From a1aa812cfa1f3a51f74e6dcd1f1a608845a9439c Mon Sep 17 00:00:00 2001 From: sadan <117494111+sadan4@users.noreply.github.com> Date: Tue, 25 Feb 2025 19:44:22 -0500 Subject: [PATCH] use systemd tmpfiles instead of sops as sops unloads files when the user logs out --- common/users/docker/obsidian/default.nix | 35 ++++-------------------- common/users/docker/vw/default.nix | 12 ++++++-- 2 files changed, 15 insertions(+), 32 deletions(-) diff --git a/common/users/docker/obsidian/default.nix b/common/users/docker/obsidian/default.nix index 1243bee..6f8cb09 100644 --- a/common/users/docker/obsidian/default.nix +++ b/common/users/docker/obsidian/default.nix @@ -9,39 +9,18 @@ source = ./docker-compose.yaml; target = "./src/obsidian/docker-compose.yaml"; }; - # Docker is stupid and wont read a symlinked Dockerfile - # couchdb_dockerfile = { - # source = ./Dockerfile; - # target = "./src/obsidian/Dockerfile"; - # }; - # not only will it not load a symlinked dockerfile, it refuses to copy any symlinked file - # couchdb_vm-args = { - # source = ./vm.args; - # target = "./src/obsidian/vm.args"; - # }; - # couchdb_docker-default = { - # source = ./10-docker-default.ini; - # target = "./src/obsidian/10-docker-default.ini"; - # }; - # couchdb_docker-entrypoint-sh = { - # source = ./docker-entrypoint.sh; - # target = "./src/obsidian/docker-entrypoint.sh"; - # }; }; }; systemd = { user = { tmpfiles = { rules = [ - "C /home/${config.home.username}/src/obsidian/Dockerfile 0444 - - - ${./Dockerfile}" - "C /home/${config.home.username}/src/obsidian/docker-entrypoint.sh 0555 - - - ${./docker-entrypoint.sh}" - "C /home/${config.home.username}/src/obsidian/10-docker-default.ini 0444 - - - ${./10-docker-default.ini}" - "C /home/${config.home.username}/src/obsidian/vm.args 0444 - - - ${./vm.args}" - # root is needed to +i - # "h /home/${config.home.username}/src/obsidian/Dockerfile - - - - i" - # "h /home/${config.home.username}/src/obsidian/docker-entrypoint.sh - - - - i" - # "h /home/${config.home.username}/src/obsidian/10-docker-default.ini - - - - i" - # "h /home/${config.home.username}/src/obsidian/vm.args - - - - i" + "C /home/${config.home.username}/src/obsidian/Dockerfile 0444 - - 0 ${./Dockerfile}" + "C /home/${config.home.username}/src/obsidian/docker-entrypoint.sh 0555 - - 0 ${./docker-entrypoint.sh}" + "C /home/${config.home.username}/src/obsidian/10-docker-default.ini 0444 - - 0 ${./10-docker-default.ini}" + "C /home/${config.home.username}/src/obsidian/vm.args 0444 - - 0 ${./vm.args}" + "C /home/${config.home.username}/src/obsidian/docker.ini 0444 - - 0 ${config.sops.secrets.couchdb_docker-ini.path}" + "C /home/${config.home.username}/src/obsidian/couchdb.env 0444 - - 0 ${config.sops.secrets.couchdb_env.path}" ]; }; }; @@ -51,13 +30,11 @@ couchdb_env = { format = "dotenv"; sopsFile = ./couchdb.env; - path = "/home/${config.home.username}/src/obsidian/couchdb.env"; }; # encrypted because it has a hashed password couchdb_docker-ini = { format = "ini"; sopsFile = ./docker.ini; - path = "/home/${config.home.username}/src/obsidian/docker.ini"; }; }; }; diff --git a/common/users/docker/vw/default.nix b/common/users/docker/vw/default.nix index d24d26b..52ec0a6 100644 --- a/common/users/docker/vw/default.nix +++ b/common/users/docker/vw/default.nix @@ -11,22 +11,28 @@ }; }; }; + systemd = { + tmpfiles = { + rules = [ + "C /home/${config.home.username}/src/vw/rclone-config/rclone/rclone.conf 0444 - - 0 ${config.sops.secrets.rclone_config_file.path}" + "C /home/${config.home.username}/src/vw/vw.env 0444 - - 0 ${config.sops.secrets.vw.path}" + "C /home/${config.home.username}/src/vw/backup.env 0444 - - 0 ${config.sops.secrets.vw_backup.path}" + ]; + }; + }; sops = { secrets = { vw = { format = "dotenv"; sopsFile = ./vw.env; - path = "/home/${config.home.username}/src/vw/vw.env"; }; rclone_config_file = { format = "binary"; sopsFile = ./rclone.conf; - path = "/home/${config.home.username}/src/vw/rclone-config/rclone/rclone.conf"; }; vw_backup = { format = "dotenv"; sopsFile = ./backup.env; - path = "/home/${config.home.username}/src/vw/backup.env"; }; }; };