zaphyra's git: nixfiles

zaphyra and void's nixfiles

commit 251f021b77252566e3d740e469198fad3056a5ad
parent ffed207fcf96dfe4bcc425c3a81782424846e8e8
Author: Katja (zaphyra) <git@ctu.cx>
Date: Fri, 6 Jun 2025 19:05:04 +0200

config/nixos: impermanence fixes

4 files changed, 25 insertions(+), 3 deletions(-)
M
config/nixos/modules/boot/secureboot.nix
|
6
+++++-
M
config/nixos/modules/gnomeMinimal.nix
|
11
+++++++++++
M
config/nixos/modules/services/knot.nix
|
9
++++++++-
M
config/nixos/modules/websites/dav.zaphyra.eu.nix
|
2
+-
diff --git a/config/nixos/modules/boot/secureboot.nix b/config/nixos/modules/boot/secureboot.nix
@@ -22,6 +22,11 @@ in
     lib.mkMerge [
       (lib.mkIf cfg.secureboot {
         environment.systemPackages = with pkgs; [ sbctl ];
+
+        modules.filesystem.impermanence.system.dirs = [
+          "/var/lib/sbctl"
+        ];
+
         boot = {
           lanzaboote = {
             enable = true;

@@ -30,7 +35,6 @@ in
           };
           loader.systemd-boot.enable = lib.mkForce false;
         };
-        #          modules.filesystem.impermanence.system.extra.dirs = [ "/var/lib/secureboot" ];
       })
       (lib.mkIf (!cfg.secureboot) {
         boot.loader.systemd-boot = {

diff --git a/config/nixos/modules/gnomeMinimal.nix b/config/nixos/modules/gnomeMinimal.nix
@@ -61,6 +61,17 @@ in
     in
     {
 
+      modules.filesystem.impermanence.system.dirs = [
+        "/etc/NetworkManager/system-connections"
+        "/var/lib/NetworkManager"
+        {
+          directory = "/var/lib/colord";
+          user = "colord";
+          group = "colord";
+          mode = "u=rwx,g=rx,o=";
+        }
+      ];
+
       # patched to remove xorg and xwayland completely
       nixpkgs.overlays = [
         (final: prev: {

diff --git a/config/nixos/modules/services/knot.nix b/config/nixos/modules/services/knot.nix
@@ -96,7 +96,14 @@ in
     networking.firewall.allowedTCPPorts = [ 53 ];
     networking.firewall.allowedUDPPorts = [ 53 ];
 
-    modules.filesystem.impermanence.system.dirs = [ cfg.dataDir ];
+    modules.filesystem.impermanence.system.dirs = [
+      {
+        directory = cfg.dataDir;
+        mode = "0770";
+        user = "knot";
+        group = "knot";
+      }
+    ];
 
     systemd.tmpfiles.settings = {
       knotDataDir."${cfg.dataDir}".d = {

diff --git a/config/nixos/modules/websites/dav.zaphyra.eu.nix b/config/nixos/modules/websites/dav.zaphyra.eu.nix
@@ -35,7 +35,7 @@ in
     modules.filesystem.impermanence.system.dirs = [
       {
         directory = "/var/lib/radicale";
-        mode = "0700";
+        mode = "0770";
         user = config.systemd.services.radicale.serviceConfig.User;
         group = config.systemd.services.radicale.serviceConfig.Group;
       }