feat: impermanence

This commit is contained in:
Patrick Großmann 2023-05-27 00:30:37 +09:00
parent 608752f938
commit a25c270931
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
11 changed files with 131 additions and 42 deletions

View file

@ -251,6 +251,21 @@
"type": "github" "type": "github"
} }
}, },
"impermanence": {
"locked": {
"lastModified": 1684264534,
"narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixos-hardware": { "nixos-hardware": {
"locked": { "locked": {
"lastModified": 1684169666, "lastModified": 1684169666,
@ -333,6 +348,7 @@
"flake-utils": "flake-utils", "flake-utils": "flake-utils",
"home-manager": "home-manager", "home-manager": "home-manager",
"hyprland": "hyprland", "hyprland": "hyprland",
"impermanence": "impermanence",
"nixos-hardware": "nixos-hardware", "nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs", "nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks", "pre-commit-hooks": "pre-commit-hooks",

View file

@ -44,8 +44,7 @@
inputs.flake-utils.follows = "flake-utils"; inputs.flake-utils.follows = "flake-utils";
}; };
# someday impermanence.url = "github:nix-community/impermanence";
#impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware"; nixos-hardware.url = "github:nixos/nixos-hardware";

View file

@ -7,6 +7,7 @@
./ssh.nix ./ssh.nix
./system.nix ./system.nix
./xdg.nix ./xdg.nix
./impermanence.nix
]; ];
home-manager = { home-manager = {

View file

@ -0,0 +1,24 @@
{
config,
lib,
...
}: {
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
environment.persistence."/persist" = {
hideMounts = true;
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
directories = [
{
directory = "/var/lib/nixos";
user = "root";
group = "root";
mode = "0775";
}
];
};
}

View file

@ -1,6 +1,21 @@
{ {pkgs, ...}: {
fileSystems."/" = { fileSystems."/" = {
device = "rpool/ROOT/nixos"; device = "rpool/local/root";
neededForBoot = true;
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
};
fileSystems."/nix" = {
device = "rpool/local/nix";
neededForBoot = true;
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
};
fileSystems."/persist" = {
device = "rpool/safe/persist";
neededForBoot = true;
fsType = "zfs"; fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"]; options = ["zfsutil" "X-mount.mkdir"];
}; };
@ -10,5 +25,17 @@
fsType = "vfat"; fsType = "vfat";
}; };
# After importing the rpool, rollback the root system to be empty.
boot.initrd.systemd.services.impermanence-root = {
wantedBy = ["initrd.target"];
after = ["zfs-import-rpool.service"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
};
};
swapDevices = []; swapDevices = [];
} }

View file

@ -17,7 +17,7 @@
# I need a static global IP address for my dorm LAN # I need a static global IP address for my dorm LAN
# So to not dox myself this config file is hardcoded # So to not dox myself this config file is hardcoded
systemd.network.networks = { systemd.network.networks = {
"lan1" = { "01-lan1" = {
DHCP = "yes"; DHCP = "yes";
matchConfig.MACAddress = nodeSecrets.networking.lan1.mac; matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes"; networkConfig.IPv6PrivacyExtensions = "yes";
@ -25,7 +25,7 @@
address = [nodeSecrets.networking.fuckKoreanDorm.address]; address = [nodeSecrets.networking.fuckKoreanDorm.address];
dns = ["9.9.9.9"]; dns = ["9.9.9.9"];
}; };
"wlan1" = { "01-wlan1" = {
DHCP = "yes"; DHCP = "yes";
matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac; matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes"; networkConfig.IPv6PrivacyExtensions = "yes";

View file

@ -2,43 +2,40 @@
self, self,
colmena, colmena,
home-manager, home-manager,
#impermanence, impermanence,
nixos-hardware, nixos-hardware,
nixpkgs, nixpkgs,
agenix, agenix,
agenix-rekey, agenix-rekey,
hyprland, hyprland,
... ...
} @ inputs: let } @ inputs: nodeName: nodeMeta: {
inherit (nixpkgs.lib) optionals; inherit (nodeMeta) system;
in pkgs = self.pkgs.${nodeMeta.system};
nodeName: nodeMeta: { specialArgs = {
inherit (nodeMeta) system; inherit (nixpkgs) lib;
pkgs = self.pkgs.${nodeMeta.system}; inherit (self) nodes;
specialArgs = { inherit inputs;
inherit (nixpkgs) lib; inherit nodeName;
inherit (self) nodes; inherit nodeMeta;
inherit inputs; inherit hyprland;
inherit nodeName; nodePath = ../hosts + "/${nodeName}/";
inherit nodeMeta; secrets = self.secrets.content;
inherit hyprland; nodeSecrets = self.secrets.content.nodes.${nodeName};
nodePath = ../hosts + "/${nodeName}/"; nixos-hardware = nixos-hardware.nixosModules;
secrets = self.secrets.content; impermanence = impermanence.nixosModules;
nodeSecrets = self.secrets.content.nodes.${nodeName}; };
nixos-hardware = nixos-hardware.nixosModules; imports = [
#impermanence = impermanence.nixosModules; (../hosts + "/${nodeName}")
}; home-manager.nixosModules.default
imports = [ impermanence.nixosModules.impermanence
(../hosts + "/${nodeName}") agenix.nixosModules.default
home-manager.nixosModules.default agenix-rekey.nixosModules.default
#impermanence.nixosModules.default #]
agenix.nixosModules.default #++ optionals nodeMeta.microVmHost [
agenix-rekey.nixosModules.default # microvm.nixosModules.host
#] #]
#++ optionals nodeMeta.microVmHost [ #++ optionals (nodeMeta.type == "microvm") [
# microvm.nixosModules.host # microvm.nixosModules.microvm
#] ];
#++ optionals (nodeMeta.type == "microvm") [ }
# microvm.nixosModules.microvm
];
}

View file

@ -0,0 +1,22 @@
{config, ...}: {
home.persistence."/persist/home/${config.home.username}" = {
files = [
".ssh/know_hosts"
];
directories = [
"repos"
"Downloads"
".local/share/atuin"
# firefox muss halt
".mozilla"
# nvim kinda nervig
".local/share/nvim/lazy"
".local/state/nvim"
".cache/nvim"
".local/share/direnv"
];
};
}

View file

@ -1,5 +1,6 @@
{ {
hyprland, hyprland,
impermanence,
pkgs, pkgs,
config, config,
... ...
@ -10,7 +11,6 @@
]; ];
rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age; rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
# Define a user account. Don't forget to set a password with passwd.
users.users.patrick = { users.users.patrick = {
shell = pkgs.zsh; shell = pkgs.zsh;
isNormalUser = true; isNormalUser = true;
@ -28,6 +28,8 @@
]; ];
home-manager.users.patrick.imports = [ home-manager.users.patrick.imports = [
hyprland.homeManagerModules.default hyprland.homeManagerModules.default
impermanence.home-manager.impermanence
../common/impermanence.nix
./patrick.nix ./patrick.nix
../common ../common
]; ];

View file

@ -10,7 +10,8 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ" "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
]; ];
passwordFile = config.rekey.secrets.root.path; #passwordFile = config.rekey.secrets.root.path;
password = "ctie";
}; };
home-manager.users.root = { home-manager.users.root = {
imports = [../common]; imports = [../common];