Add dynamic motd with tmproot warning

2022-02-13 04:01:22 +00:00 · 2022-02-13 04:01:22 +00:00 · 0f2c3b1f36
commit 0f2c3b1f36
parent baa3956ed5
3 changed files with 52 additions and 7 deletions
--- a/flake.nix
+++ b/flake.nix
@ -64,6 +64,7 @@
        }) {
        common = "common.nix";
        build = "build.nix";
+        dynamic-motd = "dynamic-motd.nix";
        tmproot = "tmproot.nix";
        firewall = "firewall.nix";
        server = "server.nix";
--- a/modules/dynamic-motd.nix
+++ b/modules/dynamic-motd.nix
@ -0,0 +1,24 @@
+{ lib, pkgs, config, ... }:
+  let
+    inherit (lib) optionalAttrs filterAttrs genAttrs mkIf mkDefault;
+    inherit (lib.my) mkOpt mkBoolOpt;
+
+    cfg = config.my.dynamic-motd;
+
+    scriptBin = pkgs.writeShellScript "dynamic-motd-script" cfg.script;
+  in {
+    options.my.dynamic-motd = with lib.types; {
+      enable = mkBoolOpt true;
+      services = mkOpt (listOf str) [ "login" "ssh" ];
+      script = mkOpt (nullOr lines) null;
+    };
+
+    config = mkIf (cfg.enable && cfg.script != null) {
+      security.pam.services = genAttrs cfg.services (s: {
+        text = mkDefault
+          ''
+            session optional ${pkgs.pam}/lib/security/pam_exec.so stdout quiet ${scriptBin}
+          '';
+      });
+    };
+  }
--- a/modules/tmproot.nix
+++ b/modules/tmproot.nix
@ -1,4 +1,4 @@
-{ lib, pkgs, inputs, config, utils, ... }:
+{ lib, pkgs, inputs, config, ... }:
  let
    inherit (builtins) elem;
    inherit (lib) concatStringsSep concatMap concatMapStringsSep mkIf mkDefault mkMerge mkForce mkVMOverride;
@ -14,7 +14,7 @@
        import os

        ignored = [
-          ${concatStringsSep ",\n  " (map (p: "'${p}'") cfg.ignoreUnsaved)}
+          ${concatStringsSep ",\n  " (map (p: "'${p}'") cfg.unsaved.ignore)}
        ]

        base = '/'
@ -60,7 +60,10 @@
        enable = mkBoolOpt true;
        persistDir = mkOpt str "/persist";
        size = mkOpt str "2G";
-        ignoreUnsaved = mkOpt (listOf str) [];
+        unsaved = {
+          showMotd = mkBoolOpt true;
+          ignore = mkOpt (listOf str) [];
+        };
      };

      # Forward declare options that won't exist until the VM module is actually imported
@ -83,7 +86,7 @@
          }
        ];

-        my.tmproot.ignoreUnsaved = [
+        my.tmproot.unsaved.ignore = [
          "/tmp"

          # setup-etc.pl will create this for us
@ -153,6 +156,23 @@
          ];
        };

+        my.dynamic-motd.script = mkIf cfg.unsaved.showMotd
+          ''
+            tmprootUnsaved() {
+              local count="$(tmproot-unsaved | wc -l)"
+              [ $count -eq 0 ] && return
+
+              echo
+              echo -e "\t\e[31;1;4mWarning:\e[0m $count file(s) on / will be lost on shutdown!"
+              echo -e '\tTo see them, run `tmproot-unsaved` as root.'
+              echo -e '\tAdd these files to `environment.persistence."${cfg.persistDir}"` to keep them!'
+              echo -e '\tOtherwise, they can be ignored by adding to `my.tmproot.unsaved.ignore`.'
+              echo
+            }
+
+            tmprootUnsaved
+          '';
+
        fileSystems."/" = rootDef;

        virtualisation = {
@ -164,13 +184,13 @@
          concatMap (k: [ k.path "${k.path}.pub" ]) config.services.openssh.hostKeys;
      })
      (mkIf config.networking.resolvconf.enable {
-        my.tmproot.ignoreUnsaved = [ "/etc/resolv.conf" ];
+        my.tmproot.unsaved.ignore = [ "/etc/resolv.conf" ];
      })
      (mkIf config.security.doas.enable {
-        my.tmproot.ignoreUnsaved = [ "/etc/doas.conf" ];
+        my.tmproot.unsaved.ignore = [ "/etc/doas.conf" ];
      })
      (mkIf config.my.boot.isDevVM {
-        my.tmproot.ignoreUnsaved = [ "/nix" ];
+        my.tmproot.unsaved.ignore = [ "/nix" ];

        fileSystems = mkVMOverride {
          "/" = mkVMOverride' rootDef;