "/var/tmp" # FIXME: needed? From b23cd9e891dd4165828408348daeef35c4a2053d Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 30 Nov 2024 13:31:01 +0000 Subject: [PATCH 49/52] fixup! WIP: nixos: system: add persist --- modules/nixos/system/persist/default.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 6e58502..0a4f036 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -47,8 +47,9 @@ in config = lib.mkIf cfg.enable { environment.persistence."${cfg.mountPoint}" = { files = [ - "/etc/machine-id" # Machine-specific ID - "/etc/adjtime" # Clock drift factor and offsets + "/etc/machine-id" + "/etc/adjtime" + "/var/lib/systemd/timesync/clock" ] ++ lib.unique cfg.files ; From d31e8a35b731ca7be1123f8253d04d41cde8c13b Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 30 Nov 2024 13:31:01 +0000 Subject: [PATCH 50/52] fixup! WIP: nixos: system: add persist --- modules/nixos/system/persist/default.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 0a4f036..4f1fc4a 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -56,7 +56,7 @@ in directories = [ "/etc/nixos" # In case it's storage directory of our configuration - "/var/log" # Logs + "/var/log" "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" # Coredumps "/var/lib/systemd/coredump" From 3ebd6f47a322a7582ac16386fc839da69e8505d0 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Dec 2024 19:59:09 +0000 Subject: [PATCH 51/52] fixup! fixup! WIP: even more directories? Maybe? --- modules/nixos/system/persist/default.nix | 1 - 1 file changed, 1 deletion(-) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index 4f1fc4a..f7178c2 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -58,7 +58,6 @@ in "/etc/nixos" # In case it's storage directory of our configuration "/var/log" "/var/lib/nixos" # UID/GID maps - "/var/lib/systemd/coredump" # Coredumps "/var/lib/systemd/coredump" "/var/lib/systemd" # FIXME: needed? "/var/spool" # FIXME: needed? From 0a8b2b8e5500501e9efb38122ccaf8e146a7a548 Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Wed, 4 Dec 2024 19:59:09 +0000 Subject: [PATCH 52/52] fixup! fixup! WIP: even more directories? Maybe? --- modules/nixos/system/persist/default.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/modules/nixos/system/persist/default.nix b/modules/nixos/system/persist/default.nix index f7178c2..ac1820e 100644 --- a/modules/nixos/system/persist/default.nix +++ b/modules/nixos/system/persist/default.nix @@ -59,6 +59,7 @@ in "/var/log" "/var/lib/nixos" # UID/GID maps "/var/lib/systemd/coredump" + "/var/lib/systemd" # FIXME: needed? "/var/spool" # FIXME: needed? "/var/tmp" # FIXME: needed?