lappy: enable impermanence
it mostly went smooth, though i lost a .ssh key. probably the best upgrade process is to do most of the heavy work in the initrd: write the new nix config, notably, configuring a tmpfs / mount and moving the previous / to /nix. then boot and in the initrd, move all the `/nix/nix/...` items up a level.
This commit is contained in:
parent
68f066229b
commit
fa131fe39f
16
flake.lock
16
flake.lock
|
@ -21,6 +21,21 @@
|
|||
"type": "github"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1646131459,
|
||||
"narHash": "sha256-GPmgxvUFvQ1GmsGfWHy9+rcxWrczeDhS9XnAIPHi9XQ=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "2f39baeb7d039fda5fc8225111bb79474138e6f4",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"mobile-nixos": {
|
||||
"flake": false,
|
||||
"locked": {
|
||||
|
@ -118,6 +133,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"home-manager": "home-manager",
|
||||
"impermanence": "impermanence",
|
||||
"mobile-nixos": "mobile-nixos",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"nurpkgs": "nurpkgs",
|
||||
|
|
|
@ -16,9 +16,10 @@
|
|||
};
|
||||
nurpkgs.url = "github:nix-community/NUR";
|
||||
sops-nix.url = "github:Mic92/sops-nix";
|
||||
impermanence.url = "github:nix-community/impermanence";
|
||||
};
|
||||
|
||||
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix }: {
|
||||
outputs = { self, nixpkgs, mobile-nixos, home-manager, nurpkgs, sops-nix, impermanence }: {
|
||||
machines.servo = self.decl-bootable-machine { name = "servo"; system = "aarch64-linux"; };
|
||||
machines.desko = self.decl-bootable-machine { name = "desko"; system = "x86_64-linux"; };
|
||||
machines.lappy = self.decl-bootable-machine { name = "lappy"; system = "x86_64-linux"; };
|
||||
|
@ -68,7 +69,7 @@
|
|||
nixosSystem = import (patchedPkgs + "/nixos/lib/eval-config.nix");
|
||||
in (nixosSystem {
|
||||
inherit system;
|
||||
specialArgs = { inherit home-manager nurpkgs; };
|
||||
specialArgs = { inherit home-manager nurpkgs impermanence; };
|
||||
modules = [
|
||||
./modules
|
||||
./machines/${name}
|
||||
|
|
|
@ -5,6 +5,7 @@
|
|||
];
|
||||
|
||||
colinsane.gui.sway.enable = true;
|
||||
colinsane.impermanence.enable = true;
|
||||
|
||||
# docs: https://nixos.org/manual/nixos/stable/options.html#opt-system.stateVersion
|
||||
system.stateVersion = "21.05";
|
||||
|
|
|
@ -2,6 +2,16 @@
|
|||
|
||||
{
|
||||
fileSystems."/" = lib.mkDefault {
|
||||
device = "none";
|
||||
fsType = "tmpfs";
|
||||
options = [
|
||||
"mode=755"
|
||||
"size=1G"
|
||||
"defaults"
|
||||
];
|
||||
};
|
||||
|
||||
fileSystems."/nix" = lib.mkDefault {
|
||||
device = "/dev/disk/by-uuid/75230e56-2c69-4e41-b03e-68475f119980";
|
||||
fsType = "btrfs";
|
||||
options = [
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
imports = [
|
||||
./gui
|
||||
./hardware
|
||||
./impermanence.nix
|
||||
./services/duplicity.nix
|
||||
./universal
|
||||
];
|
||||
|
|
46
modules/impermanence.nix
Normal file
46
modules/impermanence.nix
Normal file
|
@ -0,0 +1,46 @@
|
|||
# borrows from:
|
||||
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
||||
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
||||
# https://github.com/nix-community/impermanence
|
||||
{ lib, config, impermanence, ... }:
|
||||
|
||||
with lib;
|
||||
let
|
||||
cfg = config.colinsane.impermanence;
|
||||
in
|
||||
{
|
||||
imports = [
|
||||
impermanence.nixosModule
|
||||
];
|
||||
options = {
|
||||
colinsane.impermanence.enable = mkOption {
|
||||
default = false;
|
||||
type = types.bool;
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.persistence."/nix/persist" = {
|
||||
directories = [
|
||||
# TODO: more granular persistence of /home
|
||||
"/home/colin"
|
||||
"/etc/NetworkManager/system-connections"
|
||||
"/etc/nixos"
|
||||
"/etc/ssh"
|
||||
# TODO: these individual files don't bind-mount. Xe shows the right way to handle files, i believe.
|
||||
# "/etc/machine-id"
|
||||
# # XXX these only need persistence because i have mutableUsers = true, i think
|
||||
# "/etc/group"
|
||||
# "/etc/passwd"
|
||||
# "/etc/shadow"
|
||||
# TODO: more granular persistence of /var/lib
|
||||
"/var/lib"
|
||||
"/var/log"
|
||||
"/mnt"
|
||||
# TODO: what even GOES in /srv?
|
||||
"/srv"
|
||||
];
|
||||
};
|
||||
};
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user