feat: dots group

modules/home/users/crumb/git.nix

@@ -33,6 +33,7 @@ in {
               cmd = "${../../../../scripts/ediff/ediff} $LOCAL $REMOTE $MERGED";
               trustExitCode = true;
             };
+            safe.directory = ["/persist/dots"];
           };
         };
 

modules/nixos/dots.nix

@@ -0,0 +1,34 @@
+{ config, lib, pkgs, ... }:
+
+let cfg = config.sydnix.dots;
+in {
+  options.sydnix.dots = {
+    enable = lib.mkEnableOption "management of the dotfiles directory" // {
+      default = true;
+    };
+    directory = lib.mkOption {
+      default = "/persist/dots";
+      type = lib.types.path;
+      description = ''
+        Path to a checkout of the Sydnix repo.  The environment variable
+        SYDNIX_PATH will be set to this.
+      '';
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    environment.variables.SYDNIX_PATH = cfg.directory;
+
+    # Group that owns `cfg.directory`.
+    users.groups."dots" = {};
+
+    # Ensure correct permissions on `cfg.directory`.
+    systemd.tmpfiles.settings."50-dots" = {
+      ${cfg.directory} = {
+        z.group = "dots";
+        z.user = "root";
+        z.mode = "2770";
+      };
+    };
+  };
+}

modules/nixos/impermanence.nix

@@ -69,6 +69,7 @@ in {
       name = cfg.persistGroupName;
     };
 
+    # O_O what the fuck did i write this for.... CONCERNING.
     systemd.tmpfiles.settings."10-varlibprivate" = {
       "/var/lib/private" = {
         z.group = "root";