commit 96fd5cba7081c68b18736c75065009ea3f458c53
parent b4e1c817643168a33c6e34181768882b53c0043b
Author: Katja (zaphyra) <git@ctu.cx>
Date: Thu, 29 May 2025 23:56:15 +0200
parent b4e1c817643168a33c6e34181768882b53c0043b
Author: Katja (zaphyra) <git@ctu.cx>
Date: Thu, 29 May 2025 23:56:15 +0200
config/nixos/modules/filesystem: add `impermanence` (still untested)
1 file changed, 121 insertions(+), 0 deletions(-)
A
|
121
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
diff --git a/config/nixos/modules/filesystem/impermanence.nix b/config/nixos/modules/filesystem/impermanence.nix @@ -0,0 +1,121 @@ +{ + pov, + povSelf, + config, + lib, + pkgs, + ... +}: + +let + inherit (lib) types; + cfgFilesystem = lib.getAttrFromPath pov config; + cfg = lib.getAttrFromPath povSelf config; + perms = { + user = lib.mkOption { + type = with types; nullOr str; + default = null; + }; + group = lib.mkOption { + type = with types; nullOr str; + default = null; + }; + mode = lib.mkOption { + type = with types; nullOr str; + default = null; + }; + }; + +in +{ + + options = { + home.enable = { + type = types.bool; + default = false; + }; + system = { + enable = { + type = types.bool; + default = false; + }; + dirs = { + default = [ ]; + type = + with types; + listOf (oneOf [ + str + (submodule { + options = { + directory = lib.mkOption { type = types.str; }; + } // perms; + }) + ]); + }; + files = { + default = [ ]; + type = + with types; + listOf (oneOf [ + str + (submodule { + options = { + file = lib.mkOption { type = types.str; }; + parentDirectory = lib.mkOption { + type = with types; nullOr (submodule perms); + default = null; + }; + } // perms; + }) + ]); + }; + + }; + }; + + config = lib.mkMerge [ + (lib.mkIf (cfg.system.enable && (cfgFilesystem.rootDisk.type == "zfs")) { + boot.initrd.systemd.services = { + defenestrate = { + description = "Defenestrate old root"; + wantedBy = [ "initrd.target" ]; + after = [ "zfs-import.target" ]; + before = [ "sysroot.mount" ]; + onFailure = [ "emergency.target" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = + let + prefix = "${config.networking.hostName}/os/nixos/root-"; + in + '' + # We keep root from the previous last 3 boots + # Any command except create can fail in case the system has not + # booted that often yet + zfs destroy -r ${prefix}4 || true + zfs rename ${prefix}3 ${prefix}4 || true + zfs rename ${prefix}2 ${prefix}3 || true + zfs rename ${prefix}1 ${prefix}2 || true + zfs create -o devices=off -o exec=off -o mountpoint=legacy -o setuid=off ${prefix}1 + ''; + }; + }; + environment.persistence."/nix/persist/system" = { + enable = true; + hideMounts = true; + directories = [ + "/etc/nixos" + "/etc/zfs" + "/var/log" + "/var/db/sudo/lectured" # "We trust you have received the usual lecture from the local System Administrator." + "/var/lib/nixos" + "/var/lib/systemd/coredump" + ] ++ cfg.system.dirs; + files = [ + "/etc/machine-id" + ] ++ cfg.system.files; + }; + }) + ]; + +}