darkkirb/nixos-config
1
0
Fork 0
Code Issues 1 Pull requests 2 Projects Releases Packages Wiki Activity Actions

add impermanence

Browse source
This commit is contained in:
Charlotte 🦝 Delenk 2024-10-29 09:21:03 +01:00
parent afa31fe05b
commit 78eb350962
4 changed files with 111 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
flake.lock
View file

@ -71,6 +71,21 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1729068498,
"narHash": "sha256-C2sGRJl1EmBq0nO98TNd4cbUy20ABSgnHWXLIJQWRFA=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "e337457502571b23e449bf42153d7faa10c0a562",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"lix": { "lix": {
"inputs": { "inputs": {
"flake-compat": [ "flake-compat": [
@ -239,6 +254,7 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"flakey-profile": "flakey-profile", "flakey-profile": "flakey-profile",
"gitignore": "gitignore", "gitignore": "gitignore",
"impermanence": "impermanence",
"lix": "lix", "lix": "lix",
"lix-module": "lix-module", "lix-module": "lix-module",
"nix2container": "nix2container", "nix2container": "nix2container",

3
flake.nix
View file

@ -17,6 +17,9 @@
url = "github:hercules-ci/gitignore.nix"; url = "github:hercules-ci/gitignore.nix";
inputs.nixpkgs.follows = "nixpkgs"; inputs.nixpkgs.follows = "nixpkgs";
}; };
impermanence = {
url = "github:nix-community/impermanence";
};
lix = { lix = {
url = "git+https://git.lix.systems/lix-project/lix"; url = "git+https://git.lix.systems/lix-project/lix";
inputs.flake-compat.follows = "flake-compat"; inputs.flake-compat.follows = "flake-compat";

1
modules/default.nix
View file

@ -3,5 +3,6 @@
./riscv.nix ./riscv.nix
./containers/autoconfig.nix ./containers/autoconfig.nix
./lix.nix ./lix.nix
./impermanence.nix
]; ];
} }

91
modules/impermanence.nix Normal file
View file

@ -0,0 +1,91 @@
{
impermanence,
config,
lib,
pkgs,
inTester,
...
}:
with lib; {
imports = ["${impermanence}/nixos.nix"];
options = {
environment.impermanence = mkEnableOption "Enables impermanence";
};
config = mkMerge [
{
environment.impermanence = mkDefault (!config.boot.isContainer && !inTester);
}
(mkIf config.environment.impermanence {
boot.initrd.postDeviceCommands = mkAfter ''
mkdir /btrfs_tmp
mount ${config.fileSystems."/".device} -t btrfs /btrfs_tmp
if [[ -e /btrfs_tmp/root ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/root
umount /btrfs_tmp
'';
assertions = [
{
assertion = hasAttr "/" config.fileSystems;
message = "To use impermanence, you need to define a root volume";
}
{
assertion =
if hasAttr "/" config.fileSystems
then config.fileSystems."/".fsType == "btrfs"
else false;
message = "rootfs must be btrfs";
}
{
assertion =
if hasAttr "/" config.fileSystems
then any (t: t == "subvol=root") config.fileSystems."/".options
else false;
message = "rootfs must mount subvolume root";
}
];
fileSystems."/persistent" = {
device =
if hasAttr "/" config.fileSystems
then mkDefault config.fileSystems."/".device
else "/dev/null";
fsType = "btrfs";
options = ["subvol=persistent"];
neededForBoot = true;
};
environment.persistence."/persistent" = {
enable = true;
hideMounts = true;
directories = [
"/var/log"
"/var/lib/nixos"
];
files = [
"/etc/ssh/ssh_host_ecdsa_key"
"/etc/ssh/ssh_host_ecdsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
})
];
}