sync

Arcanyx-org · Dec 31, 2024 · 88adccc · 88adccc
1 parent 15395a0
commit 88adccc
Show file tree

Hide file tree

Showing 5 changed files with 37 additions and 41 deletions.
diff --git a/src/nixos/machines/ignucius/config/disks.nix b/src/nixos/machines/ignucius/config/disks.nix
@@ -48,7 +48,7 @@ in mkMerge [
 				system = {
 					device = diskoDevice;
 					type = "disk";
-					imageSize = "50G"; # Size of the generated image
+					imageSize = "30G"; # Size of the generated image
 					content = {
 						type = "gpt";
 						partitions = {

diff --git a/src/nixos/machines/ignucius/config/vm-build.nix b/src/nixos/machines/ignucius/config/vm-build.nix
@@ -16,13 +16,20 @@ in {
 		vmVariantWithDisko = {
 			virtualisation = {
 				fileSystems."/nix/persist/system".neededForBoot = true;
-				fileSystems."/nix/persist/users".neededForBoot = true;
 
-				# FIXME-BUG(Krey): This doesn't seem to work
-				resolution = {
-					x = 1280;
-					y = 720;
-				};
+				restrictNetwork = false; # Whether to Enable Network Connection
+
+				# More efficient space management as it won't be re-creating store paths in VM
+					mountHostNixStore = true;
+
+				# This is enabled by default and it will set up small (~500MB) /nix/rw-store mount that will cause most of the services to fail loading due to lack of space
+					writableStoreUseTmpfs = false;
+
+				# Set Virtual Resolution
+					resolution = {
+						x = 1280;
+						y = 720;
+					};
 
 				# error: EFI variables can be used only with a partition table of type: hybrid, efi, efixbootldr, or legacy+gpt.
 				# useBootLoader = true;
@@ -31,29 +38,29 @@ in {
 
 				# FIXME(Krey): Replace the secrets with dummies so that this can be used by others as well
 				# Mount local .ssh directory, so the secrets can be decrypted.
-				sharedDirectories."secrets_decryption_key" = {
-					source = "/nix/persist/users/kreyren/.ssh";
-					target = dirOf (builtins.head config.age.identityPaths);
-				};
+					sharedDirectories."secrets_decryption_key" = {
+						source = "/nix/persist/users/kreyren/.ssh";
+						target = dirOf (builtins.head config.age.identityPaths);
+					};
 			};
 
+			# Do not perform distributed builds as it's not subject of this VM check
+				nix.distributedBuilds = mkForce false;
+
 			# Setup autologin
 				# FIXME(Krey): This will make the system to hang on black screen after initrd phase for some reason
 				# services.displayManager.autoLogin.user = "kreyren";
 
-			# Enable Graphical User Interface
-				# FIXME(Krey): We should have e.g. `, vm-gui ...` task to deploy the system with these
-				services.xserver.enable = mkForce false;
-				services.xserver.desktopManager.gnome.enable = mkForce false;
-				services.xserver.displayManager.gdm.enable = mkForce false;
-
 			# Disable S.M.A.R.T. as QEMU VM doesn't provide the relevant endpoints
+				# FIXME(Krey): Figure out how to emulate the end-point
 				services.smartd.enable = mkForce false; # Disable S.M.A.R.T. Daemon
 
 			# Disable ThinkFan as it errors out as we don't have the /proc/acpi/ibm/thermal in QEMU
+				# FIXME(Krey): Figure out how to emulate the end-point
 				services.thinkfan.enable = mkForce false; # Disable thinkfan service
 
 			# Use a Dummy Cryptkey so that we don't have to input disk password
+				# FIXME(Krey): Any changes to `disko.*` appears to cause `no type option set in` error
 				# disko.devices.disk.cryptkey = {
 				# 	type = "disk";
 				# 	content.type = "gpt";
@@ -86,7 +93,7 @@ in {
 
 				# FIXME(Krey): For some reason this results in no option type even when the same configuration works outside of vmVariantWithDisko?
 					# error: No type option set in
-					# disko.devices.disk.system.content.partitions.store.content.passwosssrdFile = mkForce (pkgs.writeText "ignucius-disks-password" "000000").outPath;
+					# disko.devices.disk.system.content.partitions.store.content.passwordFile = mkForce (pkgs.writeText "ignucius-disks-password" "000000").outPath;
 
 					# disko.devices.disk.system.content.partitions.swap.content.passsssswordFile = mkForce (pkgs.writeText "ignucius-disks-password" "000000").outPath;
 
@@ -106,10 +113,6 @@ in {
 				# FIXME(Krey): Fails with **No Type option set in**, apparently we can't change disko.* in here?
 				# disko.devices.disk.system.content.partitions.swap.size = mkForce null; # Unset swap partition
 
-			# FIXME(Krey): Using Impermanence seems to cause failure of **Transport endpoint is not connected** for the declared pathnames (fuse issues in QEMU?)
-				# Apparently we can't even change home-manager configurations this way: error: The option `virtualisation.vmVariantWithDisko.home-manager.users.kreyren.boot' does not exist. Definition values:
-				# home-manager.users.kreyren.boot.home.impermanence.enable = mkForce false;
-
 			# Set Default Passwords For Users
 				users.users.kreyren = {
 					hashedPasswordFile = mkForce null;

diff --git a/src/nixos/modules/system/impermenance/impermenance.nix b/src/nixos/modules/system/impermenance/impermenance.nix
@@ -1,4 +1,4 @@
-{ config, lib, ...}:
+{ config, lib, pkgs, ...}:
 
 # Global Management of Impermanence
 
@@ -36,18 +36,16 @@ in mkIf config.boot.impermanence.enable {
 		boot.initrd.systemd.suppressedUnits = [ "systemd-machine-id-commit.service" ];
 		systemd.suppressedSystemUnits = [ "systemd-machine-id-commit.service" ];
 
-
-	# The configuration will deploy the user directories owned by root:root which will cause the user's home manager to fail deployment due to permission denied error, so we need to change the ownership before home-manager setup
-		# Plan A
-		# system.activationScripts.change-ownership-persist-users = ''chown root:users /nix/persist/users''; # Set Permission Of the Persistent Users Directory
-
-		# Plan B
-			# systemd.tmpfiles.rules = [
-			# 	"d /persist/home/${username} 0700 ${username} users"
-			# 	# We need to explicitly set ownership on the home directory when using impermanence.
-			# 	# Otherwise, it will be owned as root, and home-manager will fail.
-			# 	"d /home/${username} 0700 ${username} users"
-			# ];
+	# Set permission for the users directory
+	systemd.services.setUserPersistPermissions = {
+		description = "Set ownership and permissions for /nix/persist/users";
+		wantedBy = [ "multi-user.target" ];
+		after = [ "local-fs.target" ];  # Ensure this runs after the filesystem is mounted
+		script = builtins.concatStringsSep "\n" [
+			"${pkgs.coreutils}/bin/chown root:users /nix/persist/users"
+			"${pkgs.coreutils}/bin/chmod 770 /nix/persist/users"
+		];
+	};
 
 	age.identityPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ]; # Add impermenant path for keys
 

diff --git a/src/nixos/users/users/kreyren/home/modules/system/impermanence/impermanence.nix b/src/nixos/users/users/kreyren/home/modules/system/impermanence/impermanence.nix
@@ -64,5 +64,5 @@ in {
 		allowOther = true; # FIXME-DOCS(Krey): What is this used for?
 	};
 
-	home.stateVersion = nixosConfig.system.nixos.release; # Impermanence does not have state
+	home.stateVersion = nixosConfig.system.nixos.release; # Impermanence enables declarative state management so we don't need to set any
 }
diff --git a/src/nixos/users/users/kreyren/kreyren.nix b/src/nixos/users/users/kreyren/kreyren.nix
@@ -26,11 +26,6 @@ in {
 		openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzh6FRxWUemwVeIDsr681fgJ2Q2qCnwJbvFe4xD15ve kreyren@fsfe.org" ];
 	};
 
-	# system.activationScripts.make-homedir-kreyren = builtins.concatStringsSep "\n" [
-	# 	"mkdir /nix/persist/users/kreyren"
-	# 	"chown kreyren:users /nix/persist/users/kreyren" # Set Permission Of the Persistent Users Directory
-	# ];
-
 	users.users.root.openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOzh6FRxWUemwVeIDsr681fgJ2Q2qCnwJbvFe4xD15ve kreyren@fsfe.org" ]; # Allow root access for all systems for kreyren
 
 	nix.settings.trusted-users = [ "kreyren" ]; # Add Kreyren in Trusted-Users