将 impermanence 移到 system 模块中

2026-01-12 05:29:23 +08:00 · 2023-09-02 16:40:17 +08:00
parent b00a0b51e7
commit 5132bded49
4 changed files with 71 additions and 65 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -129,6 +129,7 @@
                  patches = [ "cjktty" "preempt" ];
                  modules.modprobeConfig = [ "options iwlmvm power_scheme=1" "options iwlwifi uapsd_disable=1" ];
                };
+                impermanence.enable = true;
              };
              hardware =
              {
@@ -159,7 +160,6 @@
              };
              services =
              {
-                impermanence.enable = true;
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                fontconfig.enable = true;
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
@@ -256,11 +256,11 @@
                  sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
                };
                kernel.patches = [ "preempt" ];
+                impermanence.enable = true;
              };
              packages.packageSet = "server";
              services =
              {
-                impermanence.enable = true;
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
                sshd.enable = true;
@@ -367,6 +367,7 @@
                  sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
                };
                kernel.patches = [ "preempt" ];
+                impermanence = { enable = true; nodatacow = "/nix/nodatacow"; };
              };
              packages =
              {
@@ -374,7 +375,6 @@
              };
              services =
              {
-                impermanence = { enable = true; nodatacow = "/nix/nodatacow"; };
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
                sshd.enable = true;
@@ -420,11 +420,11 @@
                  sshd = { enable = true; hostKeys = [ "/nix/persistent/etc/ssh/initrd_ssh_host_ed25519_key" ]; };
                };
                kernel.patches = [ "preempt" ];
+                impermanence.enable = true;
              };
              packages.packageSet = "server";
              services =
              {
-                impermanence.enable = true;
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
                sshd.enable = true;
@@ -580,6 +580,7 @@
                grub.installDevice = "efi";
                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
                kernel.patches = [ "cjktty" "preempt" ];
+                impermanence.enable = true;
              };
              hardware =
              {
@@ -594,7 +595,6 @@
              virtualization.docker.enable = true;
              services =
              {
-                impermanence.enable = true;
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                fontconfig.enable = true;
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
@@ -636,6 +636,7 @@
                gui.enable = true;
                nix.substituters = [ "https://cache.nixos.org/" "https://nix-store.chn.moe" ];
                kernel.patches = [ "cjktty" "preempt" ];
+                impermanence.enable = true;
              };
              hardware =
              {
@@ -650,7 +651,6 @@
              virtualization.docker.enable = true;
              services =
              {
-                impermanence.enable = true;
                snapper = { enable = true; configs.persistent = "/nix/persistent"; };
                fontconfig.enable = true;
                sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -17,13 +17,6 @@ inputs:
  ];
  options.nixos.services = let inherit (inputs.lib) mkOption types; in
  {
-    impermanence =
-    {
-      enable = mkOption { type = types.bool; default = false; };
-      persistence = mkOption { type = types.nonEmptyStr; default = "/nix/persistent"; };
-      root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
-      nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
-    };
    snapper =
    {
      enable = mkOption { type = types.bool; default = false; };
@@ -101,58 +94,6 @@ inputs:
      inherit (builtins) map listToAttrs toString;
    in mkMerge
    [
-      (
-        mkIf services.impermanence.enable
-        {
-          environment.persistence =
-          {
-            "${services.impermanence.persistence}" =
-            {
-              hideMounts = true;
-              directories =
-              [
-                "/etc/NetworkManager/system-connections"
-                "/home"
-                "/root"
-                "/var/db"
-                "/var/lib"
-                "/var/log"
-                "/var/spool"
-              ];
-              files =
-              [
-                "/etc/machine-id"
-                "/etc/ssh/ssh_host_ed25519_key.pub"
-                "/etc/ssh/ssh_host_ed25519_key"
-                "/etc/ssh/ssh_host_rsa_key.pub"
-                "/etc/ssh/ssh_host_rsa_key"
-              ];
-            };
-            "${services.impermanence.root}" =
-            {
-              hideMounts = true;
-              directories = []
-                ++ (if inputs.config.services.xserver.displayManager.sddm.enable then
-                  [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
-            };
-          }
-          // (
-            if (services.impermanence.nodatacow != null) then
-            {
-              "${services.impermanence.nodatacow}" =
-              {
-                hideMounts = true;
-                directories =
-                [
-                  "/var/lib/postgresql"
-                  "/var/lib/meilisearch"
-                ];
-              };
-            }
-            else {}
-          );
-        }
-      )
      (
        mkIf services.snapper.enable
        {
--- a/modules/system/default.nix
+++ b/modules/system/default.nix
@@ -7,6 +7,7 @@ inputs:
    ./grub.nix
    ./initrd.nix
    ./kernel.nix
+    ./impermanence.nix
  ];
  options.nixos.system = let inherit (inputs.lib) mkOption types; in
  {
--- a/modules/system/impermanence.nix
+++ b/modules/system/impermanence.nix
@@ -0,0 +1,64 @@
+inputs:
+{
+  options.nixos.system.impermanence = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    persistence = mkOption { type = types.nonEmptyStr; default = "/nix/persistent"; };
+    root = mkOption { type = types.nonEmptyStr; default = "/nix/rootfs/current"; };
+    nodatacow = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+  };
+  config =
+    let
+      inherit (inputs.lib) mkIf;
+      inherit (inputs.config.nixos.system) impermanence;
+    in mkIf impermanence.enable
+    {
+      environment.persistence =
+      {
+        "${impermanence.persistence}" =
+        {
+          hideMounts = true;
+          directories =
+          [
+            "/etc/NetworkManager/system-connections"
+            "/home"
+            "/root"
+            "/var/db"
+            "/var/lib"
+            "/var/log"
+            "/var/spool"
+          ];
+          files =
+          [
+            "/etc/machine-id"
+            "/etc/ssh/ssh_host_ed25519_key.pub"
+            "/etc/ssh/ssh_host_ed25519_key"
+            "/etc/ssh/ssh_host_rsa_key.pub"
+            "/etc/ssh/ssh_host_rsa_key"
+          ];
+        };
+        "${impermanence.root}" =
+        {
+          hideMounts = true;
+          directories = []
+            ++ (if inputs.config.services.xserver.displayManager.sddm.enable then
+              [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
+        };
+      }
+      // (
+        if (impermanence.nodatacow != null) then
+        {
+          "${impermanence.nodatacow}" =
+          {
+            hideMounts = true;
+            directories =
+            [
+              "/var/lib/postgresql"
+              "/var/lib/meilisearch"
+            ];
+          };
+        }
+        else {}
+      );
+    };
+}