feat: impermanence
This commit is contained in:
parent
608752f938
commit
a25c270931
16
flake.lock
16
flake.lock
|
@ -251,6 +251,21 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1684264534,
|
||||
"narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-hardware": {
|
||||
"locked": {
|
||||
"lastModified": 1684169666,
|
||||
|
@ -333,6 +348,7 @@
|
|||
"flake-utils": "flake-utils",
|
||||
"home-manager": "home-manager",
|
||||
"hyprland": "hyprland",
|
||||
"impermanence": "impermanence",
|
||||
"nixos-hardware": "nixos-hardware",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"pre-commit-hooks": "pre-commit-hooks",
|
||||
|
|
|
@ -44,8 +44,7 @@
|
|||
inputs.flake-utils.follows = "flake-utils";
|
||||
};
|
||||
|
||||
# someday
|
||||
#impermanence.url = "github:nix-community/impermanence";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
|
||||
nixos-hardware.url = "github:nixos/nixos-hardware";
|
||||
|
||||
|
|
|
@ -7,6 +7,7 @@
|
|||
./ssh.nix
|
||||
./system.nix
|
||||
./xdg.nix
|
||||
./impermanence.nix
|
||||
];
|
||||
|
||||
home-manager = {
|
||||
|
|
24
hosts/common/core/impermanence.nix
Normal file
24
hosts/common/core/impermanence.nix
Normal file
|
@ -0,0 +1,24 @@
|
|||
{
|
||||
config,
|
||||
lib,
|
||||
...
|
||||
}: {
|
||||
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
|
||||
environment.persistence."/persist" = {
|
||||
hideMounts = true;
|
||||
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
];
|
||||
directories = [
|
||||
{
|
||||
directory = "/var/lib/nixos";
|
||||
user = "root";
|
||||
group = "root";
|
||||
mode = "0775";
|
||||
}
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,6 +1,21 @@
|
|||
{
|
||||
{pkgs, ...}: {
|
||||
fileSystems."/" = {
|
||||
device = "rpool/ROOT/nixos";
|
||||
device = "rpool/local/root";
|
||||
neededForBoot = true;
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil" "X-mount.mkdir"];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = {
|
||||
device = "rpool/local/nix";
|
||||
neededForBoot = true;
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil" "X-mount.mkdir"];
|
||||
};
|
||||
|
||||
fileSystems."/persist" = {
|
||||
device = "rpool/safe/persist";
|
||||
neededForBoot = true;
|
||||
fsType = "zfs";
|
||||
options = ["zfsutil" "X-mount.mkdir"];
|
||||
};
|
||||
|
@ -10,5 +25,17 @@
|
|||
fsType = "vfat";
|
||||
};
|
||||
|
||||
# After importing the rpool, rollback the root system to be empty.
|
||||
boot.initrd.systemd.services.impermanence-root = {
|
||||
wantedBy = ["initrd.target"];
|
||||
after = ["zfs-import-rpool.service"];
|
||||
before = ["sysroot.mount"];
|
||||
unitConfig.DefaultDependencies = "no";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
|
||||
};
|
||||
};
|
||||
|
||||
swapDevices = [];
|
||||
}
|
||||
|
|
|
@ -17,7 +17,7 @@
|
|||
# I need a static global IP address for my dorm LAN
|
||||
# So to not dox myself this config file is hardcoded
|
||||
systemd.network.networks = {
|
||||
"lan1" = {
|
||||
"01-lan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
|
||||
networkConfig.IPv6PrivacyExtensions = "yes";
|
||||
|
@ -25,7 +25,7 @@
|
|||
address = [nodeSecrets.networking.fuckKoreanDorm.address];
|
||||
dns = ["9.9.9.9"];
|
||||
};
|
||||
"wlan1" = {
|
||||
"01-wlan1" = {
|
||||
DHCP = "yes";
|
||||
matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
|
||||
networkConfig.IPv6PrivacyExtensions = "yes";
|
||||
|
|
Binary file not shown.
|
@ -2,43 +2,40 @@
|
|||
self,
|
||||
colmena,
|
||||
home-manager,
|
||||
#impermanence,
|
||||
impermanence,
|
||||
nixos-hardware,
|
||||
nixpkgs,
|
||||
agenix,
|
||||
agenix-rekey,
|
||||
hyprland,
|
||||
...
|
||||
} @ inputs: let
|
||||
inherit (nixpkgs.lib) optionals;
|
||||
in
|
||||
nodeName: nodeMeta: {
|
||||
inherit (nodeMeta) system;
|
||||
pkgs = self.pkgs.${nodeMeta.system};
|
||||
specialArgs = {
|
||||
inherit (nixpkgs) lib;
|
||||
inherit (self) nodes;
|
||||
inherit inputs;
|
||||
inherit nodeName;
|
||||
inherit nodeMeta;
|
||||
inherit hyprland;
|
||||
nodePath = ../hosts + "/${nodeName}/";
|
||||
secrets = self.secrets.content;
|
||||
nodeSecrets = self.secrets.content.nodes.${nodeName};
|
||||
nixos-hardware = nixos-hardware.nixosModules;
|
||||
#impermanence = impermanence.nixosModules;
|
||||
};
|
||||
imports = [
|
||||
(../hosts + "/${nodeName}")
|
||||
home-manager.nixosModules.default
|
||||
#impermanence.nixosModules.default
|
||||
agenix.nixosModules.default
|
||||
agenix-rekey.nixosModules.default
|
||||
#]
|
||||
#++ optionals nodeMeta.microVmHost [
|
||||
# microvm.nixosModules.host
|
||||
#]
|
||||
#++ optionals (nodeMeta.type == "microvm") [
|
||||
# microvm.nixosModules.microvm
|
||||
];
|
||||
}
|
||||
} @ inputs: nodeName: nodeMeta: {
|
||||
inherit (nodeMeta) system;
|
||||
pkgs = self.pkgs.${nodeMeta.system};
|
||||
specialArgs = {
|
||||
inherit (nixpkgs) lib;
|
||||
inherit (self) nodes;
|
||||
inherit inputs;
|
||||
inherit nodeName;
|
||||
inherit nodeMeta;
|
||||
inherit hyprland;
|
||||
nodePath = ../hosts + "/${nodeName}/";
|
||||
secrets = self.secrets.content;
|
||||
nodeSecrets = self.secrets.content.nodes.${nodeName};
|
||||
nixos-hardware = nixos-hardware.nixosModules;
|
||||
impermanence = impermanence.nixosModules;
|
||||
};
|
||||
imports = [
|
||||
(../hosts + "/${nodeName}")
|
||||
home-manager.nixosModules.default
|
||||
impermanence.nixosModules.impermanence
|
||||
agenix.nixosModules.default
|
||||
agenix-rekey.nixosModules.default
|
||||
#]
|
||||
#++ optionals nodeMeta.microVmHost [
|
||||
# microvm.nixosModules.host
|
||||
#]
|
||||
#++ optionals (nodeMeta.type == "microvm") [
|
||||
# microvm.nixosModules.microvm
|
||||
];
|
||||
}
|
||||
|
|
22
users/common/impermanence.nix
Normal file
22
users/common/impermanence.nix
Normal file
|
@ -0,0 +1,22 @@
|
|||
{config, ...}: {
|
||||
home.persistence."/persist/home/${config.home.username}" = {
|
||||
files = [
|
||||
".ssh/know_hosts"
|
||||
];
|
||||
directories = [
|
||||
"repos"
|
||||
"Downloads"
|
||||
".local/share/atuin"
|
||||
|
||||
# firefox muss halt
|
||||
".mozilla"
|
||||
|
||||
# nvim kinda nervig
|
||||
".local/share/nvim/lazy"
|
||||
".local/state/nvim"
|
||||
".cache/nvim"
|
||||
|
||||
".local/share/direnv"
|
||||
];
|
||||
};
|
||||
}
|
|
@ -1,5 +1,6 @@
|
|||
{
|
||||
hyprland,
|
||||
impermanence,
|
||||
pkgs,
|
||||
config,
|
||||
...
|
||||
|
@ -10,7 +11,6 @@
|
|||
];
|
||||
rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
|
||||
|
||||
# Define a user account. Don't forget to set a password with ‘passwd’.
|
||||
users.users.patrick = {
|
||||
shell = pkgs.zsh;
|
||||
isNormalUser = true;
|
||||
|
@ -28,6 +28,8 @@
|
|||
];
|
||||
home-manager.users.patrick.imports = [
|
||||
hyprland.homeManagerModules.default
|
||||
impermanence.home-manager.impermanence
|
||||
../common/impermanence.nix
|
||||
./patrick.nix
|
||||
../common
|
||||
];
|
||||
|
|
|
@ -10,7 +10,8 @@
|
|||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
|
||||
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
|
||||
];
|
||||
passwordFile = config.rekey.secrets.root.path;
|
||||
#passwordFile = config.rekey.secrets.root.path;
|
||||
password = "ctie";
|
||||
};
|
||||
home-manager.users.root = {
|
||||
imports = [../common];
|
||||
|
|
Loading…
Reference in a new issue