feat: dots group

2025-09-22 11:20:33 -06:00
parent 360bd4e083
commit 253fa05b70
5 changed files with 38 additions and 2 deletions
--- a/modules/home/users/crumb/git.nix
+++ b/modules/home/users/crumb/git.nix
@@ -33,6 +33,7 @@ in {
              cmd = "${../../../../scripts/ediff/ediff} $LOCAL $REMOTE $MERGED";
              trustExitCode = true;
            };
+            safe.directory = ["/persist/dots"];
          };
        };

--- a/modules/nixos/dots.nix
+++ b/modules/nixos/dots.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.dots;
+in {
+  options.sydnix.dots = {
+    enable = lib.mkEnableOption "management of the dotfiles directory" // {
+      default = true;
+    };
+    directory = lib.mkOption {
+      default = "/persist/dots";
+      type = lib.types.path;
+      description = ''
+        Path to a checkout of the Sydnix repo.  The environment variable
+        SYDNIX_PATH will be set to this.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.variables.SYDNIX_PATH = cfg.directory;
+
+    # Group that owns `cfg.directory`.
+    users.groups."dots" = {};
+
+    # Ensure correct permissions on `cfg.directory`.
+    systemd.tmpfiles.settings."50-dots" = {
+      ${cfg.directory} = {
+        z.group = "dots";
+        z.user = "root";
+        z.mode = "2770";
+      };
+    };
+  };
+}
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -69,6 +69,7 @@ in {
      name = cfg.persistGroupName;
    };

+    # O_O what the fuck did i write this for.... CONCERNING.
    systemd.tmpfiles.settings."10-varlibprivate" = {
      "/var/lib/private" = {
        z.group = "root";
--- a/users/crumb/default.nix
+++ b/users/crumb/default.nix
@@ -3,7 +3,7 @@
    isNormalUser = true;
    # TODO: Don't hard-code `persist`.  Use
    # config.sydnix.impermanence.persistGroupName.
-    extraGroups = [ "wheel" "persist" "input" "networkmanager" ];
+    extraGroups = [ "wheel" "persist" "input" "networkmanager" "dots" ];
    initialHashedPassword =
      "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8";

--- a/users/msyds/default.nix
+++ b/users/msyds/default.nix
@@ -3,7 +3,7 @@
    isNormalUser = true;
    # TODO: Don't hard-code `persist`.  Use
    # config.sydnix.impermanence.persistGroupName.
-    extraGroups = [ "wheel" "persist" "input" ];
+    extraGroups = [ "wheel" "persist" "input" "dots" ];
    initialHashedPassword =
      "$y$j9T$4pyDiPlhnN4UarQoY7Sn70$URZQKPJ3yU4WoQFHRhzm4uF3bM4U7OVYem3oPioykMC";