feat: impermanence

This commit is contained in:
Patrick Großmann 2023-05-27 00:30:37 +09:00
parent 608752f938
commit a25c270931
Signed by: patrick
GPG key ID: 451F95EFB8BECD0F
11 changed files with 131 additions and 42 deletions

View file

@ -251,6 +251,21 @@
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1684264534,
"narHash": "sha256-K0zr+ry3FwIo3rN2U/VWAkCJSgBslBisvfRIPwMbuCQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "89253fb1518063556edd5e54509c30ac3089d5e6",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nixos-hardware": {
"locked": {
"lastModified": 1684169666,
@ -333,6 +348,7 @@
"flake-utils": "flake-utils",
"home-manager": "home-manager",
"hyprland": "hyprland",
"impermanence": "impermanence",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",
"pre-commit-hooks": "pre-commit-hooks",

View file

@ -44,8 +44,7 @@
inputs.flake-utils.follows = "flake-utils";
};
# someday
#impermanence.url = "github:nix-community/impermanence";
impermanence.url = "github:nix-community/impermanence";
nixos-hardware.url = "github:nixos/nixos-hardware";

View file

@ -7,6 +7,7 @@
./ssh.nix
./system.nix
./xdg.nix
./impermanence.nix
];
home-manager = {

View file

@ -0,0 +1,24 @@
{
config,
lib,
...
}: {
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
environment.persistence."/persist" = {
hideMounts = true;
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
];
directories = [
{
directory = "/var/lib/nixos";
user = "root";
group = "root";
mode = "0775";
}
];
};
}

View file

@ -1,6 +1,21 @@
{
{pkgs, ...}: {
fileSystems."/" = {
device = "rpool/ROOT/nixos";
device = "rpool/local/root";
neededForBoot = true;
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
};
fileSystems."/nix" = {
device = "rpool/local/nix";
neededForBoot = true;
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
};
fileSystems."/persist" = {
device = "rpool/safe/persist";
neededForBoot = true;
fsType = "zfs";
options = ["zfsutil" "X-mount.mkdir"];
};
@ -10,5 +25,17 @@
fsType = "vfat";
};
# After importing the rpool, rollback the root system to be empty.
boot.initrd.systemd.services.impermanence-root = {
wantedBy = ["initrd.target"];
after = ["zfs-import-rpool.service"];
before = ["sysroot.mount"];
unitConfig.DefaultDependencies = "no";
serviceConfig = {
Type = "oneshot";
ExecStart = "${pkgs.zfs}/bin/zfs rollback -r rpool/local/root@blank";
};
};
swapDevices = [];
}

View file

@ -17,7 +17,7 @@
# I need a static global IP address for my dorm LAN
# So to not dox myself this config file is hardcoded
systemd.network.networks = {
"lan1" = {
"01-lan1" = {
DHCP = "yes";
matchConfig.MACAddress = nodeSecrets.networking.lan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes";
@ -25,7 +25,7 @@
address = [nodeSecrets.networking.fuckKoreanDorm.address];
dns = ["9.9.9.9"];
};
"wlan1" = {
"01-wlan1" = {
DHCP = "yes";
matchConfig.MACAddress = nodeSecrets.networking.wlan1.mac;
networkConfig.IPv6PrivacyExtensions = "yes";

View file

@ -2,43 +2,40 @@
self,
colmena,
home-manager,
#impermanence,
impermanence,
nixos-hardware,
nixpkgs,
agenix,
agenix-rekey,
hyprland,
...
} @ inputs: let
inherit (nixpkgs.lib) optionals;
in
nodeName: nodeMeta: {
inherit (nodeMeta) system;
pkgs = self.pkgs.${nodeMeta.system};
specialArgs = {
inherit (nixpkgs) lib;
inherit (self) nodes;
inherit inputs;
inherit nodeName;
inherit nodeMeta;
inherit hyprland;
nodePath = ../hosts + "/${nodeName}/";
secrets = self.secrets.content;
nodeSecrets = self.secrets.content.nodes.${nodeName};
nixos-hardware = nixos-hardware.nixosModules;
#impermanence = impermanence.nixosModules;
};
imports = [
(../hosts + "/${nodeName}")
home-manager.nixosModules.default
#impermanence.nixosModules.default
agenix.nixosModules.default
agenix-rekey.nixosModules.default
#]
#++ optionals nodeMeta.microVmHost [
# microvm.nixosModules.host
#]
#++ optionals (nodeMeta.type == "microvm") [
# microvm.nixosModules.microvm
];
}
} @ inputs: nodeName: nodeMeta: {
inherit (nodeMeta) system;
pkgs = self.pkgs.${nodeMeta.system};
specialArgs = {
inherit (nixpkgs) lib;
inherit (self) nodes;
inherit inputs;
inherit nodeName;
inherit nodeMeta;
inherit hyprland;
nodePath = ../hosts + "/${nodeName}/";
secrets = self.secrets.content;
nodeSecrets = self.secrets.content.nodes.${nodeName};
nixos-hardware = nixos-hardware.nixosModules;
impermanence = impermanence.nixosModules;
};
imports = [
(../hosts + "/${nodeName}")
home-manager.nixosModules.default
impermanence.nixosModules.impermanence
agenix.nixosModules.default
agenix-rekey.nixosModules.default
#]
#++ optionals nodeMeta.microVmHost [
# microvm.nixosModules.host
#]
#++ optionals (nodeMeta.type == "microvm") [
# microvm.nixosModules.microvm
];
}

View file

@ -0,0 +1,22 @@
{config, ...}: {
home.persistence."/persist/home/${config.home.username}" = {
files = [
".ssh/know_hosts"
];
directories = [
"repos"
"Downloads"
".local/share/atuin"
# firefox muss halt
".mozilla"
# nvim kinda nervig
".local/share/nvim/lazy"
".local/state/nvim"
".cache/nvim"
".local/share/direnv"
];
};
}

View file

@ -1,5 +1,6 @@
{
hyprland,
impermanence,
pkgs,
config,
...
@ -10,7 +11,6 @@
];
rekey.secrets.patrick.file = ../../secrets/patrick.passwd.age;
# Define a user account. Don't forget to set a password with passwd.
users.users.patrick = {
shell = pkgs.zsh;
isNormalUser = true;
@ -28,6 +28,8 @@
];
home-manager.users.patrick.imports = [
hyprland.homeManagerModules.default
impermanence.home-manager.impermanence
../common/impermanence.nix
./patrick.nix
../common
];

View file

@ -10,7 +10,8 @@
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDZixkix0KfKuq7Q19whS5FQQg51/AJGB5BiNF/7h/LM"
"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHxD4GOrwrBTG4/qQhm5hoSB2CP7W9g1LPWP11oLGOjQ"
];
passwordFile = config.rekey.secrets.root.path;
#passwordFile = config.rekey.secrets.root.path;
password = "ctie";
};
home-manager.users.root = {
imports = [../common];