summary refs log tree commit diff stats
path: root/system/impermanence
diff options
context:
space:
mode:
authorSoispha <soispha@vhack.eu>2023-07-08 13:53:11 +0200
committerSoispha <soispha@vhack.eu>2023-07-08 13:53:11 +0200
commit7815ef2a22e3ae684852f1f28cedae6354263034 (patch)
treef6f9eff9edd93a734f3f7550e6c42e87ef4dadc0 /system/impermanence
parentFix(host/server1): Use working path to disk (diff)
downloadnixos-server-7815ef2a22e3ae684852f1f28cedae6354263034.tar.gz
nixos-server-7815ef2a22e3ae684852f1f28cedae6354263034.zip
Fix(treewide): Move all persistent dirs to impermanence to set permissions
Diffstat (limited to 'system/impermanence')
-rw-r--r--system/impermanence/default.nix25
-rw-r--r--system/impermanence/mods/acme.nix5
-rw-r--r--system/impermanence/mods/fail2ban.nix10
-rw-r--r--system/impermanence/mods/keycloak.nix5
-rw-r--r--system/impermanence/mods/mail.nix28
-rw-r--r--system/impermanence/mods/minecraft.nix10
-rw-r--r--system/impermanence/mods/nix-sync.nix10
-rw-r--r--system/impermanence/mods/openssh.nix10
-rw-r--r--system/impermanence/mods/users.nix22
9 files changed, 111 insertions, 14 deletions
diff --git a/system/impermanence/default.nix b/system/impermanence/default.nix
index 32ad9f7..198eeba 100644
--- a/system/impermanence/default.nix
+++ b/system/impermanence/default.nix
@@ -1,23 +1,20 @@
 {...}: {
+  # TODO: Only activate them if their module is also active
+  imports = [
+    ./mods/acme.nix
+    ./mods/keycloak.nix
+    ./mods/mail.nix
+    ./mods/minecraft.nix
+    ./mods/nix-sync.nix
+    ./mods/openssh.nix
+    ./mods/users.nix
+  ];
+
   environment.persistence."/srv" = {
     hideMounts = true;
     directories = [
       "/etc/nixos"
       "/var/log"
-      "/var/lib/postgresql"
-      "/var/lib/acme"
-      {
-        directory = "/var/lib/nix-sync";
-        user = "nix-sync";
-        group = "nix-sync";
-        mode = "0700";
-      }
-      {
-        directory = "/var/lib/sshd";
-        user = "root";
-        group = "root";
-        mode = "0755";
-      }
     ];
     files = [
       "/etc/machine-id"
diff --git a/system/impermanence/mods/acme.nix b/system/impermanence/mods/acme.nix
new file mode 100644
index 0000000..b16171e
--- /dev/null
+++ b/system/impermanence/mods/acme.nix
@@ -0,0 +1,5 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    "/var/lib/acme"
+  ];
+}
diff --git a/system/impermanence/mods/fail2ban.nix b/system/impermanence/mods/fail2ban.nix
new file mode 100644
index 0000000..a817876
--- /dev/null
+++ b/system/impermanence/mods/fail2ban.nix
@@ -0,0 +1,10 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/fail2ban";
+      user = "fail2ban";
+      group = "fail2ban";
+      mode = "0700";
+    }
+  ];
+}
diff --git a/system/impermanence/mods/keycloak.nix b/system/impermanence/mods/keycloak.nix
new file mode 100644
index 0000000..63b02f5
--- /dev/null
+++ b/system/impermanence/mods/keycloak.nix
@@ -0,0 +1,5 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    "/var/lib/postgresql"
+  ];
+}
diff --git a/system/impermanence/mods/mail.nix b/system/impermanence/mods/mail.nix
new file mode 100644
index 0000000..fc21ce7
--- /dev/null
+++ b/system/impermanence/mods/mail.nix
@@ -0,0 +1,28 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/mail/backup";
+      user = "virtualMail";
+      group = "virtualMail";
+      mode = "0700";
+    }
+    {
+      directory = "/var/lib/mail/sieve";
+      user = "virtualMail";
+      group = "virtualMail";
+      mode = "0700";
+    }
+    {
+      directory = "/var/lib/mail/vmail";
+      user = "virtualMail";
+      group = "virtualMail";
+      mode = "0700";
+    }
+    {
+      directory = "/var/lib/mail/dkim";
+      user = "opendkim";
+      group = "opendkim";
+      mode = "0700";
+    }
+  ];
+}
diff --git a/system/impermanence/mods/minecraft.nix b/system/impermanence/mods/minecraft.nix
new file mode 100644
index 0000000..2a02626
--- /dev/null
+++ b/system/impermanence/mods/minecraft.nix
@@ -0,0 +1,10 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/minecraft";
+      user = "minecraft";
+      group = "minecraft";
+      mode = "0700";
+    }
+  ];
+}
diff --git a/system/impermanence/mods/nix-sync.nix b/system/impermanence/mods/nix-sync.nix
new file mode 100644
index 0000000..11449ea
--- /dev/null
+++ b/system/impermanence/mods/nix-sync.nix
@@ -0,0 +1,10 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/nix-sync";
+      user = "nix-sync";
+      group = "nix-sync";
+      mode = "0700";
+    }
+  ];
+}
diff --git a/system/impermanence/mods/openssh.nix b/system/impermanence/mods/openssh.nix
new file mode 100644
index 0000000..656f96e
--- /dev/null
+++ b/system/impermanence/mods/openssh.nix
@@ -0,0 +1,10 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/var/lib/sshd";
+      user = "root";
+      group = "root";
+      mode = "0755";
+    }
+  ];
+}
diff --git a/system/impermanence/mods/users.nix b/system/impermanence/mods/users.nix
new file mode 100644
index 0000000..3b121e0
--- /dev/null
+++ b/system/impermanence/mods/users.nix
@@ -0,0 +1,22 @@
+{...}: {
+  environment.persistence."/srv".directories = [
+    {
+      directory = "/home/sils";
+      user = "sils";
+      group = "sils";
+      mode = "0700";
+    }
+    {
+      directory = "/home/soispha";
+      user = "soispha";
+      group = "soispha";
+      mode = "0700";
+    }
+    {
+      directory = "/home/nightingale";
+      user = "nightingale";
+      group = "nightingale";
+      mode = "0700";
+    }
+  ];
+}