feat(nixos): add impermanence module for ephemeral roots
This commit is contained in:
parent
714c3b8940
commit
9abcb6c85b
4 changed files with 62 additions and 0 deletions
16
flake.lock
generated
16
flake.lock
generated
|
|
@ -136,6 +136,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"impermanence": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1737831083,
|
||||||
|
"narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"import-tree": {
|
"import-tree": {
|
||||||
"locked": {
|
"locked": {
|
||||||
"lastModified": 1751399845,
|
"lastModified": 1751399845,
|
||||||
|
|
@ -196,6 +211,7 @@
|
||||||
"flake-parts": "flake-parts",
|
"flake-parts": "flake-parts",
|
||||||
"git-hooks": "git-hooks",
|
"git-hooks": "git-hooks",
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
"impermanence": "impermanence",
|
||||||
"import-tree": "import-tree",
|
"import-tree": "import-tree",
|
||||||
"make-shell": "make-shell",
|
"make-shell": "make-shell",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
|
|
|
||||||
|
|
@ -19,6 +19,8 @@
|
||||||
url = "github:nix-community/disko";
|
url = "github:nix-community/disko";
|
||||||
inputs.nixpkgs.follows = "nixpkgs";
|
inputs.nixpkgs.follows = "nixpkgs";
|
||||||
};
|
};
|
||||||
|
# impermanence provides a nice abstraction over linking files from /persist
|
||||||
|
impermanence.url = "github:nix-community/impermanence";
|
||||||
# import-tree imports all nix files in a given directory.
|
# import-tree imports all nix files in a given directory.
|
||||||
import-tree.url = "github:vic/import-tree";
|
import-tree.url = "github:vic/import-tree";
|
||||||
# files lets us write text files and automatically add checks for them
|
# files lets us write text files and automatically add checks for them
|
||||||
|
|
|
||||||
44
nix/modules/machine/root/ephemeral.nix
Normal file
44
nix/modules/machine/root/ephemeral.nix
Normal file
|
|
@ -0,0 +1,44 @@
|
||||||
|
{
|
||||||
|
config,
|
||||||
|
lib,
|
||||||
|
inputs,
|
||||||
|
...
|
||||||
|
}:
|
||||||
|
let
|
||||||
|
inherit (lib) mkMerge mkIf mkAfter;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
flake.modules.nixos.default =
|
||||||
|
{ hostName, ... }:
|
||||||
|
let
|
||||||
|
inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [ inputs.impermanence.nixosModules.impermanence ];
|
||||||
|
config = mkMerge [
|
||||||
|
# Ephemeral by default - assumes btrfs
|
||||||
|
(mkIf (root.ephemeral or true) {
|
||||||
|
boot.initrd.postDeviceCommands = mkAfter ''
|
||||||
|
mkdir /btrfs_tmp
|
||||||
|
mount /dev/root_vg/root /btrfs_tmp
|
||||||
|
|
||||||
|
if [[ -e /btrfs_tmp/root ]]; then
|
||||||
|
btrfs subvolume delete "/btrfs_tmp/root"
|
||||||
|
fi
|
||||||
|
'';
|
||||||
|
programs.fuse.userAllowOther = true;
|
||||||
|
fileSystems."/persist".neededForBoot = true;
|
||||||
|
environment.persistence."/persist" = {
|
||||||
|
hideMounts = true;
|
||||||
|
files = [
|
||||||
|
"/etc/ssh/ssh_host_ed25519_key"
|
||||||
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||||
|
"/etc/ssh/ssh_host_rsa_key"
|
||||||
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||||
|
"/etc/machine-id"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
})
|
||||||
|
];
|
||||||
|
};
|
||||||
|
}
|
||||||
Loading…
Add table
Add a link
Reference in a new issue