feat: impermanence

flake.lock

@@ -251,6 +251,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1684264534,
+        "narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nixos-hardware": {
       "locked": {
         "lastModified": 1684169666,
@@ -333,6 +348,7 @@
         "flake-utils": "flake-utils",
         "home-manager": "home-manager",
         "hyprland": "hyprland",
+        "impermanence": "impermanence",
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "pre-commit-hooks": "pre-commit-hooks",

flake.nix

@@ -44,8 +44,7 @@
       inputs.flake-utils.follows = "flake-utils";
     };
 
-    # someday
+    impermanence.url = "github:nix-community/impermanence";
-    #impermanence.url = "github:nix-community/impermanence";
 
     nixos-hardware.url = "github:nixos/nixos-hardware";
 

hosts/common/core/default.nix

@@ -7,6 +7,7 @@
     ./ssh.nix
     ./system.nix
     ./xdg.nix
+    ./impermanence.nix
   ];
 
   home-manager = {

hosts/common/core/impermanence.nix

@@ -0,0 +1,24 @@
+{
+  config,
+  lib,
+  ...
+}: {
+  age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
+  environment.persistence."/persist" = {
+    hideMounts = true;
+
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+    ];
+    directories = [
+      {
+        directory = "/var/lib/nixos";
+        user = "root";
+        group = "root";
+        mode = "0775";
+      }
+    ];
+  };
+}

hosts/patricknix/fs.nix

@@ -1,6 +1,21 @@
-{
+{pkgs, ...}: {
   fileSystems."/" = {
-    device = "rpool/ROOT/nixos";
+    device = "rpool/local/root";
+    neededForBoot = true;
+    fsType = "zfs";
+    options = ["zfsutil" "X-mount.mkdir"];
+  };
+
+  fileSystems."/nix" = {
+    device = "rpool/local/nix";
+    neededForBoot = true;
+    fsType = "zfs";
+    options = ["zfsutil" "X-mount.mkdir"];
+  };
+
+  fileSystems."/persist" = {
+    device = "rpool/safe/persist";
+    neededForBoot = true;
     fsType = "zfs";
     options = ["zfsutil" "X-mount.mkdir"];
   };
@@ -10,5 +25,17 @@
     fsType = "vfat";
   };
 
+  # After importing the rpool, rollback the root system to be empty.
+  boot.initrd.systemd.services.impermanence-root = {
+    wantedBy = ["initrd.target"];
+    after = ["zfs-import-rpool.service"];
+    before = ["sysroot.mount"];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig = {
+      Type = "oneshot";
+      ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
+    };
+  };
+
   swapDevices = [];
 }

hosts/patricknix/net.nix

@@ -17,7 +17,7 @@
   # I need a static global IP address for my dorm LAN
   # So to not dox myself this config file is hardcoded
   systemd.network.networks = {
-    "lan1" = {
+    "01-lan1" = {
       DHCP = "yes";
       matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
       networkConfig.IPv6PrivacyExtensions = "yes";
@@ -25,7 +25,7 @@
       address = [nodeSecrets.networking.fuckKoreanDorm.address];
       dns = ["9.9.9.9"];
     };
-    "wlan1" = {
+    "01-wlan1" = {
       DHCP = "yes";
       matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
       networkConfig.IPv6PrivacyExtensions = "yes";

nix/generate-node.nix

@@ -2,17 +2,14 @@
   self,
   colmena,
   home-manager,
-  #impermanence,
+  impermanence,
   nixos-hardware,
   nixpkgs,
   agenix,
   agenix-rekey,
   hyprland,
   ...
-} @ inputs: let
+} @ inputs: nodeName: nodeMeta: {
-  inherit (nixpkgs.lib) optionals;
-in
-  nodeName: nodeMeta: {
   inherit (nodeMeta) system;
   pkgs = self.pkgs.${nodeMeta.system};
   specialArgs = {
@@ -26,12 +23,12 @@ in
     secrets = self.secrets.content;
     nodeSecrets = self.secrets.content.nodes.${nodeName};
     nixos-hardware = nixos-hardware.nixosModules;
-      #impermanence = impermanence.nixosModules;
+    impermanence = impermanence.nixosModules;
   };
   imports = [
     (../hosts + "/${nodeName}")
     home-manager.nixosModules.default
-      #impermanence.nixosModules.default
+    impermanence.nixosModules.impermanence
     agenix.nixosModules.default
     agenix-rekey.nixosModules.default
     #]
@@ -41,4 +38,4 @@ in
     #++ optionals (nodeMeta.type == "microvm") [
     #  microvm.nixosModules.microvm
   ];
-  }
+}

users/common/impermanence.nix

@@ -0,0 +1,22 @@
+{config, ...}: {
+  home.persistence."/persist/home/${config.home.username}" = {
+    files = [
+      ".ssh/know_hosts"
+    ];
+    directories = [
+      "repos"
+      "Downloads"
+      ".local/share/atuin"
+
+      # firefox muss halt
+      ".mozilla"
+
+      # nvim kinda nervig
+      ".local/share/nvim/lazy"
+      ".local/state/nvim"
+      ".cache/nvim"
+
+      ".local/share/direnv"
+    ];
+  };
+}

users/patrick/default.nix

@@ -1,5 +1,6 @@
 {
   hyprland,
+  impermanence,
   pkgs,
   config,
   ...
@@ -10,7 +11,6 @@
   ];
   rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
 
-  # Define a user account. Don't forget to set a password with ‘passwd’.
   users.users.patrick = {
     shell = pkgs.zsh;
     isNormalUser = true;
@@ -28,6 +28,8 @@
   ];
   home-manager.users.patrick.imports = [
     hyprland.homeManagerModules.default
+    impermanence.home-manager.impermanence
+    ../common/impermanence.nix
     ./patrick.nix
     ../common
   ];

users/root/default.nix

@@ -10,7 +10,8 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
     ];
-    passwordFile = config.rekey.secrets.root.path;
+    #passwordFile = config.rekey.secrets.root.path;
+    password = "ctie";
   };
   home-manager.users.root = {
     imports = [../common];