Fix ownership and permissions for chromium data

Also save SSH host keys for VMs that are using storage services Signed-off-by: Ivan Nikolaenko <[email protected]>
dmitry-erin · Aug 26, 2024 · 7341044 · 7341044
1 parent a373c8c
commit 7341044
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 11 deletions.
diff --git a/modules/microvm/virtualization/microvm/common/storagevm.nix b/modules/microvm/virtualization/microvm/common/storagevm.nix
@@ -36,6 +36,32 @@ in
         Directories to bind mount to persistent storage.
       '';
     };
+
+    users = mkOption {
+      type = types.anything;
+      default = { };
+      example = {
+        "user".directories = [
+          "Downloads"
+          "Music"
+          "Pictures"
+          "Documents"
+          "Videos"
+        ];
+      };
+      description = ''
+        User-specific directories to bind mount to persistent storage.
+      '';
+    };
+
+    files = mkOption {
+      type = types.anything;
+      default = [ ];
+      example = [ "/etc/machine-id" ];
+      description = ''
+        Files to bind mount to persistent storage.
+      '';
+    };
   };
 
   config = lib.mkIf cfg.enable {
@@ -51,10 +77,15 @@ in
       }
     ];
 
-    environment.persistence.${mountPath} = {
-      hideMounts = true;
-      inherit (cfg) directories;
-      # inherit (cfg) directories;
-    };
+    environment.persistence.${mountPath} = lib.mkMerge [
+      {
+        hideMounts = true;
+        files = [
+          "/etc/ssh/ssh_host_ed25519_key.pub"
+          "/etc/ssh/ssh_host_ed25519_key"
+        ];
+      }
+      { inherit (cfg) directories users files; }
+    ];
   };
 }
diff --git a/modules/reference/appvms/business.nix b/modules/reference/appvms/business.nix
@@ -10,9 +10,10 @@
 let
   #TODO: Move this to a common place
   xdgPdfPort = 1200;
+  name = "business";
 in
 {
-  name = "business";
+  name = "${name}";
   packages =
     let
       # PDF XDG handler is executed when the user opens a PDF file in the browser
@@ -78,8 +79,8 @@ in
       ghaf.reference.programs.chromium.enable = true;
       ghaf.storagevm = {
         enable = true;
-        name = "business";
-        directories = [ "/home/${config.ghaf.users.accounts.user}/.config" ];
+        name = "${name}";
+        users.${config.ghaf.users.accounts.user}.directories = [ ".config" ];
       };
 
       # Set default PDF XDG handler

diff --git a/modules/reference/appvms/chromium.nix b/modules/reference/appvms/chromium.nix
@@ -10,9 +10,10 @@
 let
   inherit (lib) hasAttr optionals;
   xdgPdfPort = 1200;
+  name = "chromium";
 in
 {
-  name = "chromium";
+  name = "${name}";
   packages =
     let
       # PDF XDG handler is executed when the user opens a PDF file in the browser
@@ -73,8 +74,8 @@ in
       ghaf.reference.programs.chromium.enable = true;
       ghaf.storagevm = {
         enable = true;
-        name = "business";
-        directories = [ "/home/${config.ghaf.users.accounts.user}/.config" ];
+        name = "${name}";
+        users.${config.ghaf.users.accounts.user}.directories = [ ".config" ];
       };
 
       # Set default PDF XDG handler