add impermanence

flake.lock

@@ -236,6 +236,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1727649413,
+        "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "libpng": {
       "flake": false,
       "locked": {
@@ -501,6 +516,7 @@
       "inputs": {
         "disko": "disko",
         "home-manager": "home-manager",
+        "impermanence": "impermanence",
         "nix-vscode-extensions": "nix-vscode-extensions",
         "nixos-hardware": "nixos-hardware",
         "nixos-wsl": "nixos-wsl",

flake.nix

@@ -27,6 +27,7 @@
     nixpkgs-f2k.url = "github:moni-dz/nixpkgs-f2k";
     nur.url = "github:nix-community/nur";
     sops-nix.url = "github:Mic92/sops-nix";
+    impermanence.url = "github:nix-community/impermanence";
   };
 
   outputs = {

hosts/alpha/default.nix

@@ -99,5 +99,9 @@
 
   fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
 
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
   system.stateVersion = "23.11";
 }

hosts/arcturus/default.nix

@@ -132,5 +132,9 @@
 
   fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
 
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
   system.stateVersion = "23.11";
 }

hosts/canopus/default.nix

@@ -1,14 +1,16 @@
 {
   inputs,
   pkgs,
+  lib,
   ...
 }: {
   imports = [
     inputs.nixos-hardware.nixosModules.asus-zephyrus-ga503
     inputs.disko.nixosModules.default
-    (import ./disko.nix {device = "/dev/nvme0n1";})
 
+    (import ./disko.nix {device = "/dev/nvme0n1";})
     ./hardware-configuration.nix
+
     ../common
     ../../modules/nixos/desktop
     ../../modules/nixos/desktop/awesome
@@ -46,7 +48,43 @@
   boot = {
     kernelPackages = pkgs.linuxPackages_zen;
     supportedFilesystems = ["ntfs"];
-    initrd.systemd.enable = true;
+
+    initrd.systemd = {
+      enable = lib.mkForce true;
+
+      services.wipe-my-fs = {
+        wantedBy = ["initrd.target"];
+        after = ["initrd-root-device.target"];
+        before = ["sysroot.mount"];
+        unitConfig.DefaultDependencies = "no";
+        serviceConfig.Type = "oneshot";
+        script = ''
+          mkdir /btrfs_tmp
+          mount /dev/disk/by-partlabel/disk-primary-root /btrfs_tmp
+
+          if [[ -e /btrfs_tmp/root ]]; then
+              mkdir -p /btrfs_tmp/old_roots
+              timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+              mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+          fi
+
+          delete_subvolume_recursively() {
+              IFS=$'\n'
+              for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+                  delete_subvolume_recursively "/btrfs_tmp/$i"
+              done
+              btrfs subvolume delete "$1"
+          }
+
+          for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+              delete_subvolume_recursively "$i"
+          done
+
+          btrfs subvolume create /btrfs_tmp/root
+          umount /btrfs_tmp
+        '';
+      };
+    };
 
     loader = {
       systemd-boot = {
@@ -213,5 +251,24 @@
 
   fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
 
+  programs.fuse.userAllowOther = true;
+  fileSystems."/persist".neededForBoot = true;
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/tailscale"
+      "/var/lib/nixos"
+      "/etc/NetworkManager/system-connections"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+  };
+
   system.stateVersion = "24.11";
 }

hosts/canopus/disko.nix

@@ -27,9 +27,9 @@
                 mountOptions = ["compress=zstd"]; # Compression for better performance
                 mountpoint = "/"; # Root subvolume
               };
-              "/persistent" = {
+              "/persist" = {
                 mountOptions = ["compress=zstd"]; # Compression for persistent data
-                mountpoint = "/persistent"; # Persistent subvolume
+                mountpoint = "/persist"; # Persistent subvolume
               };
               "/nix" = {
                 mountOptions = [

hosts/canopus/home.nix

@@ -1,4 +1,8 @@
-{pkgs, ...}: {
+{
+  pkgs,
+  username,
+  ...
+}: {
   imports = [
     ../common/home.nix
     ../../modules/home-manager/awesome
@@ -58,5 +62,27 @@
     mailspring
   ];
 
+  home.persistence."/persist/home/${username}" = {
+    directories = [
+      "Downloads"
+      "Music"
+      "Wallpapers"
+      "Documents"
+      "Videos"
+      "Projects"
+      "Stuff"
+      ".mozilla"
+      ".ssh"
+      ".local/share/nvim"
+      ".local/share/Smart\ Code\ ltd"
+    ];
+    files = [
+      ".zsh_history"
+      ".zcompdump"
+      ".wakatime.cfg"
+    ];
+    allowOther = true;
+  };
+
   home.stateVersion = "24.11";
 }

hosts/common/default.nix

@@ -3,9 +3,17 @@
   username,
   outputs,
   config,
+  lib,
+  inputs,
   ...
-}: {
+}: let
+  # Sops needs acess to the keys before the persist dirs are even mounted; so
+  # just persisting the keys won't work, we must point at /persist
+  hasOptinPersistence = config.environment.persistence."/persist".enable;
+in {
   imports = [
+    inputs.impermanence.nixosModules.impermanence
+
     ../../modules/nixos/sops.nix
   ];
 
@@ -91,6 +99,13 @@
       settings = {
         PasswordAuthentication = false;
       };
+
+      hostKeys = [
+        {
+          path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
     };
   };
 

hosts/common/home.nix

@@ -1,9 +1,12 @@
 {
   outputs,
   username,
+  inputs,
   ...
 }: {
   imports = [
+    inputs.impermanence.nixosModules.home-manager.impermanence
+
     ../../modules/home-manager/shell
     ../../modules/home-manager/git
     ../../modules/home-manager/starship

hosts/sirius/default.nix

@@ -7,6 +7,7 @@
 }: {
   imports = [
     inputs.nixos-wsl.nixosModules.wsl
+
     ../common
     ../../modules/nixos/virtualisation/docker.nix
   ];
@@ -44,5 +45,9 @@
 
   fonts.packages = with pkgs; [(nerdfonts.override {fonts = ["FiraCode" "JetBrainsMono"];})];
 
+  environment.persistence."/persist" = {
+    enable = false;
+  };
+
   system.stateVersion = "23.11";
 }