feat: Impermanence (home)

README.org

@@ -80,9 +80,19 @@ What follows is an overview of [[file:modules/nixos/impermanence/rollback.nix][m
 On boot, ...
 
 - The existing subvolume root filesystem will be moved to a 'death row' directory, where it will live for about three days before deletion. Precisely, =«btrfs-filesystem»/«root-subvolume»= is moved to =«btrfs-filesystem»/old-roots/«timestamp»=. The brief grace period allows for easy recovery in the (very common) case where files are unintentionally deleted due to the user's silly human negligence.
+
 - A new, blank subvolume is created in place of the previous. Precisely, the subvolume =«btrfs-filesystem»/«root-subvolume»= is created.
+
 - Any subvolumes under =«btrfs-filesystem»/old-roots= older than three days are deleted.
 
+*** The =/persist= directory
+
+- =/persist/root= :: Persistent files to be linked into the real root, =/=. These are managed by Impermanence.
+
+- =/persist/home/«user»= :: Persistent files to be linked into the analogous location under the real home, =/home/«user»=. These are managed by Impermanence.
+
+- =/persist/users/«user»= :: Persistent files belonging to specific users. This differs from the persistent home directories in that files are not necessarily linked anywhere.
+
 * Tasks
 
 ** Emacs

modules/home/impermanence.nix

@@ -9,44 +9,14 @@ in {
     sydnix.impermanence = {
       enable = mkEnableOption "impermanence";
 
-      mutableDotfiles = {
-        enable = mkEnableOption "dotfiles under impermanence";
-
-        # storeAt = mkOption {
-        #   default = "dots/config";
-        #   type = types.str;
-        #   # type = with types;
-        #   #   addCheck
-        #   #     path
-        #   #     (x: cfg.mutableDotfiles.enable
-        #   #         -> ! (elem x cfg.mutableDotfiles.directories));
-        # };
-
-        files = mkOption {
-          default = [];
-          # FIXME: Inaccurate type.
-          type = with types;
-            listOf anything;
-        };
-
-        directories = mkOption {
-          default = [];
-          # FIXME: Inaccurate type.
-          type = with types;
-            listOf anything;
-        };
-      };
-
       directories = mkOption {
-        # type = with types;
-        #   listOf (coercedTo str (d: { directory = d; }) userDir);
         default = [];
+        type = types.listOf types.anything;
       };
 
       files = mkOption {
-        # type = with types;
-        #   listOf (coercedTo str (f: { file = f; }) userFile);
         default = [];
+        type = types.listOf types.anything;
       };
     };
   };
@@ -58,16 +28,6 @@ in {
         directories = cfg.directories;
         files = cfg.files;
       };
-    } // (if ! cfg.mutableDotfiles.enable
-          then {}
-          else {
-            "/persist/dots/users/${config.home.username}/dots/" = {
-              removePrefixDirectory = true;
-              directories = cfg.mutableDotfiles.directories;
-              files = cfg.mutableDotfiles.files;
-              allowOther = true;
-            };
-    });
-
+    };
   };
 }

modules/nixos/impermanence.nix

@@ -49,10 +49,18 @@ in {
 
     # Permit members of `cfg.persistGroupName` to read, write, and execute
     # /persist.
-    systemd.tmpfiles.settings."10-persist".${cfg.persistDirectory} = {
-      z = {
-        group = cfg.persistGroupName;
-        mode = "2775";
+    systemd.tmpfiles.settings."10-persist" = {
+      ${cfg.persistDirectory} = {
+        z.group = cfg.persistGroupName;
+        z.mode = "2775";
+      };
+      "${cfg.persistDirectory}/home" = {
+        z.group = "users";
+        z.mode = "2775";
+      };
+      "${cfg.persistDirectory}/user-files" = {
+        z.group = "users";
+        z.mode = "2775";
       };
     };
 

modules/nixos/impermanence/rollback.nix

@@ -2,10 +2,10 @@
 
 with lib;
 
-let cfg = config.impermanence.rollback;
+let cfg = config.sydnix.impermanence.rollback;
 in {
   options = {
-    impermanence.rollback = {
+    sydnix.impermanence.rollback = {
       enable = mkEnableOption "rollback of the root filesystem";
 
       device = mkOption {

users/crumb/default.nix

@@ -17,10 +17,27 @@
     sydnix = {
       sops = {
         enable = true;
+        keyFile = "/persist/user-files/${config.home.username}/key.txt";
         secrets = {
           example-user-key = {};
         };
       };
+
+      impermanence = {
+        enable = true;
+        directories = [
+          "Music"
+          "Pictures"
+          "Documents"
+          "Videos"
+          ".ssh"
+          {
+            directory = ".local/share/Steam";
+            method = "symlink";
+          }
+          ".passage"
+        ];
+      };
     };
 
     home.packages = [

users/crumb/files.nix

@@ -4,21 +4,4 @@ let mutableSymlink = config.lib.file.mkOutOfStoreSymlink;
 in {
   home.file."org".source =
     mutableSymlink "~/Dropbox/org";
-
-  # HACK: This all ought to be subsumed by Impermanence.
-
-  home.file."Documents".source =
-    mutableSymlink "/persist/home/crumb/Documents";
-
-  home.file."Pictures".source =
-    mutableSymlink "/persist/home/crumb/Pictures";
-
-  home.file."src".source =
-    mutableSymlink "/persist/home/crumb/src";
-
-  home.file."Music".source =
-    mutableSymlink "/persist/home/crumb/Music";
-
-  home.file."Videos".source =
-    mutableSymlink "/persist/home/crumb/Videos";
 }

users/crumb/programs/passage.nix

@@ -1,11 +1,15 @@
 { config, lib, pkgs, ... }:
 
-{
+let mutableSymlink = config.lib.file.mkOutOfStoreSymlink;
+in {
   home.packages = [ pkgs.passage ];
+
   home.file.".passage/identities".source =
-    (config.lib.file.mkOutOfStoreSymlink config.sydnix.sops.keyFile);
-  home.file.".passage/store".source =
-    (config.lib.file.mkOutOfStoreSymlink "/persist/home/crumb/.passage/store");
+    mutableSymlink config.sydnix.sops.keyFile;
+
+  sydnix.impermanence.directories = [
+    ".passage/store"
+  ];
 
   home.shellAliases."pass" = "${pkgs.passage/bin/passage}";