colin
fa131fe39f
it mostly went smooth, though i lost a .ssh key. probably the best upgrade process is to do most of the heavy work in the initrd: write the new nix config, notably, configuring a tmpfs / mount and moving the previous / to /nix. then boot and in the initrd, move all the `/nix/nix/...` items up a level.
47 lines
1.2 KiB
Nix
47 lines
1.2 KiB
Nix
# borrows from:
|
|
# https://xeiaso.net/blog/paranoid-nixos-2021-07-18
|
|
# https://elis.nu/blog/2020/05/nixos-tmpfs-as-root/
|
|
# https://github.com/nix-community/impermanence
|
|
{ lib, config, impermanence, ... }:
|
|
|
|
with lib;
|
|
let
|
|
cfg = config.colinsane.impermanence;
|
|
in
|
|
{
|
|
imports = [
|
|
impermanence.nixosModule
|
|
];
|
|
options = {
|
|
colinsane.impermanence.enable = mkOption {
|
|
default = false;
|
|
type = types.bool;
|
|
};
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
environment.persistence."/nix/persist" = {
|
|
directories = [
|
|
# TODO: more granular persistence of /home
|
|
"/home/colin"
|
|
"/etc/NetworkManager/system-connections"
|
|
"/etc/nixos"
|
|
"/etc/ssh"
|
|
# TODO: these individual files don't bind-mount. Xe shows the right way to handle files, i believe.
|
|
# "/etc/machine-id"
|
|
# # XXX these only need persistence because i have mutableUsers = true, i think
|
|
# "/etc/group"
|
|
# "/etc/passwd"
|
|
# "/etc/shadow"
|
|
# TODO: more granular persistence of /var/lib
|
|
"/var/lib"
|
|
"/var/log"
|
|
"/mnt"
|
|
# TODO: what even GOES in /srv?
|
|
"/srv"
|
|
];
|
|
};
|
|
};
|
|
}
|
|
|