diff --git a/hosts/common/global/default.nix b/hosts/common/global/default.nix index 4b7bdc0..e606f80 100644 --- a/hosts/common/global/default.nix +++ b/hosts/common/global/default.nix @@ -6,6 +6,7 @@ imports = [ inputs.home-manager.nixosModules.home-manager ./fish.nix + ./optin-persistence.nix ./sops.nix ] ++ (builtins.attrValues outputs.nixosModules); diff --git a/hosts/common/global/optin-persistence.nix b/hosts/common/global/optin-persistence.nix new file mode 100644 index 0000000..17622fc --- /dev/null +++ b/hosts/common/global/optin-persistence.nix @@ -0,0 +1,35 @@ +{ + lib, + inputs, + config, + ... +}: { + imports = [inputs.impermanence.nixosModules.impermanence]; + + environment.persistence = { + "/persist" = { + files = [ + "/etc/machine-id" + ]; + directories = [ + "/var/lib/fprint" + "/var/lib/systemd" + "/var/lib/nixos" + "/var/log" + "/srv" + ]; + }; + }; + + programs.fuse.userAllowOther = true; + system.activationScripts.persistent-dirs.text = let + mkHomePersist = user: + lib.optionalString user.createHome '' + mkdir -p /persist/${user.home} + chown ${user.name}:${user.group} /persist/${user.home} + chmod ${user.homeMode} /persist/${user.home} + ''; + users = lib.attrValues config.users.users; + in + lib.concatLines (map mkHomePersist users); +} diff --git a/hosts/common/optional/ephemeral-btrfs.nix b/hosts/common/optional/ephemeral-btrfs.nix index 0395aaf..4b13bbc 100644 --- a/hosts/common/optional/ephemeral-btrfs.nix +++ b/hosts/common/optional/ephemeral-btrfs.nix @@ -1,5 +1,49 @@ { + lib, + config, + ... +}: let + root = config.fileSystems."/"; -}: { + wipeScript = '' + mkdir /tmp -p + MNTPOINT=$(mktemp -d) + ( + mount -t btrfs -o subvol=/ ${root.device} "$MNTPOINT" + trap 'umount "$MNTPOINT"' EXIT + echo "Creating needed directories" + mkdir -p "$MNTPOINT"/persist/var/{log,lib/{nixos,systemd}} + if [ -e "$MNTPOINT/dont-wipe" ]; then + echo "Skipping wipe" + else + echo "Cleaning root subvolume" + btrfs subvolume delete -R "$MNTPOINT/root" + echo "Restoring blank subvolume" + btrfs subvolume snapshot "$MNTPOINT/root-blank" "$MNTPOINT/root" + fi + ) + ''; + + # Convert a device path to a systemd .device + toSystemdDevice = device: lib.concatStringsSep "-" (lib.tail (map (lib.replaceString "-" "\\x2d" ) (lib.splitString "/" device))) + ".device"; + + phase1Systemd = config.boot.initrd.systemd.enable; +in { + boot.initrd = { + supportedFilesystems = ["btrfs"]; + postDeviceCommands = lib.mkIf (!phase1Systemd) (lib.mkBefore wipeScript); + systemd.services.restore-root = lib.mkIf phase1Systemd { + description = "Rollback btrfs rootfs"; + wantedBy = ["initrd.target"]; + requires = [(toSystemdDevice root.device)]; + after = [(toSystemdDevice root.device)]; + before = ["sysroot.mount"]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = wipeScript; + }; + }; + + fileSystems."/persist".neededForBoot = lib.mkDefault true; } diff --git a/hosts/orpheus/default.nix b/hosts/orpheus/default.nix index ee08085..9405d1f 100644 --- a/hosts/orpheus/default.nix +++ b/hosts/orpheus/default.nix @@ -27,5 +27,7 @@ dconf.enable = true; }; + hardware.graphics.enable = true; + system.stateVersion = "25.11"; } diff --git a/hosts/orpheus/hardware-configuration.nix b/hosts/orpheus/hardware-configuration.nix index c29aafa..ece4f2a 100644 --- a/hosts/orpheus/hardware-configuration.nix +++ b/hosts/orpheus/hardware-configuration.nix @@ -1,8 +1,8 @@ -{inputs, ... }: { +{inputs, lib, ... }: { imports = [ inputs.disko.nixosModules.disko - ../common/optional/ephermal-btrfs.nix + ../common/optional/ephemeral-btrfs.nix ]; boot = { @@ -31,7 +31,7 @@ type = "disk"; content = { type = "gpt"; - partions = { + partitions = { boot = { size = "1M"; type = "EF02"; @@ -88,6 +88,7 @@ }; }; }; + nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux"; }