mirror of
https://gitlab.com/upRootNutrition/dotfiles.git
synced 2025-12-06 21:17:14 -06:00
144 lines
2.9 KiB
Nix
Executable file
144 lines
2.9 KiB
Nix
Executable file
{
|
|
flake,
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
let
|
|
inherit (flake.config.people) user0;
|
|
inherit (flake.config.machines.devices) eris;
|
|
erisSecrets = config.sops.secrets."network/server".path;
|
|
|
|
rootDevice = "/dev/disk/by-label/root";
|
|
bootDevice = "/dev/disk/by-label/BOOT";
|
|
|
|
sambaDrives = [
|
|
"samba0"
|
|
];
|
|
|
|
sambaFolders = [
|
|
"raid0"
|
|
];
|
|
|
|
sambaMounts = sambaDrive: folder: {
|
|
name = "${eris.${sambaDrive}.mount}/${folder}";
|
|
value = {
|
|
device = "${eris.${sambaDrive}.device}/${folder}";
|
|
fsType = "cifs";
|
|
options = eris.${sambaDrive}.options ++ [
|
|
"credentials=${erisSecrets}"
|
|
];
|
|
};
|
|
};
|
|
|
|
in
|
|
{
|
|
fileSystems = {
|
|
"/" = {
|
|
device = rootDevice;
|
|
fsType = "btrfs";
|
|
options = [
|
|
"subvol=root"
|
|
];
|
|
};
|
|
|
|
"/nix" = {
|
|
device = rootDevice;
|
|
fsType = "btrfs";
|
|
options = [
|
|
"subvol=nix"
|
|
];
|
|
};
|
|
|
|
"/persist" = {
|
|
device = rootDevice;
|
|
fsType = "btrfs";
|
|
neededForBoot = true;
|
|
options = [
|
|
"subvol=persist"
|
|
];
|
|
};
|
|
|
|
"/boot" = {
|
|
device = bootDevice;
|
|
fsType = "vfat";
|
|
options = [
|
|
"fmask=0077"
|
|
"dmask=0077"
|
|
];
|
|
};
|
|
|
|
"/mnt/storage" = {
|
|
device = "/dev/disk/by-label/storage";
|
|
fsType = "ext4";
|
|
};
|
|
|
|
"/etc/ssh" = {
|
|
neededForBoot = true;
|
|
};
|
|
}
|
|
// (builtins.listToAttrs (
|
|
builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
|
|
));
|
|
|
|
boot.initrd.postResumeCommands = lib.mkAfter ''
|
|
mkdir /btrfs_tmp
|
|
mount -o subvolid=5 ${rootDevice} /btrfs_tmp
|
|
|
|
if [[ -e /btrfs_tmp/root ]]; then
|
|
mkdir -p /btrfs_tmp/old_roots
|
|
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
|
|
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
|
|
fi
|
|
|
|
delete_subvolume_recursively() {
|
|
IFS=$'\n'
|
|
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
|
|
delete_subvolume_recursively "/btrfs_tmp/$i"
|
|
done
|
|
btrfs subvolume delete "$1"
|
|
}
|
|
|
|
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
|
|
delete_subvolume_recursively "$i"
|
|
done
|
|
|
|
btrfs subvolume create /btrfs_tmp/root
|
|
umount /btrfs_tmp
|
|
'';
|
|
|
|
environment.persistence."/persist" = {
|
|
directories = [
|
|
"/var/cache"
|
|
"/var/lib"
|
|
"/opt/secrets"
|
|
{
|
|
directory = "/etc/ssh";
|
|
mode = "u=rwx,g=rx,o=rx";
|
|
user = "root";
|
|
}
|
|
];
|
|
hideMounts = true;
|
|
users.${user0} = {
|
|
directories = [
|
|
".cache"
|
|
".config"
|
|
".local/share/direnv"
|
|
".local/state/nix"
|
|
{
|
|
directory = ".ssh";
|
|
mode = "u=rwx,g=,o=";
|
|
}
|
|
];
|
|
};
|
|
};
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"Z ${config.home-manager.users.${user0}.home.homeDirectory} 0755 ${user0} users -"
|
|
"d /mnt/storage 2775 root root -"
|
|
"d /opt/secrets 2775 root root -"
|
|
|
|
];
|
|
|
|
services.udisks2.enable = true;
|
|
}
|