colin/nix-files
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

lappy: enable impermanence

Browse Source 
it mostly went smooth, though i lost a .ssh key.
probably the best upgrade process is to do most of the heavy work in the
initrd:

write the new nix config, notably, configuring a tmpfs / mount
and moving the previous / to /nix.
then boot and in the initrd, move all the `/nix/nix/...` items
up a level.
This commit is contained in:
colin 2022-06-20 03:28:01 -07:00
parent 68f066229b
commit fa131fe39f
6 changed files with 77 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
flake.lock
View File

@ -21,6 +21,21 @@
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1646131459,
"narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"mobile-nixos": {
"flake": false,
"locked": {
@ -118,6 +133,7 @@
"root": {
"inputs": {
"home-manager": "home-manager",
"impermanence": "impermanence",
"mobile-nixos": "mobile-nixos",
"nixpkgs": "nixpkgs",
"nurpkgs": "nurpkgs",

5
flake.nix
View File

@ -16,9 +16,10 @@
};
nurpkgs.url = "github:nix-community/NUR";
sops-nix.url = "github:Mic92/sops-nix";
impermanence.url = "github:nix-community/impermanence";
};
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix }: {
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix, impermanence }: {
machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
@ -68,7 +69,7 @@
nixosSystem = import (patchedPkgs + "/nixos/lib/eval-config.nix");
in (nixosSystem {
inherit system;
specialArgs = { inherit home-manager nurpkgs; };
specialArgs = { inherit home-manager nurpkgs impermanence; };
modules = [
./modules
./machines/${name}

1
machines/lappy/default.nix
View File

@ -5,6 +5,7 @@
];
colinsane.gui.sway.enable = true;
colinsane.impermanence.enable = true;
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
system.stateVersion = "21.05";

10
machines/lappy/fs.nix
View File

@ -2,6 +2,16 @@
{
fileSystems."/" = lib.mkDefault {
device = "none";
fsType = "tmpfs";
options = [
"mode=755"
"size=1G"
"defaults"
];
};
fileSystems."/nix" = lib.mkDefault {
device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
fsType = "btrfs";
options = [

1
modules/default.nix
View File

@ -4,6 +4,7 @@
imports = [
./gui
./hardware
./impermanence.nix
./services/duplicity.nix
./universal
];

46
modules/impermanence.nix Normal file
View File

@ -0,0 +1,46 @@
# borrows from:
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
# https://github.com/nix-community/impermanence
{ lib, config, impermanence, ... }:
with lib;
let
cfg = config.colinsane.impermanence;
in
{
imports = [
impermanence.nixosModule
];
options = {
colinsane.impermanence.enable = mkOption {
default = false;
type = types.bool;
};
};
config = mkIf cfg.enable {
environment.persistence."/nix/persist" = {
directories = [
# TODO: more granular persistence of /home
"/home/colin"
"/etc/NetworkManager/system-connections"
"/etc/nixos"
"/etc/ssh"
# TODO: these individual files don't bind-mount. Xe shows the right way to handle files, i believe.
# "/etc/machine-id"
# # XXX these only need persistence because i have mutableUsers = true, i think
# "/etc/group"
# "/etc/passwd"
# "/etc/shadow"
# TODO: more granular persistence of /var/lib
"/var/lib"
"/var/log"
"/mnt"
# TODO: what even GOES in /srv?
"/srv"
];
};
};
}