search

nix-community / impermanence

Modules to help you handle persistent state on systems with ephemeral root storage [maintainer=@talyz]
MIT License
1.01k stars 76 forks source link

[REQUEST] Declare `something.impermanence.enable` option for integration with other modules and easy way to disable impermanence #167

Open Kreyren opened 4 months ago

Kreyren commented 4 months ago

I am trying to make independent modules in my nixos-config so that e.g.

{ config, lib, ... }:

# Enables Secure Boot through lanzaboote on MRACEK system

let
    inherit (lib) mkForce mkIf;
in mkIf config.boot.lanzaboote.enable {
    boot.loader.systemd-boot.enable = mkForce false; # Lanzeboote uses it's own module and requires this disabled
    boot.loader.efi.canTouchEfiVariables = mkForce true;

    boot.lanzaboote = {
        pkiBundle = "/etc/secureboot";
    };

    # FIXME(Krey): if impermanence is enable then -> Persist lanzaboote files
}

But there isn't an easy way to do e.g.

environment.persistence."/nix/persist/lanzaboote" = mkIf config.system.impermanence {
  hideMounts = true;
    directories = [
      "/etc/secureboot"
    ];
};

So that it can be declared that: IF Lanzaboote is enabled AND impermenance is enabled THEN persist lanzaboote files

Same issues with other modules e.g. persisting vikunja's database, etc.. so that i have to make a huge declaration alike:

environment.persistence."/nix/persist/system" = {
  hideMounts = true;
    directories = [
      ...
      (mkIf config.boot.lanzaboote.enable "/etc/secureboot")
      ...
    ];
};

or

{ lib, config, ... }:

# Global default configuration and management of vikunja service

let
    inherit (lib) mkDefault mkIf;
in mkIf config.services.vikunja.enable {
    # Mandatory configuration to get vikunja to work
    services.vikunja.frontendScheme = mkDefault "http";
    services.vikunja.frontendHostname = mkDefault "localhost";

    # FIXME(Krey): Figure out how to run this without nginx
    services.nginx.enable = true;
    services.vikunja.setupNginx = true;

    environment.persistence."/nix/persist/service/vikunja" = {
        hideMounts = true;
        directories = [
            "/var/lib/tor/onion/hiddenVikunja" # Tor Files
            "/var/lib/private/vikunja"
        ];
        # files = [
        #   # NOTE/FIXME(Krey): Do not use `config.services.vikunja.database.path` here bcs it saves a symlink in /var/lib/vikunja/vikunja.db that points to /var/lib/private/vikunja/vikunja.db
        #   # "/var/lib/private/vikunja/vikunja.db" # Database
        #   # "/etc/vikunja/config.yaml"
        # ];
    };
}

which makes hard dependency on impermanence modules which is unwanted as without the impermanence loaded it will error out with environment.persistance doesn't exists

testplayername commented 4 months ago

Impermanence does have an enable option for each persistent path, set to true by default for each persistent path. There does not appear to be a "global" enable option like environment.persistence.enable.