54 lines
1.4 KiB
Nix
54 lines
1.4 KiB
Nix
{
|
|
inputs,
|
|
options,
|
|
...
|
|
}: {
|
|
imports = [inputs.impermanence.nixosModules.impermanence];
|
|
|
|
# There are bind mounts into here that are important for boot.
|
|
fileSystems."/persist".neededForBoot = true;
|
|
|
|
environment.persistence."/persist" = {
|
|
hideMounts = true;
|
|
directories = [
|
|
"/var/lib/nixos"
|
|
"/var/lib/bluetooth"
|
|
"/var/lib/fprint"
|
|
"/var/lib/upower"
|
|
"/var/lib/tailscale"
|
|
"/var/lib/libvirt"
|
|
"/var/lib/samba"
|
|
"/var/lib/systemd/coredump"
|
|
"/etc/NetworkManager/system-connections"
|
|
"/var/lib/iwd" # Known networks and keys
|
|
{
|
|
directory = "/var/lib/colord";
|
|
user = "colord";
|
|
group = "colord";
|
|
mode = "u=rwx,g=rx,o=";
|
|
}
|
|
# TODO: cups?
|
|
];
|
|
files = [
|
|
"/etc/machine-id"
|
|
#{ file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
|
|
"/var/lib/NetworkManager/secret_key"
|
|
"/var/lib/NetworkManager/seen-bssids"
|
|
"/var/lib/NetworkManager/timestamps"
|
|
];
|
|
};
|
|
|
|
# /etc/{passwd,shadow} are not persisted
|
|
users.mutableUsers = false;
|
|
|
|
# Some report issues with impermanence file config for host keys, so just change their location
|
|
services.openssh.hostKeys =
|
|
builtins.map
|
|
(x: x // {path = "/persist" + x.path;})
|
|
options.services.openssh.hostKeys.default;
|
|
|
|
# sudo lecture db is not persisted, turn it off
|
|
security.sudo.extraConfig = ''
|
|
Defaults lecture = never
|
|
'';
|
|
}
|