diff --git a/flake.lock b/flake.lock index ff5f918..2c61459 100644 --- a/flake.lock +++ b/flake.lock @@ -251,6 +251,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1684264534, + "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "89253fb1518063556edd5e54509c30ac3089d5e6", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nixos-hardware": { "locked": { "lastModified": 1684169666, @@ -333,6 +348,7 @@ "flake-utils": "flake-utils", "home-manager": "home-manager", "hyprland": "hyprland", + "impermanence": "impermanence", "nixos-hardware": "nixos-hardware", "nixpkgs": "nixpkgs", "pre-commit-hooks": "pre-commit-hooks", diff --git a/flake.nix b/flake.nix index 59cf458..771c838 100644 --- a/flake.nix +++ b/flake.nix @@ -44,8 +44,7 @@ inputs.flake-utils.follows = "flake-utils"; }; - # someday - #impermanence.url = "github:nix-community/impermanence"; + impermanence.url = "github:nix-community/impermanence"; nixos-hardware.url = "github:nixos/nixos-hardware"; diff --git a/hosts/common/core/default.nix b/hosts/common/core/default.nix index 3cd8166..d1f41cf 100644 --- a/hosts/common/core/default.nix +++ b/hosts/common/core/default.nix @@ -7,6 +7,7 @@ ./ssh.nix ./system.nix ./xdg.nix + ./impermanence.nix ]; home-manager = { diff --git a/hosts/common/core/impermanence.nix b/hosts/common/core/impermanence.nix new file mode 100644 index 0000000..3cf3262 --- /dev/null +++ b/hosts/common/core/impermanence.nix @@ -0,0 +1,24 @@ +{ + config, + lib, + ... +}: { + age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; + environment.persistence."/persist" = { + hideMounts = true; + + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + ]; + directories = [ + { + directory = "/var/lib/nixos"; + user = "root"; + group = "root"; + mode = "0775"; + } + ]; + }; +} diff --git a/hosts/patricknix/fs.nix b/hosts/patricknix/fs.nix index faacbee..928aa43 100644 --- a/hosts/patricknix/fs.nix +++ b/hosts/patricknix/fs.nix @@ -1,6 +1,21 @@ -{ +{pkgs, ...}: { fileSystems."/" = { - device = "rpool/ROOT/nixos"; + device = "rpool/local/root"; + neededForBoot = true; + fsType = "zfs"; + options = ["zfsutil" "X-mount.mkdir"]; + }; + + fileSystems."/nix" = { + device = "rpool/local/nix"; + neededForBoot = true; + fsType = "zfs"; + options = ["zfsutil" "X-mount.mkdir"]; + }; + + fileSystems."/persist" = { + device = "rpool/safe/persist"; + neededForBoot = true; fsType = "zfs"; options = ["zfsutil" "X-mount.mkdir"]; }; @@ -10,5 +25,17 @@ fsType = "vfat"; }; + # After importing the rpool, rollback the root system to be empty. + boot.initrd.systemd.services.impermanence-root = { + wantedBy = ["initrd.target"]; + after = ["zfs-import-rpool.service"]; + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank"; + }; + }; + swapDevices = []; } diff --git a/hosts/patricknix/net.nix b/hosts/patricknix/net.nix index ef3aa87..fb8ccce 100644 --- a/hosts/patricknix/net.nix +++ b/hosts/patricknix/net.nix @@ -17,7 +17,7 @@ # I need a static global IP address for my dorm LAN # So to not dox myself this config file is hardcoded systemd.network.networks = { - "lan1" = { + "01-lan1" = { DHCP = "yes"; matchConfig.MACAddress = nodeSecrets.networking.lan1.mac; networkConfig.IPv6PrivacyExtensions = "yes"; @@ -25,7 +25,7 @@ address = [nodeSecrets.networking.fuckKoreanDorm.address]; dns = ["9.9.9.9"]; }; - "wlan1" = { + "01-wlan1" = { DHCP = "yes"; matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac; networkConfig.IPv6PrivacyExtensions = "yes"; diff --git a/hosts/patricknix/secrets/secrets.nix.age b/hosts/patricknix/secrets/secrets.nix.age index 850aab9..87e464f 100644 Binary files a/hosts/patricknix/secrets/secrets.nix.age and b/hosts/patricknix/secrets/secrets.nix.age differ diff --git a/nix/generate-node.nix b/nix/generate-node.nix index 6c06f6d..e4ccbd4 100644 --- a/nix/generate-node.nix +++ b/nix/generate-node.nix @@ -2,43 +2,40 @@ self, colmena, home-manager, - #impermanence, + impermanence, nixos-hardware, nixpkgs, agenix, agenix-rekey, hyprland, ... -} @ inputs: let - inherit (nixpkgs.lib) optionals; -in - nodeName: nodeMeta: { - inherit (nodeMeta) system; - pkgs = self.pkgs.${nodeMeta.system}; - specialArgs = { - inherit (nixpkgs) lib; - inherit (self) nodes; - inherit inputs; - inherit nodeName; - inherit nodeMeta; - inherit hyprland; - nodePath = ../hosts + "/${nodeName}/"; - secrets = self.secrets.content; - nodeSecrets = self.secrets.content.nodes.${nodeName}; - nixos-hardware = nixos-hardware.nixosModules; - #impermanence = impermanence.nixosModules; - }; - imports = [ - (../hosts + "/${nodeName}") - home-manager.nixosModules.default - #impermanence.nixosModules.default - agenix.nixosModules.default - agenix-rekey.nixosModules.default - #] - #++ optionals nodeMeta.microVmHost [ - # microvm.nixosModules.host - #] - #++ optionals (nodeMeta.type == "microvm") [ - # microvm.nixosModules.microvm - ]; - } +} @ inputs: nodeName: nodeMeta: { + inherit (nodeMeta) system; + pkgs = self.pkgs.${nodeMeta.system}; + specialArgs = { + inherit (nixpkgs) lib; + inherit (self) nodes; + inherit inputs; + inherit nodeName; + inherit nodeMeta; + inherit hyprland; + nodePath = ../hosts + "/${nodeName}/"; + secrets = self.secrets.content; + nodeSecrets = self.secrets.content.nodes.${nodeName}; + nixos-hardware = nixos-hardware.nixosModules; + impermanence = impermanence.nixosModules; + }; + imports = [ + (../hosts + "/${nodeName}") + home-manager.nixosModules.default + impermanence.nixosModules.impermanence + agenix.nixosModules.default + agenix-rekey.nixosModules.default + #] + #++ optionals nodeMeta.microVmHost [ + # microvm.nixosModules.host + #] + #++ optionals (nodeMeta.type == "microvm") [ + # microvm.nixosModules.microvm + ]; +} diff --git a/users/common/impermanence.nix b/users/common/impermanence.nix new file mode 100644 index 0000000..fc70782 --- /dev/null +++ b/users/common/impermanence.nix @@ -0,0 +1,22 @@ +{config, ...}: { + home.persistence."/persist/home/${config.home.username}" = { + files = [ + ".ssh/know_hosts" + ]; + directories = [ + "repos" + "Downloads" + ".local/share/atuin" + + # firefox muss halt + ".mozilla" + + # nvim kinda nervig + ".local/share/nvim/lazy" + ".local/state/nvim" + ".cache/nvim" + + ".local/share/direnv" + ]; + }; +} diff --git a/users/patrick/default.nix b/users/patrick/default.nix index aa4ec14..2eb04f9 100644 --- a/users/patrick/default.nix +++ b/users/patrick/default.nix @@ -1,5 +1,6 @@ { hyprland, + impermanence, pkgs, config, ... @@ -10,7 +11,6 @@ ]; rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age; - # Define a user account. Don't forget to set a password with ‘passwd’. users.users.patrick = { shell = pkgs.zsh; isNormalUser = true; @@ -28,6 +28,8 @@ ]; home-manager.users.patrick.imports = [ hyprland.homeManagerModules.default + impermanence.home-manager.impermanence + ../common/impermanence.nix ./patrick.nix ../common ]; diff --git a/users/root/default.nix b/users/root/default.nix index 385bcf1..7c0b4cf 100644 --- a/users/root/default.nix +++ b/users/root/default.nix @@ -10,7 +10,8 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ" ]; - passwordFile = config.rekey.secrets.root.path; + #passwordFile = config.rekey.secrets.root.path; + password = "ctie"; }; home-manager.users.root = { imports = [../common];