diff options
| author | Soispha <soispha@vhack.eu> | 2023-07-08 13:53:11 +0200 |
|---|---|---|
| committer | Soispha <soispha@vhack.eu> | 2023-07-08 13:53:11 +0200 |
| commit | 7815ef2a22e3ae684852f1f28cedae6354263034 (patch) | |
| tree | f6f9eff9edd93a734f3f7550e6c42e87ef4dadc0 /system/impermanence | |
| parent | Fix(host/server1): Use working path to disk (diff) | |
| download | nixos-server-7815ef2a22e3ae684852f1f28cedae6354263034.tar.gz nixos-server-7815ef2a22e3ae684852f1f28cedae6354263034.zip | |
Fix(treewide): Move all persistent dirs to impermanence to set permissions
Diffstat (limited to 'system/impermanence')
| -rw-r--r-- | system/impermanence/default.nix | 25 | ||||
| -rw-r--r-- | system/impermanence/mods/acme.nix | 5 | ||||
| -rw-r--r-- | system/impermanence/mods/fail2ban.nix | 10 | ||||
| -rw-r--r-- | system/impermanence/mods/keycloak.nix | 5 | ||||
| -rw-r--r-- | system/impermanence/mods/mail.nix | 28 | ||||
| -rw-r--r-- | system/impermanence/mods/minecraft.nix | 10 | ||||
| -rw-r--r-- | system/impermanence/mods/nix-sync.nix | 10 | ||||
| -rw-r--r-- | system/impermanence/mods/openssh.nix | 10 | ||||
| -rw-r--r-- | system/impermanence/mods/users.nix | 22 |
9 files changed, 111 insertions, 14 deletions
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix index 32ad9f7..198eeba 100644 --- a/system/impermanence/default.nix +++ b/system/impermanence/default.nix @@ -1,23 +1,20 @@ {...}: { + # TODO: Only activate them if their module is also active + imports = [ + ./mods/acme.nix + ./mods/keycloak.nix + ./mods/mail.nix + ./mods/minecraft.nix + ./mods/nix-sync.nix + ./mods/openssh.nix + ./mods/users.nix + ]; + environment.persistence."/srv" = { hideMounts = true; directories = [ "/etc/nixos" "/var/log" - "/var/lib/postgresql" - "/var/lib/acme" - { - directory = "/var/lib/nix-sync"; - user = "nix-sync"; - group = "nix-sync"; - mode = "0700"; - } - { - directory = "/var/lib/sshd"; - user = "root"; - group = "root"; - mode = "0755"; - } ]; files = [ "/etc/machine-id" diff --git a/system/impermanence/mods/acme.nix b/system/impermanence/mods/acme.nix new file mode 100644 index 0000000..b16171e --- /dev/null +++ b/system/impermanence/mods/acme.nix @@ -0,0 +1,5 @@ +{...}: { + environment.persistence."/srv".directories = [ + "/var/lib/acme" + ]; +} diff --git a/system/impermanence/mods/fail2ban.nix b/system/impermanence/mods/fail2ban.nix new file mode 100644 index 0000000..a817876 --- /dev/null +++ b/system/impermanence/mods/fail2ban.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/fail2ban"; + user = "fail2ban"; + group = "fail2ban"; + mode = "0700"; + } + ]; +} diff --git a/system/impermanence/mods/keycloak.nix b/system/impermanence/mods/keycloak.nix new file mode 100644 index 0000000..63b02f5 --- /dev/null +++ b/system/impermanence/mods/keycloak.nix @@ -0,0 +1,5 @@ +{...}: { + environment.persistence."/srv".directories = [ + "/var/lib/postgresql" + ]; +} diff --git a/system/impermanence/mods/mail.nix b/system/impermanence/mods/mail.nix new file mode 100644 index 0000000..fc21ce7 --- /dev/null +++ b/system/impermanence/mods/mail.nix @@ -0,0 +1,28 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/mail/backup"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/sieve"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/vmail"; + user = "virtualMail"; + group = "virtualMail"; + mode = "0700"; + } + { + directory = "/var/lib/mail/dkim"; + user = "opendkim"; + group = "opendkim"; + mode = "0700"; + } + ]; +} diff --git a/system/impermanence/mods/minecraft.nix b/system/impermanence/mods/minecraft.nix new file mode 100644 index 0000000..2a02626 --- /dev/null +++ b/system/impermanence/mods/minecraft.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/minecraft"; + user = "minecraft"; + group = "minecraft"; + mode = "0700"; + } + ]; +} diff --git a/system/impermanence/mods/nix-sync.nix b/system/impermanence/mods/nix-sync.nix new file mode 100644 index 0000000..11449ea --- /dev/null +++ b/system/impermanence/mods/nix-sync.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/nix-sync"; + user = "nix-sync"; + group = "nix-sync"; + mode = "0700"; + } + ]; +} diff --git a/system/impermanence/mods/openssh.nix b/system/impermanence/mods/openssh.nix new file mode 100644 index 0000000..656f96e --- /dev/null +++ b/system/impermanence/mods/openssh.nix @@ -0,0 +1,10 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/var/lib/sshd"; + user = "root"; + group = "root"; + mode = "0755"; + } + ]; +} diff --git a/system/impermanence/mods/users.nix b/system/impermanence/mods/users.nix new file mode 100644 index 0000000..3b121e0 --- /dev/null +++ b/system/impermanence/mods/users.nix @@ -0,0 +1,22 @@ +{...}: { + environment.persistence."/srv".directories = [ + { + directory = "/home/sils"; + user = "sils"; + group = "sils"; + mode = "0700"; + } + { + directory = "/home/soispha"; + user = "soispha"; + group = "soispha"; + mode = "0700"; + } + { + directory = "/home/nightingale"; + user = "nightingale"; + group = "nightingale"; + mode = "0700"; + } + ]; +} |