From 253fa05b704efe3435bd1f60d645e224d810d197 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Madeleine=20Sydney=20=C5=9Alaga?= <msyds@deertopia.net>
Date: Mon, 22 Sep 2025 11:20:33 -0600
Subject: [PATCH] feat: dots group

---
 modules/home/users/crumb/git.nix |  1 +
 modules/nixos/dots.nix           | 34 ++++++++++++++++++++++++++++++++
 modules/nixos/impermanence.nix   |  1 +
 users/crumb/default.nix          |  2 +-
 users/msyds/default.nix          |  2 +-
 5 files changed, 38 insertions(+), 2 deletions(-)
 create mode 100644 modules/nixos/dots.nix

diff --git a/modules/home/users/crumb/git.nix b/modules/home/users/crumb/git.nix
index 93e396f..0bcff43 100644
--- a/modules/home/users/crumb/git.nix
+++ b/modules/home/users/crumb/git.nix
@@ -33,6 +33,7 @@ in {
               cmd = "${../../../../scripts/ediff/ediff} $LOCAL $REMOTE $MERGED";
               trustExitCode = true;
             };
+            safe.directory = ["/persist/dots"];
           };
         };
 
diff --git a/modules/nixos/dots.nix b/modules/nixos/dots.nix
new file mode 100644
index 0000000..b220fdb
--- /dev/null
+++ b/modules/nixos/dots.nix
@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.dots;
+in {
+  options.sydnix.dots = {
+    enable = lib.mkEnableOption "management of the dotfiles directory" // {
+      default = true;
+    };
+    directory = lib.mkOption {
+      default = "/persist/dots";
+      type = lib.types.path;
+      description = ''
+        Path to a checkout of the Sydnix repo.  The environment variable
+        SYDNIX_PATH will be set to this.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.variables.SYDNIX_PATH = cfg.directory;
+
+    # Group that owns `cfg.directory`.
+    users.groups."dots" = {};
+
+    # Ensure correct permissions on `cfg.directory`.
+    systemd.tmpfiles.settings."50-dots" = {
+      ${cfg.directory} = {
+        z.group = "dots";
+        z.user = "root";
+        z.mode = "2770";
+      };
+    };
+  };
+}
diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix
index 308b8b5..254b2d8 100644
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@@ -69,6 +69,7 @@ in {
       name = cfg.persistGroupName;
     };
 
+    # O_O what the fuck did i write this for.... CONCERNING.
     systemd.tmpfiles.settings."10-varlibprivate" = {
       "/var/lib/private" = {
         z.group = "root";
diff --git a/users/crumb/default.nix b/users/crumb/default.nix
index 31eb5f2..de0ebc2 100644
--- a/users/crumb/default.nix
+++ b/users/crumb/default.nix
@@ -3,7 +3,7 @@
     isNormalUser = true;
     # TODO: Don't hard-code `persist`.  Use
     # config.sydnix.impermanence.persistGroupName.
-    extraGroups = [ "wheel" "persist" "input" "networkmanager" ];
+    extraGroups = [ "wheel" "persist" "input" "networkmanager" "dots" ];
     initialHashedPassword =
       "$y$j9T$aEFDDwdTZbAc6VQRXrkBJ0$K8wxTGTWDihyX1wxJ.ZMH//wmQFfrGGUkLkxIU0Lyq8";
 
diff --git a/users/msyds/default.nix b/users/msyds/default.nix
index 758a6e7..d5baaf2 100644
--- a/users/msyds/default.nix
+++ b/users/msyds/default.nix
@@ -3,7 +3,7 @@
     isNormalUser = true;
     # TODO: Don't hard-code `persist`.  Use
     # config.sydnix.impermanence.persistGroupName.
-    extraGroups = [ "wheel" "persist" "input" ];
+    extraGroups = [ "wheel" "persist" "input" "dots" ];
     initialHashedPassword =
       "$y$j9T$4pyDiPlhnN4UarQoY7Sn70$URZQKPJ3yU4WoQFHRhzm4uF3bM4U7OVYem3oPioykMC";