Add users optional home directory to fstab

Closes #267 Signed-off-by: Maurice Zhou <jasper@apvc.uk>
2022-02-15 14:28:00 +01:00
parent 11c527ed27
commit 4c2bb3a230
7 changed files with 98 additions and 16 deletions
--- a/ZFS/2-system-installation.rst
+++ b/ZFS/2-system-installation.rst
@@ -198,7 +198,15 @@ System Installation
    mkdir -p /mnt/boot/efi
    mount -t vfat ${INST_PRIMARY_DISK}-part1 /mnt/boot/efi

-#. Create optional user data datasets to omit data from rollback::
+#. Create separate user dataset at ``/home/User``, dateset name can be
+   changed later::
+
+     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/home/User
+
+   If needed, snapshot, rollback and other related permissions can be
+   delegated to the user later.
+
+#. Create optional program data datasets to omit data from rollback::

     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/games
     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/www
--- a/ZFS/5-bootloader.rst
+++ b/ZFS/5-bootloader.rst
@@ -86,7 +86,7 @@ Install GRUB
    cp /boot/efi/EFI/arch/grub/grub.cfg /boot/grub/grub.cfg

 #. For both legacy and EFI booting: mirror ESP content::
-   
+
    ESP_MIRROR=$(mktemp -d)
    cp -r /boot/efi/EFI $ESP_MIRROR
    for i in /boot/efis/*; do
@@ -144,12 +144,30 @@ Post installaion

 #. After reboot, consider adding a normal user::

+    # with root permissions
+    sudo -i
+
+    # store user name in a variable
    myUser=UserName
-    zfs create $(df --output=source /home | tail -n +2)/${myUser}
-    useradd -MUd /home/${myUser} -c 'My Name' ${myUser}
+
+    # rename default `User` to new user name
+    zfs rename $(df --output=source /home | tail -n +2)/User $(df --output=source /home | tail -n +2)/${myUser}
+
+    # update entry in fstab
+    sed -i "s|/home/User|/home/${myUser}|g" /etc/fstab
+
+    # add user
+    useradd --no-create-home --user-group --home-dir /home/${myUser} --comment 'My Name' ${myUser}
+
+    # delegate snapshot and destroy permissions of the home dataset to
+    # new user
    zfs allow -u ${myUser} mount,snapshot,destroy $(df --output=source /home | tail -n +2)/${myUser}
-    chown -R ${myUser}:${myUser} /home/${myUser}
+
+    # fix permissions
+    chown --recursive ${myUser}:${myUser} /home/${myUser}
    chmod 700 /home/${myUser}
+
+    # set new password for user
    passwd ${myUser}

   Set up cron job to snapshot user home everyday::
--- a/ZFS/2-system-installation.rst
+++ b/ZFS/2-system-installation.rst
@@ -209,7 +209,15 @@ System Installation
    mkdir -p /mnt/boot/efi
    mount -t vfat ${INST_PRIMARY_DISK}-part1 /mnt/boot/efi

-#. Create optional user data datasets to omit data from rollback::
+#. Create separate user dataset at ``/home/User``, dateset name can be
+   changed later::
+
+     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/home/User
+
+   If needed, snapshot, rollback and other related permissions can be
+   delegated to the user later.
+
+#. Create optional program data datasets to omit data from rollback::

     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/games
     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/www
--- a/ZFS/5-bootloader.rst
+++ b/ZFS/5-bootloader.rst
@@ -193,13 +193,33 @@ Post installaion

 #. After reboot, consider adding a normal user::

+    # with root permissions
+    sudo -i
+
+    # store user name in a variable
    myUser=UserName
-    zfs create $(df --output=source /home | tail -n +2)/${myUser}
-    useradd -MUd /home/${myUser} -c 'My Name' ${myUser}
+
+    # rename default `User` to new user name
+    zfs rename $(df --output=source /home | tail -n +2)/User $(df --output=source /home | tail -n +2)/${myUser}
+
+    # update entry in fstab
+    sed -i "s|/home/User|/home/${myUser}|g" /etc/fstab
+
+    # add user
+    useradd --no-create-home --user-group --home-dir /home/${myUser} --comment 'My Name' ${myUser}
+
+    # delegate snapshot and destroy permissions of the home dataset to
+    # new user
    zfs allow -u ${myUser} mount,snapshot,destroy $(df --output=source /home | tail -n +2)/${myUser}
-    chown -R ${myUser}:${myUser} /home/${myUser}
+
+    # fix permissions
+    chown --recursive ${myUser}:${myUser} /home/${myUser}
    chmod 700 /home/${myUser}
+
+    # fix selinux context
    restorecon /home/${myUser}
+
+    # set new password for user
    passwd ${myUser}

   Set up cron job to snapshot user home everyday::
--- a/ZFS/4-system-installation.rst
+++ b/ZFS/4-system-installation.rst
@@ -99,10 +99,10 @@ This generated state is not declaratively managed
 by NixOS and can not be reproduced from NixOS configuration.

 To ensure that the system state is fully managed by NixOS and reproducible,
-we need to periodically purge the system state and let NixOS 
+we need to periodically purge the system state and let NixOS
 regenerate root file system from scratch.

-Also see: `Erase your darlings: 
+Also see: `Erase your darlings:
 immutable infrastructure for mutable systems <https://grahamc.com/blog/erase-your-darlings>`__.

 Save mutable data to alternative path
@@ -122,7 +122,7 @@ Below are some tips.
  `environment.etc <https://nixos.org/manual/nixos/stable/options.html#opt-environment.etc>`__
  may be used::

-   environment.etc = { 
+   environment.etc = {
     "ssh/ssh_host_rsa_key".source = "/state/etc/ssh/ssh_host_rsa_key";
   }

--- a/ZFS/2-system-installation.rst
+++ b/ZFS/2-system-installation.rst
@@ -219,7 +219,15 @@ System Installation
    mkdir -p /mnt/boot/efi
    mount -t vfat ${INST_PRIMARY_DISK}-part1 /mnt/boot/efi

-#. Create optional user data datasets to omit data from rollback::
+#. Create separate user dataset at ``/home/User``, dateset name can be
+   changed later::
+
+     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/home/User
+
+   If needed, snapshot, rollback and other related permissions can be
+   delegated to the user later.
+
+#. Create optional program data datasets to omit data from rollback::

     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/games
     zfs create -o canmount=on rpool_$INST_UUID/$INST_ID/DATA/default/var/www
--- a/ZFS/5-bootloader.rst
+++ b/ZFS/5-bootloader.rst
@@ -215,13 +215,33 @@ Post installaion

 #. After reboot, consider adding a normal user::

+    # with root permissions
+    sudo -i
+
+    # store user name in a variable
    myUser=UserName
-    zfs create $(df --output=source /home | tail -n +2)/${myUser}
-    useradd -MUd /home/${myUser} -c 'My Name' ${myUser}
+
+    # rename default `User` to new user name
+    zfs rename $(df --output=source /home | tail -n +2)/User $(df --output=source /home | tail -n +2)/${myUser}
+
+    # update entry in fstab
+    sed -i "s|/home/User|/home/${myUser}|g" /etc/fstab
+
+    # add user
+    useradd --no-create-home --user-group --home-dir /home/${myUser} --comment 'My Name' ${myUser}
+
+    # delegate snapshot and destroy permissions of the home dataset to
+    # new user
    zfs allow -u ${myUser} mount,snapshot,destroy $(df --output=source /home | tail -n +2)/${myUser}
-    chown -R ${myUser}:${myUser} /home/${myUser}
+
+    # fix permissions
+    chown --recursive ${myUser}:${myUser} /home/${myUser}
    chmod 700 /home/${myUser}
+
+    # fix selinux context
    restorecon /home/${myUser}
+
+    # set new password for user
    passwd ${myUser}

   Set up cron job to snapshot user home everyday::