feat(modules)!: init persistence

author: sefidel <contact@sefidel.net> 2024-01-11 14:39:13 +0900
committer: sefidel <contact@sefidel.net> 2024-01-12 00:18:45 +0900
commit: a0e13034700e6a697c1adac3050702a1d3ba0ecd (patch)
tree: 548dbde56bfaa84b0d9686effd2941810fa06fd9
parent: a670d5289903cd6236c3203fb1283f4e664e604c (diff)
download: infra-a0e13034700e6a697c1adac3050702a1d3ba0ecd.zip
20 files changed, 68 insertions, 34 deletions
diff --git a/default.nix b/default.nix
index afcdc08..ee7e2ee 100644
--- a/default.nix
+++ b/default.nix
@@ -3,7 +3,6 @@ with lib;
 with lib.my;
 {
   imports = [
-    inputs.impermanence.nixosModules.impermanence
   ] ++ mapModulesRec' (toString ./modules) import;
 
   networking.useDHCP = mkDefault false;
diff --git a/modules/persistence.nix b/modules/persistence.nix
new file mode 100644
index 0000000..4c11588
--- /dev/null
+++ b/modules/persistence.nix
@@ -0,0 +1,46 @@
+{ config, inputs, lib, ... }:
+
+
+with lib;
+let
+  cfg = config.modules.persistence;
+in
+{
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  options.modules.persistence = {
+    enable = mkEnableOption "impermanence persistence";
+
+    storagePath = lib.mkOption {
+      type = types.path;
+      description = ''
+        The path to persistent storage where the real
+        files and directories should be stored.
+      '';
+    };
+
+    directories = mkOption {
+      type = types.listOf types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    fileSystems.${cfg.storagePath}.neededForBoot = true;
+
+    environment.persistence.${cfg.storagePath}.directories = cfg.directories;
+
+    services.openssh.hostKeys = [
+      {
+        path = "${cfg.storagePath}/ssh/ssh_host_ed25519_key";
+        type = "ed25519";
+      }
+      {
+        path = "${cfg.storagePath}/ssh/ssh_host_rsa_key";
+        type = "rsa";
+        bits = 4096;
+      }
+    ];
+  };
+}
diff --git a/modules/services/acme.nix b/modules/services/acme.nix
index 6f6e33e..9a86f18 100644
--- a/modules/services/acme.nix
+++ b/modules/services/acme.nix
@@ -45,7 +45,7 @@ in
         cfg.certs;
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/acme"
     ];
   };
diff --git a/modules/services/akkoma/default.nix b/modules/services/akkoma/default.nix
index 3588140..91aa2e8 100644
--- a/modules/services/akkoma/default.nix
+++ b/modules/services/akkoma/default.nix
@@ -95,7 +95,7 @@ in
         '';
       };
     };
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/akkoma"
     ];
   };
diff --git a/modules/services/fail2ban.nix b/modules/services/fail2ban.nix
index 7d3c4bf..281ca11 100644
--- a/modules/services/fail2ban.nix
+++ b/modules/services/fail2ban.nix
@@ -13,7 +13,7 @@ in
     services.fail2ban = {
       enable = true;
     };
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/fail2ban"
     ];
   };
diff --git a/modules/services/gitolite/default.nix b/modules/services/gitolite/default.nix
index 43afb71..31cf755 100644
--- a/modules/services/gitolite/default.nix
+++ b/modules/services/gitolite/default.nix
@@ -37,7 +37,7 @@ in
       '';
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/gitolite"
     ];
 
diff --git a/modules/services/jitsi.nix b/modules/services/jitsi.nix
index d1ed5cc..1152ac0 100644
--- a/modules/services/jitsi.nix
+++ b/modules/services/jitsi.nix
@@ -35,7 +35,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ 80 443 ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/prosody"
       "/var/lib/jitsi-meet"
     ];
diff --git a/modules/services/ldap.nix b/modules/services/ldap.nix
index ba19761..7c4724f 100644
--- a/modules/services/ldap.nix
+++ b/modules/services/ldap.nix
@@ -69,7 +69,7 @@ in
 
     users.groups.acme.members = [ "openldap" ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/openldap"
     ];
   };
diff --git a/modules/services/matrix-bridge.nix b/modules/services/matrix-bridge.nix
index 2a96e01..b2c089f 100644
--- a/modules/services/matrix-bridge.nix
+++ b/modules/services/matrix-bridge.nix
@@ -251,7 +251,7 @@ in
     };
 
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/private/mautrix-telegram"
       "/var/lib/private/mautrix-signal"
       "/var/lib/private/mautrix-whatsapp"
diff --git a/modules/services/matrix-homeserver.nix b/modules/services/matrix-homeserver.nix
index f830ee0..63691d3 100644
--- a/modules/services/matrix-homeserver.nix
+++ b/modules/services/matrix-homeserver.nix
@@ -122,7 +122,7 @@ in
       }
     ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/matrix-synapse"
     ];
 
diff --git a/modules/services/matrix-moderation.nix b/modules/services/matrix-moderation.nix
index 0b1dcc2..b44cdf3 100644
--- a/modules/services/matrix-moderation.nix
+++ b/modules/services/matrix-moderation.nix
@@ -50,7 +50,7 @@ in
 
     services.matrix-synapse.plugins = with config.services.matrix-synapse.package.plugins; [ matrix-synapse-mjolnir-antispam ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/private/pantalaimon-mjolnir"
       "/var/lib/mjolnir"
     ];
diff --git a/modules/services/metrics.nix b/modules/services/metrics.nix
index 6496a23..b06a401 100644
--- a/modules/services/metrics.nix
+++ b/modules/services/metrics.nix
@@ -159,7 +159,7 @@ in
       };
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/prometheus2"
       "/var/lib/loki"
       "/var/lib/grafana"
diff --git a/modules/services/nixos-mailserver.nix b/modules/services/nixos-mailserver.nix
index a794430..2c78780 100644
--- a/modules/services/nixos-mailserver.nix
+++ b/modules/services/nixos-mailserver.nix
@@ -144,7 +144,7 @@ in
       useACMEHost = cfg.webmail.domain;
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/dovecot"
       "/var/lib/rspamd"
       "/var/lib/redis-rspamd"
diff --git a/modules/services/obsidian-livesync.nix b/modules/services/obsidian-livesync.nix
index 3377069..189d92f 100644
--- a/modules/services/obsidian-livesync.nix
+++ b/modules/services/obsidian-livesync.nix
@@ -50,7 +50,7 @@
       '';
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/couchdb"
     ];
 
diff --git a/modules/services/postgresql.nix b/modules/services/postgresql.nix
index 2d5fdf5..05835a4 100644
--- a/modules/services/postgresql.nix
+++ b/modules/services/postgresql.nix
@@ -26,7 +26,7 @@ in
     };
     services.postgresqlBackup.enable = true;
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/postgresql"
       "/var/backup/postgresql"
     ];
diff --git a/modules/services/rss.nix b/modules/services/rss.nix
index c7fadd3..fa982e4 100644
--- a/modules/services/rss.nix
+++ b/modules/services/rss.nix
@@ -34,7 +34,7 @@ in
         };
       };
 
-      environment.persistence."/persist".directories = [
+      modules.persistence.directories = [
         "/var/lib/freshrss"
       ];
 
@@ -51,7 +51,7 @@ in
         whitelist = cfg.bridge.whitelist;
       };
 
-      environment.persistence."/persist".directories = [
+      modules.persistence.directories = [
         "/var/lib/rss-bridge"
       ];
 
diff --git a/modules/services/soju.nix b/modules/services/soju.nix
index 4302538..b2f4faf 100644
--- a/modules/services/soju.nix
+++ b/modules/services/soju.nix
@@ -41,7 +41,7 @@ in
 
     networking.firewall.allowedTCPPorts = [ cfg.port ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/private/soju"
     ];
   };
diff --git a/modules/services/tailscale.nix b/modules/services/tailscale.nix
index 8778524..97e1217 100644
--- a/modules/services/tailscale.nix
+++ b/modules/services/tailscale.nix
@@ -15,7 +15,7 @@ in
       useRoutingFeatures = "both";
     };
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/tailscale"
     ];
   };
diff --git a/modules/services/vikunja.nix b/modules/services/vikunja.nix
index 61e37c2..c54870b 100644
--- a/modules/services/vikunja.nix
+++ b/modules/services/vikunja.nix
@@ -38,7 +38,7 @@ in
       }
     ];
 
-    environment.persistence."/persist".directories = [
+    modules.persistence.directories = [
       "/var/lib/private/vikunja"
     ];
 
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index 238cb28..16e7c37 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -133,21 +133,6 @@ in
   services.openssh.enable = true;
   services.openssh.settings.PermitRootLogin = "prohibit-password";
 
-  services.openssh.hostKeys = [
-    {
-      path = "/persist/ssh/ssh_host_ed25519_key";
-      type = "ed25519";
-    }
-    {
-      path = "/persist/ssh/ssh_host_rsa_key";
-      type = "rsa";
-      bits = 4096;
-    }
-  ];
-
-  # impermanence requirement
-  fileSystems."/persist".neededForBoot = true;
-
   environment.systemPackages = with pkgs; [
     bsd-finger
   ];
@@ -176,6 +161,10 @@ in
 
   modules = {
     sops.enable = true;
+    persistence = {
+      enable = true;
+      storagePath = "/persist";
+    };
 
     services.backup = {
       enable = true;
author	sefidel <contact@sefidel.net>	2024-01-11 14:39:13 +0900
committer	sefidel <contact@sefidel.net>	2024-01-12 00:18:45 +0900
commit	a0e13034700e6a697c1adac3050702a1d3ba0ecd (patch)
tree	548dbde56bfaa84b0d9686effd2941810fa06fd9
parent	a670d5289903cd6236c3203fb1283f4e664e604c (diff)
download	infra-a0e13034700e6a697c1adac3050702a1d3ba0ecd.zip