stuff

2025-05-01 03:04:00 -07:00
parent 7d547c401a
commit 4f6937f85f
5 changed files with 68 additions and 52 deletions
--- a/flake.lock
+++ b/flake.lock
@@ -360,6 +360,21 @@
        "type": "github"
      }
    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
    "ixx": {
      "inputs": {
        "flake-utils": [
@@ -824,6 +839,7 @@
        "flake-utils": "flake-utils",
        "home-manager": "home-manager",
        "home-manager-unstable": "home-manager-unstable",
+        "impermanence": "impermanence",
        "jovian-unstable": "jovian-unstable",
        "most-winningest": "most-winningest",
        "nix-on-droid": "nix-on-droid",
@@ -836,9 +852,7 @@
        "padtype-unstable": "padtype-unstable",
        "sm64baserom": "sm64baserom",
        "sops-nix": "sops-nix",
-        "treefmt-nix": "treefmt-nix_2",
-        "vscode-server": "vscode-server",
-        "vscode-server-unstable": "vscode-server-unstable"
+        "treefmt-nix": "treefmt-nix_2"
      }
    },
    "rust-analyzer-src": {
@@ -1042,52 +1056,6 @@
        "repo": "treefmt-nix",
        "type": "github"
      }
-    },
-    "vscode-server": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729422940,
-        "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "type": "github"
-      }
-    },
-    "vscode-server-unstable": {
-      "inputs": {
-        "flake-utils": [
-          "flake-utils"
-        ],
-        "nixpkgs": [
-          "nixpkgs-unstable"
-        ]
-      },
-      "locked": {
-        "lastModified": 1729422940,
-        "narHash": "sha256-DlvJv33ml5UTKgu4b0HauOfFIoDx6QXtbqUF3vWeRCY=",
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "rev": "8b6db451de46ecf9b4ab3d01ef76e59957ff549f",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-vscode-server",
-        "type": "github"
-      }
    }
  },
  "root": "root",
--- a/flake.nix
+++ b/flake.nix
@@ -27,6 +27,7 @@
      url = "github:nix-community/home-manager";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
    };
+    impermanence.url = "github:nix-community/impermanence";
    jovian-unstable = {
      # there is no stable jovian :cry:
      url = "github:Jovian-Experiments/Jovian-NixOS";
@@ -227,6 +228,7 @@
        prophecy = mkNixosConfig {
          module = ./prophecy;
          system = "x86_64-linux";
+          inp = [ "impermanence" ];
        };
      };

--- a/prophecy/btrfs.nix
+++ b/prophecy/btrfs.nix
@@ -23,6 +23,16 @@ in
        package = btrfs-progs;
      };
    }
+    ({ config, lib, ... }: {
+      options.vacu.initramContents = lib.mkOption {
+        default =
+        pkgs.runCommand "initram-contents" {} ''
+          mkdir -p $out
+          cd $out
+          ${pkgs.zstd}/bin/zstdcat ${config.system.build.initialRamdisk}/initrd | ${pkgs.cpio}/bin/cpio -idmv
+        '';
+      };
+    })
  ];
  fileSystems."/" = {
    device = btrfsDevice;
@@ -30,8 +40,11 @@ in
    options = [ "subvol=root,${btrfsOpts}" ];
  };

-  boot.initrd.systemd.services."impermanence-setup" = {
+  boot.initrd.systemd.services."vacu-impermanence-setup" = {
    enable = true;
+    wantedBy = [ "initrd-root-device.target" ];
+    before = [ "sysroot.mount" "create-needed-for-boot-dirs.service" ];
+    serviceConfig.Type = "oneshot";
    script = ''
      set -euo pipefail
      btrfs_tmp="$(mktemp -d)"
@@ -46,7 +59,7 @@ in
        ${btrfs} subvolume create ./root

        ${btrfs} subvolume destroy ./big-tmp
-        ${btrfs} subvolume create ./bit-tmp
+        ${btrfs} subvolume create ./big-tmp
      )
      umount "$btrfs_tmp"
      rmdir "$btrfs_tmp"
@@ -92,7 +105,7 @@ in
  };

  # deleted and re-created on every boot, for stuff too big to go in a tmpfs
-  fileSystems."/big-temp" = {
+  fileSystems."/tmp" = {
    device = btrfsDevice;
    fsType = "btrfs";
    options = [ "subvol=big-tmp,${btrfsOpts}" ];
--- a/prophecy/default.nix
+++ b/prophecy/default.nix
@@ -3,6 +3,7 @@
 }:
 {
  imports = [
+    ./impermanence.nix
    ./hardware.nix
    ./btrfs.nix
  ];
@@ -19,4 +20,8 @@
  networking.networkmanager.enable = true;
  services.openssh.enable = true;
  system.stateVersion = "24.11";
+
+  users.mutableUsers = false;
+  users.users.root.initialHashedPassword = "$2b$15$D66qIGBJm27pTuX1Rc6aeuQGcrX71T2Gxg.PmTYPAdOnDI1trCtqC";
+  users.users.shelvacu.initialHashedPassword = "$2b$15$D66qIGBJm27pTuX1Rc6aeuQGcrX71T2Gxg.PmTYPAdOnDI1trCtqC";
 }
--- a/prophecy/impermanence.nix
+++ b/prophecy/impermanence.nix
@@ -0,0 +1,28 @@
+{ inputs, ... }:
+{
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+  environment.persistence."/persistent" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/nixos"
+      "/home"
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+  };
+  environment.persistence."/persistent-cache" = {
+    enable = true;
+    directories = [
+      "/var/cache"
+    ];
+  };
+}