From 4b1483327b99e7f81f1fb0568773d20f8af2b8e3 Mon Sep 17 00:00:00 2001 From: LavaDesu Date: Tue, 9 Aug 2022 15:17:30 +0700 Subject: [PATCH] treewide: persist rework --- hosts/caramel/filesystem.nix | 1 - hosts/sugarcane/filesystem.nix | 2 +- modules/system/base.nix | 10 +++++----- modules/system/security.nix | 4 ++-- res/authorized_keys | 2 ++ users/hana/default.nix | 4 ++-- 6 files changed, 12 insertions(+), 11 deletions(-) create mode 100644 res/authorized_keys diff --git a/hosts/caramel/filesystem.nix b/hosts/caramel/filesystem.nix index da67f38..5cc264c 100644 --- a/hosts/caramel/filesystem.nix +++ b/hosts/caramel/filesystem.nix @@ -43,7 +43,6 @@ in { neededForBoot = true; }; - "/var/persist" = bind "/persist"; "/var/lib/acme" = bind "/persist/acme"; "/var/log/journal" = bind "/persist/journal"; "/boot" = (bind "/mnt/image/boot") // { depends = [ "/mnt/image" ]; }; diff --git a/hosts/sugarcane/filesystem.nix b/hosts/sugarcane/filesystem.nix index c929023..cc3db8e 100644 --- a/hosts/sugarcane/filesystem.nix +++ b/hosts/sugarcane/filesystem.nix @@ -22,7 +22,7 @@ in { neededForBoot = true; }; - "/var/persist" = bind "/nix/persist"; + "/persist" = bind "/nix/persist"; "/var/log/journal" = bind "/nix/persist/journal"; "/boot" = bind "/nix/persist/boot"; }; diff --git a/modules/system/base.nix b/modules/system/base.nix index af1106a..0ca07dc 100644 --- a/modules/system/base.nix +++ b/modules/system/base.nix @@ -1,10 +1,10 @@ { config, enableGUI, inputs, modules, overlays, ... }: { environment.etc = { - "machine-id".source = "/var/persist/machine-id"; - "ssh/ssh_host_rsa_key".source = "/var/persist/ssh_host_rsa_key"; - "ssh/ssh_host_rsa_key.pub".source = "/var/persist/ssh_host_rsa_key.pub"; - "ssh/ssh_host_ed25519_key".source = "/var/persist/ssh_host_ed25519_key"; - "ssh/ssh_host_ed25519_key.pub".source = "/var/persist/ssh_host_ed25519_key.pub"; + "machine-id".source = "/persist/machine-id"; + "ssh/ssh_host_rsa_key".source = "/persist/ssh_host_rsa_key"; + "ssh/ssh_host_rsa_key.pub".source = "/persist/ssh_host_rsa_key.pub"; + "ssh/ssh_host_ed25519_key".source = "/persist/ssh_host_ed25519_key"; + "ssh/ssh_host_ed25519_key.pub".source = "/persist/ssh_host_ed25519_key.pub"; }; environment.pathsToLink = [ "/share/zsh" ]; diff --git a/modules/system/security.nix b/modules/system/security.nix index eeedda7..a0399f0 100644 --- a/modules/system/security.nix +++ b/modules/system/security.nix @@ -15,12 +15,12 @@ hostKeys = [ { bits = 4096; - path = "/var/persist/ssh_host_rsa_key"; + path = "/persist/ssh_host_rsa_key"; rounds = 100; type = "rsa"; } { - path = "/var/persist/ssh_host_ed25519_key"; + path = "/persist/ssh_host_ed25519_key"; rounds = 100; type = "ed25519"; } diff --git a/res/authorized_keys b/res/authorized_keys new file mode 100644 index 0000000..9e9178d --- /dev/null +++ b/res/authorized_keys @@ -0,0 +1,2 @@ +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPru5eTBvHJ4ZmrrzPRHCGM09wQP/ZHSaKYalDuBVO15 rin@blossom +ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIJ5l9t8dc6mPsKKYqZlPKvhOdyqz+DS5UOcvHuh3uVGt @strawberry diff --git a/users/hana/default.nix b/users/hana/default.nix index 4bef521..9ccf5e5 100644 --- a/users/hana/default.nix +++ b/users/hana/default.nix @@ -24,8 +24,8 @@ ]; programs.git.signing.signByDefault = lib.mkForce false; - programs.zsh.history.path = lib.mkForce "/nix/persist/hana/zsh_history"; + programs.zsh.history.path = lib.mkForce "/persist/hana/zsh_history"; - home.file.".ssh/authorized_keys".source = config.lib.file.mkOutOfStoreSymlink "/nix/persist/hana/authorized_keys"; + home.file.".ssh/authorized_keys".source = ../../res/authorized_keys; }; }