2023-05-26 17:30:37 +02:00
|
|
|
{
|
|
|
|
|
config,
|
|
|
|
|
lib,
|
2023-08-30 20:18:26 +02:00
|
|
|
pkgs,
|
2023-05-26 17:30:37 +02:00
|
|
|
...
|
2023-12-16 22:41:06 +01:00
|
|
|
}: let
|
|
|
|
|
onlyHost =
|
|
|
|
|
lib.mkIf (!config.boot.isContainer);
|
|
|
|
|
in {
|
2023-05-31 12:10:21 +02:00
|
|
|
# to allow all users to access hm managed persistent folders
|
|
|
|
|
programs.fuse.userAllowOther = true;
|
2023-06-01 09:49:01 +02:00
|
|
|
environment.persistence."/state" = {
|
2023-05-26 17:30:37 +02:00
|
|
|
hideMounts = true;
|
|
|
|
|
|
2023-12-18 02:11:24 +01:00
|
|
|
files =
|
2023-06-02 14:18:30 +02:00
|
|
|
[
|
2023-12-18 02:11:24 +01:00
|
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
|
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
2023-12-16 22:41:06 +01:00
|
|
|
]
|
2023-12-18 02:11:24 +01:00
|
|
|
++ lib.lists.optionals (!config.boot.isContainer)
|
|
|
|
|
[
|
|
|
|
|
"/etc/machine-id"
|
2023-06-02 14:18:30 +02:00
|
|
|
];
|
2023-12-18 02:11:24 +01:00
|
|
|
directories = [
|
|
|
|
|
"/var/log"
|
|
|
|
|
"/var/lib/systemd"
|
|
|
|
|
"/var/lib/nixos"
|
|
|
|
|
{
|
|
|
|
|
directory = "/var/tmp/agenix-rekey";
|
|
|
|
|
mode = "0777";
|
|
|
|
|
}
|
|
|
|
|
];
|
2023-05-26 17:30:37 +02:00
|
|
|
};
|
2023-12-16 22:41:06 +01:00
|
|
|
environment.persistence."/persist" = {
|
|
|
|
|
hideMounts = true;
|
|
|
|
|
directories = [];
|
|
|
|
|
};
|
2023-08-30 20:18:26 +02:00
|
|
|
|
|
|
|
|
# After importing the rpool, rollback the root system to be empty.
|
2023-12-16 22:41:06 +01:00
|
|
|
boot.initrd.systemd.services.impermanence-root =
|
|
|
|
|
onlyHost
|
|
|
|
|
{
|
|
|
|
|
wantedBy = ["initrd.target"];
|
|
|
|
|
after = ["zfs-import-rpool.service"];
|
|
|
|
|
before = ["sysroot.mount"];
|
|
|
|
|
unitConfig.DefaultDependencies = "no";
|
|
|
|
|
serviceConfig = {
|
|
|
|
|
Type = "oneshot";
|
|
|
|
|
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
|
|
|
|
|
};
|
2023-08-30 20:18:26 +02:00
|
|
|
};
|
2023-05-26 17:30:37 +02:00
|
|
|
}
|
