magic_rb/dotfiles
1
0
Fork 0
mirror of https://git.sr.ht/~magic_rb/dotfiles synced 2024-11-22 08:04:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add omen impermenance

Browse source 
Signed-off-by: MagicRB <richard@brezak.sk>
This commit is contained in:
MagicRB 2023-10-03 16:55:14 +02:00
parent 05d186d304
commit 260a917558
No known key found for this signature in database
GPG key ID: 08D5287CC5DDCA0E
5 changed files with 139 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
flake.nix
View file

@ -18,6 +18,7 @@
website.url = "sourcehut:~magic_rb/website"; website.url = "sourcehut:~magic_rb/website";
microvm.url = "github:astro/microvm.nix"; microvm.url = "github:astro/microvm.nix";
notnft.url = "github:chayleaf/notnft"; notnft.url = "github:chayleaf/notnft";
impermenance.url = "path:///nix/persist/home/main/repos/impermanence";
disko.url = "github:nix-community/disko"; disko.url = "github:nix-community/disko";
nixos-anywhere.url = "github:numtide/nixos-anywhere"; nixos-anywhere.url = "github:numtide/nixos-anywhere";
@ -99,6 +100,7 @@
overlays/terraform-provider-influxdb-v2.nix overlays/terraform-provider-influxdb-v2.nix
overlays/bootloadHID.nix overlays/bootloadHID.nix
overlays/itp overlays/itp
overlays/show-files-to-be-deleted
inputs.uterranix.flakeModule inputs.uterranix.flakeModule
]; ];

2
nixos/systems/omen/default.nix
View file

@ -36,6 +36,7 @@ in
./users.nix ./users.nix
./nixpkgs.nix ./nixpkgs.nix
../../common/sound.nix ../../common/sound.nix
./impermenance.nix
# ./test-vm.nix # ./test-vm.nix
inputs.dwarffs.nixosModules.dwarffs inputs.dwarffs.nixosModules.dwarffs
@ -43,6 +44,7 @@ in
inputs.notnft.nixosModules.default inputs.notnft.nixosModules.default
inputs.self.nixosModules.notnft inputs.self.nixosModules.notnft
inputs.self.nixosModules.microvm-extras-host inputs.self.nixosModules.microvm-extras-host
inputs.impermenance.nixosModules.impermanence
]; ];
_module.args.nixinate = { _module.args.nixinate = {

28
nixos/systems/omen/filesystems.nix
View file

@ -14,18 +14,42 @@ let
blowholeAddress = secret.network.ips.blowhole.dns or ""; blowholeAddress = secret.network.ips.blowhole.dns or "";
in in
{ {
boot.zfs.requestEncryptionCredentials = [];
fileSystems = { fileSystems = {
"/" = { "/" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=512M" "mode=755" "noexec" ];
};
"/tmp" = {
device = "none";
fsType = "tmpfs";
options = [ "defaults" "size=512M" "mode=755" ];
};
"/nix/persist" = {
device = "omen-ssd/persist";
fsType = "zfs";
neededForBoot = true;
};
"/old/root" = {
device = "omen-ssd/local/root"; device = "omen-ssd/local/root";
fsType = "zfs"; fsType = "zfs";
neededForBoot = true;
};
"/old/home" = {
device = "omen-ssd/safe/home";
fsType = "zfs";
neededForBoot = true;
}; };
"/nix" = { "/nix" = {
device = "omen-ssd/local/nix"; device = "omen-ssd/local/nix";
fsType = "zfs"; fsType = "zfs";
}; };
"/home" = { "/home" = {
device = "omen-ssd/safe/home"; device = "omen-ssd/ephemeral/home";
fsType = "zfs"; fsType = "zfs";
neededForBoot = true;
}; };
"/boot/1" = { "/boot/1" = {
@ -37,7 +61,7 @@ in
fsType = "vfat"; fsType = "vfat";
}; };
"/var/lib/secrets" = { "/var/secrets" = {
device = "omen-ssd/local/secrets"; device = "omen-ssd/local/secrets";
fsType = "zfs"; fsType = "zfs";
}; };

1
nixos/systems/omen/hardware.nix
View file

@ -17,6 +17,7 @@ in
hardware.cpu.intel.updateMicrocode = true; hardware.cpu.intel.updateMicrocode = true;
boot = { boot = {
initrd.systemd.enable = true;
initrd.availableKernelModules = [ initrd.availableKernelModules = [
"xhci_pci" "xhci_pci"
"ahci" "ahci"

108
nixos/systems/omen/impermenance.nix Normal file
View file

@ -0,0 +1,108 @@
{ inputs', pkgs, ... }:
{
nixpkgs.overlays = [
inputs'.self.overlays.show-files-to-be-deleted
];
environment.systemPackages = [
pkgs.show-files-to-be-deleted
];
environment.persistence."/nix/persist" = {
hideMounts = true;
directories = [
"/var/log"
"/var/lib/bluetooth"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/lib/iwd"
"/var/lib/syncthing"
];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
users.main = {
directories = [
"sync"
".steam"
".local/share/Steam"
".emacs.d"
"roam"
"dotfiles"
"Documents"
{ directory = ".gnupg"; mode = "0700"; }
{ directory = ".ssh"; mode = "0700"; }
".local/share/direnv"
"repos"
];
files = [
{ file = ".config/wallpaper"; method = "symlink"; }
];
};
};
boot.initrd.systemd.storePaths = with pkgs; [
zfs
busybox
];
boot.initrd.systemd.services.rollback = {
description = "Rollback ZFS datasets to a pristine state";
wantedBy = [
"initrd.target"
];
after = [
"zfs-import-omen-ssd.service"
];
before = [
"sysroot.mount"
];
path = with pkgs; [
zfs
busybox
];
unitConfig.DefaultDependencies = "no";
serviceConfig.Type = "oneshot";
script = ''
generation="$(zfs get :generation omen-ssd/ephemeral/home -H -o value)"
dataset="omen-ssd/ephemeral/home"
generation="$(("$generation" + 1))"
zfs set ":generation=$generation" "$dataset"
zfs send "$dataset" | zfs recv "$dataset/$generation"
zfs rollback "$dataset@blank" && echo "rollback complete"
while IFS="\n" read gen
do
echo "$gen < $(("$generation" - 10))"
if [ "$gen" -lt "$(("$generation" - 10))" ]; then
zfs destroy -r "$dataset/$gen"
echo "destroyed "
fi
done <<< "$(zfs list "omen-ssd/ephemeral/home" -t filesystem -r -H -o name | xargs -I {} ${pkgs.runtimeShell} -c 'echo "$1" | rev | cut -f 1 -d "/" | rev' sh {} | grep -v home)"
'';
};
systemd.services."home-manager-main-pre.service" = {
description = "Home Manager environment prestart for main";
wantedBy = [ "multi-user.target" ];
before = [ "home-manager-main.service" ];
script = ''
set -e
mkdir -p /home/main
chown 1000:1000 /home/main
'';
serviceConfig = {
Type = "oneshot";
RemainAfterExit = "yes";
TimeoutStartSec = "5m";
};
};
}