lappy: enable impermanence
it mostly went smooth, though i lost a .ssh key. probably the best upgrade process is to do most of the heavy work in the initrd: write the new nix config, notably, configuring a tmpfs / mount and moving the previous / to /nix. then boot and in the initrd, move all the `/nix/nix/...` items up a level.
This commit is contained in:
parent
68f066229b
commit
fa131fe39f
16
flake.lock
16
flake.lock
|
@ -21,6 +21,21 @@
|
||||||
"type": "github"
|
"type": "github"
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
|
"impermanence": {
|
||||||
|
"locked": {
|
||||||
|
"lastModified": 1646131459,
|
||||||
|
"narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=",
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4",
|
||||||
|
"type": "github"
|
||||||
|
},
|
||||||
|
"original": {
|
||||||
|
"owner": "nix-community",
|
||||||
|
"repo": "impermanence",
|
||||||
|
"type": "github"
|
||||||
|
}
|
||||||
|
},
|
||||||
"mobile-nixos": {
|
"mobile-nixos": {
|
||||||
"flake": false,
|
"flake": false,
|
||||||
"locked": {
|
"locked": {
|
||||||
|
@ -118,6 +133,7 @@
|
||||||
"root": {
|
"root": {
|
||||||
"inputs": {
|
"inputs": {
|
||||||
"home-manager": "home-manager",
|
"home-manager": "home-manager",
|
||||||
|
"impermanence": "impermanence",
|
||||||
"mobile-nixos": "mobile-nixos",
|
"mobile-nixos": "mobile-nixos",
|
||||||
"nixpkgs": "nixpkgs",
|
"nixpkgs": "nixpkgs",
|
||||||
"nurpkgs": "nurpkgs",
|
"nurpkgs": "nurpkgs",
|
||||||
|
|
|
@ -16,9 +16,10 @@
|
||||||
};
|
};
|
||||||
nurpkgs.url = "github:nix-community/NUR";
|
nurpkgs.url = "github:nix-community/NUR";
|
||||||
sops-nix.url = "github:Mic92/sops-nix";
|
sops-nix.url = "github:Mic92/sops-nix";
|
||||||
|
impermanence.url = "github:nix-community/impermanence";
|
||||||
};
|
};
|
||||||
|
|
||||||
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix }: {
|
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix, impermanence }: {
|
||||||
machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
|
machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
|
||||||
machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
|
machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
|
||||||
machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
|
machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
|
||||||
|
@ -68,7 +69,7 @@
|
||||||
nixosSystem = import (patchedPkgs + "/nixos/lib/eval-config.nix");
|
nixosSystem = import (patchedPkgs + "/nixos/lib/eval-config.nix");
|
||||||
in (nixosSystem {
|
in (nixosSystem {
|
||||||
inherit system;
|
inherit system;
|
||||||
specialArgs = { inherit home-manager nurpkgs; };
|
specialArgs = { inherit home-manager nurpkgs impermanence; };
|
||||||
modules = [
|
modules = [
|
||||||
./modules
|
./modules
|
||||||
./machines/${name}
|
./machines/${name}
|
||||||
|
|
|
@ -5,6 +5,7 @@
|
||||||
];
|
];
|
||||||
|
|
||||||
colinsane.gui.sway.enable = true;
|
colinsane.gui.sway.enable = true;
|
||||||
|
colinsane.impermanence.enable = true;
|
||||||
|
|
||||||
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
|
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
|
||||||
system.stateVersion = "21.05";
|
system.stateVersion = "21.05";
|
||||||
|
|
|
@ -2,6 +2,16 @@
|
||||||
|
|
||||||
{
|
{
|
||||||
fileSystems."/" = lib.mkDefault {
|
fileSystems."/" = lib.mkDefault {
|
||||||
|
device = "none";
|
||||||
|
fsType = "tmpfs";
|
||||||
|
options = [
|
||||||
|
"mode=755"
|
||||||
|
"size=1G"
|
||||||
|
"defaults"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
|
||||||
|
fileSystems."/nix" = lib.mkDefault {
|
||||||
device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
|
device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
|
||||||
fsType = "btrfs";
|
fsType = "btrfs";
|
||||||
options = [
|
options = [
|
||||||
|
|
|
@ -4,6 +4,7 @@
|
||||||
imports = [
|
imports = [
|
||||||
./gui
|
./gui
|
||||||
./hardware
|
./hardware
|
||||||
|
./impermanence.nix
|
||||||
./services/duplicity.nix
|
./services/duplicity.nix
|
||||||
./universal
|
./universal
|
||||||
];
|
];
|
||||||
|
|
46
modules/impermanence.nix
Normal file
46
modules/impermanence.nix
Normal file
|
@ -0,0 +1,46 @@
|
||||||
|
# borrows from:
|
||||||
|
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
||||||
|
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
||||||
|
# https://github.com/nix-community/impermanence
|
||||||
|
{ lib, config, impermanence, ... }:
|
||||||
|
|
||||||
|
with lib;
|
||||||
|
let
|
||||||
|
cfg = config.colinsane.impermanence;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
imports = [
|
||||||
|
impermanence.nixosModule
|
||||||
|
];
|
||||||
|
options = {
|
||||||
|
colinsane.impermanence.enable = mkOption {
|
||||||
|
default = false;
|
||||||
|
type = types.bool;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
config = mkIf cfg.enable {
|
||||||
|
environment.persistence."/nix/persist" = {
|
||||||
|
directories = [
|
||||||
|
# TODO: more granular persistence of /home
|
||||||
|
"/home/colin"
|
||||||
|
"/etc/NetworkManager/system-connections"
|
||||||
|
"/etc/nixos"
|
||||||
|
"/etc/ssh"
|
||||||
|
# TODO: these individual files don't bind-mount. Xe shows the right way to handle files, i believe.
|
||||||
|
# "/etc/machine-id"
|
||||||
|
# # XXX these only need persistence because i have mutableUsers = true, i think
|
||||||
|
# "/etc/group"
|
||||||
|
# "/etc/passwd"
|
||||||
|
# "/etc/shadow"
|
||||||
|
# TODO: more granular persistence of /var/lib
|
||||||
|
"/var/lib"
|
||||||
|
"/var/log"
|
||||||
|
"/mnt"
|
||||||
|
# TODO: what even GOES in /srv?
|
||||||
|
"/srv"
|
||||||
|
];
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user