Impermanence HM module hates me

ritiek · Oct 13, 2024 · abe2693 · abe2693
1 parent d39e13e
commit abe2693
Show file tree

Hide file tree

Showing 5 changed files with 50 additions and 26 deletions.
diff --git a/machines/clawsiecats/default.nix b/machines/clawsiecats/default.nix
@@ -8,6 +8,15 @@
 
   boot.kernelPackages = pkgs.linuxPackages_latest;
 
+  environment.persistence."/nix/persist/system" = {
+    directories = [
+      "/var/lib/tailscale"
+    ];
+    # files = [
+    #   "/var/lib/tailscale/tailscaled.state"
+    # ];
+  };
+
   sops = {
     defaultSopsFile = ./secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];

diff --git a/machines/clawsiecats/home/default.nix b/machines/clawsiecats/home/default.nix
@@ -11,19 +11,30 @@
   ];
   home = {
     stateVersion = "24.05";
-    persistence."/nix/persist/home/${config.home.username}" = {
-      # enable = true;
-      # hideMounts = true;
-      directories = [
-        ".local/share/nvim"
-        ".local/state/nvim"
-        ".local/cache/nvim"
-      ];
-      files = [
-        ".zsh_history"
-        ".nvim-lazy-lock.json"
-      ];
-      allowOther = false;
+    persistence = {
+      "/nix/persist/home/${config.home.username}/files" = {
+        files = [
+          ".zsh_history"
+        ];
+        allowOther = false;
+      };
+      "/nix/persist/home/${config.home.username}/cache" = {
+        directories = [
+          ".local/share/nvim"
+          # {
+          #   directory = ".local/share/nvim";
+          #   method = "symlink";
+          # }
+          # {
+          #   directory = ".local/state/nvim";
+          #   method = "symlink";
+          # }
+        ];
+        # files = [
+        #   ".nvim-lazy-lock.json"
+        # ];
+        allowOther = false;
+      };
     };
     packages = with pkgs; [
       any-nix-shell

diff --git a/machines/clawsiecats/minimal.nix b/machines/clawsiecats/minimal.nix
@@ -15,9 +15,6 @@
     directories = [
       "/etc/nixos"
       "/var/log"
-      "/var/lib/acme"
-      "/var/lib/jitsi-meet"
-      "/var/lib/prosody"
       "/var/lib/nixos"
       "/var/lib/systemd/coredump"
     ];
@@ -27,13 +24,12 @@
       "/etc/ssh/ssh_host_ed25519_key.pub"
       "/etc/ssh/ssh_host_rsa_key"
       "/etc/ssh/ssh_host_rsa_key.pub"
-      "/var/lib/tailscale/tailscaled.state"
     ];
-    users.root = {
-      home = "/root";
-      directories = [ ];
-      files = [ ];
-    };
+    # users.root = {
+    #   home = "/root";
+    #   directories = [ ];
+    #   files = [ ];
+    # };
   };
 
   # Disable sudo as we've no non-root users.

diff --git a/machines/clawsiecats/secrets.yaml b/machines/clawsiecats/secrets.yaml
@@ -1,5 +1,5 @@
 jitsi.htpasswd: ENC[AES256_GCM,data:vwu2dWdtGzaubhJD2uw62RX05h5VwF4phdzkWD8WuIMMzzRnkhNvgyI0UPCoxowkwNhef4kaogOIOeh492MSUAyzXLsO855ItLGr+86/ork2Va8DX/kf8jyraUO5oFlH,iv:9DGAPHFIEJUHLKptoS1iKTjHiIQu0WpW1fI9UylnwCE=,tag:g6z3r/RNQolinHegok9CLg==,type:str]
-tailscale.authkey: ENC[AES256_GCM,data:QXnPj9EA+zsuBqAxDNRGBJixx3LxmhG/d1hzREceuHHZDxuWy/GqnLg51m4/0lnHslVfbGq4KBsBH2VrF9Q=,iv:QU7tmU15xQNKl9sVHJ62w5QvqEEqRPVpXm9rG9pqXD4=,tag:YmEwTY8XPS6Igc41q5t8iQ==,type:str]
+tailscale.authkey: ENC[AES256_GCM,data:FmKffJsnb2TfrdGfHf7G8kSYZNACuqA2IwrrPpVRrnsL5dlrb459HuVuap/RX/BzZR9LlD5HXCjk2Ku5xg==,iv:eoHTIPOHYv6mM5j5xiXo/RYh8mg+mqrfJVu6PiI4Zpg=,tag:z0NK4S/5vPGwtgAaKDi6Ag==,type:str]
 sops:
     shamir_threshold: 1
     kms: []
@@ -16,8 +16,8 @@ sops:
             MS9NWmV2UFJKSTRaSmxKaGg5c3k1dDAKCRQLsbTqlcG2K5ThCcntP4JSD8YDdV/l
             0HMJDKoy0IFFp1vH65OSuVk+p9WPtZ2sxK2DGChlTpbSaYHygHlTmw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-09-22T20:36:17Z"
-    mac: ENC[AES256_GCM,data:Ll0cRxPdU8ajI8Lbv+2o1cRWOL9C6oZsT7OuhlKgfBrQpsTI3TF0K9f0KgecVlwXoTOjTkNX+AJmu+9xtDUSu6xXyp4LYbwYjug4XaKqDOHVmkJ2KsBZhvnwURLjpG5sLvOgC/1bC4eYBKmEwSkR8hjXhxtn1MoPoXcQl5ukRjQ=,iv:uqQ6+HVcovGktrYJJROD2fMI9MB98i1nH5hPQgcapKs=,tag:e7XFAGaoEaqQqBY96uYJXw==,type:str]
+    lastmodified: "2024-10-13T10:57:56Z"
+    mac: ENC[AES256_GCM,data:axPEARVgvrXjKt4scQRl1hPbuQgItdMkCgER+nFVbXKT6FD14Tf7CgEsuBFHtB/CTzLZq3S/pviWFZbzvwEFupvdw31JoEjNG5mVBO1MdR+T8Hrmdf1L0RjEU9LYb3gHDSh1gFa4B2Ns9b1BxxCZ3Tqnaa6eqhhaJuEI2zHlsNI=,iv:LWjZ+512/Gos0GcaAI13NeGPWjyjVgxzFerRSv3j1yg=,tag:xH4VnBD5qgZs1axAmZEb0g==,type:str]
     pgp:
         - created_at: "2024-10-05T14:39:15Z"
           enc: |-
@@ -32,4 +32,4 @@ sops:
             -----END PGP MESSAGE-----
           fp: 66FF60997B04845FF4C0CB4FEB6FC9F9FC964257
     unencrypted_suffix: _unencrypted
-    version: 3.9.0
+    version: 3.9.1
diff --git a/machines/clawsiecats/services.nix b/machines/clawsiecats/services.nix
@@ -4,6 +4,14 @@ let
   domain = "clawsiecats.omg.lol";
 in
 {
+  environment.persistence."/nix/persist/system" = {
+    directories = [
+      "/var/lib/acme"
+      "/var/lib/jitsi-meet"
+      "/var/lib/prosody"
+    ];
+    files = [ ];
+  };
   sops.secrets = {
     "jitsi.htpasswd" = {
       owner = "nginx";