From 146b495e3e0069f2e329b3075a7367b0d954ead8 Mon Sep 17 00:00:00 2001 From: Patryk Niedźwiedziński Date: Sat, 5 Oct 2024 21:05:47 +0200 Subject: Add impermanence --- machines/x220/default.nix | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) (limited to 'machines/x220/default.nix') diff --git a/machines/x220/default.nix b/machines/x220/default.nix index 92e229b..a4914ca 100644 --- a/machines/x220/default.nix +++ b/machines/x220/default.nix @@ -47,6 +47,39 @@ # wget ]; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persistent" = { + enable = true; # NB: Defaults to true, not needed + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/bluetooth" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/etc/NetworkManager/system-connections" + { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; } + ]; + files = [ + "/etc/machine-id" + "/etc/shadow" + { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; } + ]; + users.pn = { + directories = [ + "Downloads" + "Music" + "Pictures" + "Documents" + "Videos" + "VirtualBox VMs" + { directory = ".gnupg"; mode = "0700"; } + { directory = ".ssh"; mode = "0700"; } + { directory = ".local/share/keyrings"; mode = "0700"; } + ".local/share/direnv" + ]; + }; + }; + # Some programs need SUID wrappers, can be configured further or are # started in user sessions. # programs.mtr.enable = true; @@ -69,6 +102,5 @@ # this value at the release version of the first install of this system. # Before changing this value read the documentation for this option # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html). - system.stateVersion = "24.05"; # Did you read the comment? } -- cgit 1.4.1