From 4468963be3f8b56073fb2936ba85ae17071a24ca Mon Sep 17 00:00:00 2001 From: 0xTux <0xtux@pm.me> Date: Wed, 9 Oct 2024 10:47:56 +0530 Subject: [PATCH] add impermanence --- flake.lock | 16 ++++++++++ flake.nix | 1 + hosts/alpha/default.nix | 4 +++ hosts/arcturus/default.nix | 4 +++ hosts/canopus/default.nix | 61 ++++++++++++++++++++++++++++++++++++-- hosts/canopus/disko.nix | 4 +-- hosts/canopus/home.nix | 28 ++++++++++++++++- hosts/common/default.nix | 17 ++++++++++- hosts/common/home.nix | 3 ++ hosts/sirius/default.nix | 5 ++++ 10 files changed, 137 insertions(+), 6 deletions(-) diff --git a/flake.lock b/flake.lock index 849f545..cb5b49b 100755 --- a/flake.lock +++ b/flake.lock @@ -236,6 +236,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1727649413, + "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "libpng": { "flake": false, "locked": { @@ -501,6 +516,7 @@ "inputs": { "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-vscode-extensions": "nix-vscode-extensions", "nixos-hardware": "nixos-hardware", "nixos-wsl": "nixos-wsl", diff --git a/flake.nix b/flake.nix index b3e5eba..b762e49 100755 --- a/flake.nix +++ b/flake.nix @@ -27,6 +27,7 @@ nixpkgs-f2k.url = "github:moni-dz/nixpkgs-f2k"; nur.url = "github:nix-community/nur"; sops-nix.url = "github:Mic92/sops-nix"; + impermanence.url = "github:nix-community/impermanence"; }; outputs = { diff --git a/hosts/alpha/default.nix b/hosts/alpha/default.nix index e465066..3b32415 100644 --- a/hosts/alpha/default.nix +++ b/hosts/alpha/default.nix @@ -99,5 +99,9 @@ fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})]; + environment.persistence."/persist" = { + enable = false; + }; + system.stateVersion = "23.11"; } diff --git a/hosts/arcturus/default.nix b/hosts/arcturus/default.nix index fefa991..66349c9 100644 --- a/hosts/arcturus/default.nix +++ b/hosts/arcturus/default.nix @@ -132,5 +132,9 @@ fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})]; + environment.persistence."/persist" = { + enable = false; + }; + system.stateVersion = "23.11"; } diff --git a/hosts/canopus/default.nix b/hosts/canopus/default.nix index e87b0ab..e1fd8d2 100755 --- a/hosts/canopus/default.nix +++ b/hosts/canopus/default.nix @@ -1,14 +1,16 @@ { inputs, pkgs, + lib, ... }: { imports = [ inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503 inputs.disko.nixosModules.default - (import ./disko.nix {device = "/dev/nvme0n1";}) + (import ./disko.nix {device = "/dev/nvme0n1";}) ./hardware-configuration.nix + ../common ../../modules/nixos/desktop ../../modules/nixos/desktop/awesome @@ -46,7 +48,43 @@ boot = { kernelPackages = pkgs.linuxPackages_zen; supportedFilesystems = ["ntfs"]; - initrd.systemd.enable = true; + + initrd.systemd = { + enable = lib.mkForce true; + + services.wipe-my-fs = { + wantedBy = ["initrd.target"]; + after = ["initrd-root-device.target"]; + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir /btrfs_tmp + mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp + + if [[ -e /btrfs_tmp/root ]]; then + mkdir -p /btrfs_tmp/old_roots + timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S") + mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp" + fi + + delete_subvolume_recursively() { + IFS=$'\n' + for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do + delete_subvolume_recursively "/btrfs_tmp/$i" + done + btrfs subvolume delete "$1" + } + + for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do + delete_subvolume_recursively "$i" + done + + btrfs subvolume create /btrfs_tmp/root + umount /btrfs_tmp + ''; + }; + }; loader = { systemd-boot = { @@ -213,5 +251,24 @@ fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})]; + programs.fuse.userAllowOther = true; + fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist" = { + hideMounts = true; + directories = [ + "/var/log" + "/var/lib/tailscale" + "/var/lib/nixos" + "/etc/NetworkManager/system-connections" + ]; + files = [ + "/etc/machine-id" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + ]; + }; + system.stateVersion = "24.11"; } diff --git a/hosts/canopus/disko.nix b/hosts/canopus/disko.nix index 4494539..cb6eb32 100644 --- a/hosts/canopus/disko.nix +++ b/hosts/canopus/disko.nix @@ -27,9 +27,9 @@ mountOptions = ["compress=zstd"]; # Compression for better performance mountpoint = "/"; # Root subvolume }; - "/persistent" = { + "/persist" = { mountOptions = ["compress=zstd"]; # Compression for persistent data - mountpoint = "/persistent"; # Persistent subvolume + mountpoint = "/persist"; # Persistent subvolume }; "/nix" = { mountOptions = [ diff --git a/hosts/canopus/home.nix b/hosts/canopus/home.nix index 1e99538..bb8c2f5 100644 --- a/hosts/canopus/home.nix +++ b/hosts/canopus/home.nix @@ -1,4 +1,8 @@ -{pkgs, ...}: { +{ + pkgs, + username, + ... +}: { imports = [ ../common/home.nix ../../modules/home-manager/awesome @@ -58,5 +62,27 @@ mailspring ]; + home.persistence."/persist/home/${username}" = { + directories = [ + "Downloads" + "Music" + "Wallpapers" + "Documents" + "Videos" + "Projects" + "Stuff" + ".mozilla" + ".ssh" + ".local/share/nvim" + ".local/share/Smart\ Code\ ltd" + ]; + files = [ + ".zsh_history" + ".zcompdump" + ".wakatime.cfg" + ]; + allowOther = true; + }; + home.stateVersion = "24.11"; } diff --git a/hosts/common/default.nix b/hosts/common/default.nix index 8e78f3b..79aef91 100644 --- a/hosts/common/default.nix +++ b/hosts/common/default.nix @@ -3,9 +3,17 @@ username, outputs, config, + lib, + inputs, ... -}: { +}: let + # Sops needs acess to the keys before the persist dirs are even mounted; so + # just persisting the keys won't work, we must point at /persist + hasOptinPersistence = config.environment.persistence."/persist".enable; +in { imports = [ + inputs.impermanence.nixosModules.impermanence + ../../modules/nixos/sops.nix ]; @@ -91,6 +99,13 @@ settings = { PasswordAuthentication = false; }; + + hostKeys = [ + { + path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key"; + type = "ed25519"; + } + ]; }; }; diff --git a/hosts/common/home.nix b/hosts/common/home.nix index e97b253..326a6ae 100644 --- a/hosts/common/home.nix +++ b/hosts/common/home.nix @@ -1,9 +1,12 @@ { outputs, username, + inputs, ... }: { imports = [ + inputs.impermanence.nixosModules.home-manager.impermanence + ../../modules/home-manager/shell ../../modules/home-manager/git ../../modules/home-manager/starship diff --git a/hosts/sirius/default.nix b/hosts/sirius/default.nix index 9ecfe9d..a27f3a3 100644 --- a/hosts/sirius/default.nix +++ b/hosts/sirius/default.nix @@ -7,6 +7,7 @@ }: { imports = [ inputs.nixos-wsl.nixosModules.wsl + ../common ../../modules/nixos/virtualisation/docker.nix ]; @@ -44,5 +45,9 @@ fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})]; + environment.persistence."/persist" = { + enable = false; + }; + system.stateVersion = "23.11"; }