dev/nixfiles
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Wiki Activity

Add dynamic motd with tmproot warning

Browse Source
This commit is contained in:
Jack O'Sullivan 2022-02-13 04:01:22 +00:00
parent baa3956ed5
commit 0f2c3b1f36
3 changed files with 52 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
flake.nix
View File

@ -64,6 +64,7 @@
}) { }) {
common = "common.nix"; common = "common.nix";
build = "build.nix"; build = "build.nix";
dynamic-motd = "dynamic-motd.nix";
tmproot = "tmproot.nix"; tmproot = "tmproot.nix";
firewall = "firewall.nix"; firewall = "firewall.nix";
server = "server.nix"; server = "server.nix";

24
modules/dynamic-motd.nix Normal file
View File

@ -0,0 +1,24 @@
{ lib, pkgs, config, ... }:
let
inherit (lib) optionalAttrs filterAttrs genAttrs mkIf mkDefault;
inherit (lib.my) mkOpt mkBoolOpt;
cfg = config.my.dynamic-motd;
scriptBin = pkgs.writeShellScript "dynamic-motd-script" cfg.script;
in {
options.my.dynamic-motd = with lib.types; {
enable = mkBoolOpt true;
services = mkOpt (listOf str) [ "login" "ssh" ];
script = mkOpt (nullOr lines) null;
};
config = mkIf (cfg.enable && cfg.script != null) {
security.pam.services = genAttrs cfg.services (s: {
text = mkDefault
''
session optional ${pkgs.pam}/lib/security/pam_exec.so stdout quiet ${scriptBin}
'';
});
};
}

34
modules/tmproot.nix
View File

@ -1,4 +1,4 @@
{ lib, pkgs, inputs, config, utils, ... }: { lib, pkgs, inputs, config, ... }:
let let
inherit (builtins) elem; inherit (builtins) elem;
inherit (lib) concatStringsSep concatMap concatMapStringsSep mkIf mkDefault mkMerge mkForce mkVMOverride; inherit (lib) concatStringsSep concatMap concatMapStringsSep mkIf mkDefault mkMerge mkForce mkVMOverride;
@ -14,7 +14,7 @@
import os import os
ignored = [ ignored = [
${concatStringsSep ",\n " (map (p: "'${p}'") cfg.ignoreUnsaved)} ${concatStringsSep ",\n " (map (p: "'${p}'") cfg.unsaved.ignore)}
] ]
base = '/' base = '/'
@ -60,7 +60,10 @@
enable = mkBoolOpt true; enable = mkBoolOpt true;
persistDir = mkOpt str "/persist"; persistDir = mkOpt str "/persist";
size = mkOpt str "2G"; size = mkOpt str "2G";
ignoreUnsaved = mkOpt (listOf str) []; unsaved = {
showMotd = mkBoolOpt true;
ignore = mkOpt (listOf str) [];
};
}; };
# Forward declare options that won't exist until the VM module is actually imported # Forward declare options that won't exist until the VM module is actually imported
@ -83,7 +86,7 @@
} }
]; ];
my.tmproot.ignoreUnsaved = [ my.tmproot.unsaved.ignore = [
"/tmp" "/tmp"
# setup-etc.pl will create this for us # setup-etc.pl will create this for us
@ -153,6 +156,23 @@
]; ];
}; };
my.dynamic-motd.script = mkIf cfg.unsaved.showMotd
''
tmprootUnsaved() {
local count="$(tmproot-unsaved | wc -l)"
[ $count -eq 0 ] && return
echo
echo -e "\t\e[31;1;4mWarning:\e[0m $count file(s) on / will be lost on shutdown!"
echo -e '\tTo see them, run `tmproot-unsaved` as root.'
echo -e '\tAdd these files to `environment.persistence."${cfg.persistDir}"` to keep them!'
echo -e '\tOtherwise, they can be ignored by adding to `my.tmproot.unsaved.ignore`.'
echo
}
tmprootUnsaved
'';
fileSystems."/" = rootDef; fileSystems."/" = rootDef;
virtualisation = { virtualisation = {
@ -164,13 +184,13 @@
concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys; concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
}) })
(mkIf config.networking.resolvconf.enable { (mkIf config.networking.resolvconf.enable {
my.tmproot.ignoreUnsaved = [ "/etc/resolv.conf" ]; my.tmproot.unsaved.ignore = [ "/etc/resolv.conf" ];
}) })
(mkIf config.security.doas.enable { (mkIf config.security.doas.enable {
my.tmproot.ignoreUnsaved = [ "/etc/doas.conf" ]; my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ];
}) })
(mkIf config.my.boot.isDevVM { (mkIf config.my.boot.isDevVM {
my.tmproot.ignoreUnsaved = [ "/nix" ]; my.tmproot.unsaved.ignore = [ "/nix" ];
fileSystems = mkVMOverride { fileSystems = mkVMOverride {
"/" = mkVMOverride' rootDef; "/" = mkVMOverride' rootDef;