update

2025-12-31 15:48:38 +01:00
parent 7fb80baf59
commit 8353577620
5 changed files with 87 additions and 4 deletions
--- a/hosts/common/global/default.nix
+++ b/hosts/common/global/default.nix
@@ -6,6 +6,7 @@
  imports = [
    inputs.home-manager.nixosModules.home-manager
    ./fish.nix
+    ./optin-persistence.nix
    ./sops.nix
  ] ++ (builtins.attrValues outputs.nixosModules);

--- a/hosts/common/global/optin-persistence.nix
+++ b/hosts/common/global/optin-persistence.nix
@@ -0,0 +1,35 @@
+{
+  lib,
+  inputs,
+  config,
+  ...
+}: {
+  imports = [inputs.impermanence.nixosModules.impermanence];
+
+  environment.persistence = {
+    "/persist" = {
+      files = [
+        "/etc/machine-id"
+      ];
+      directories = [
+        "/var/lib/fprint"
+	"/var/lib/systemd"
+	"/var/lib/nixos"
+	"/var/log"
+	"/srv"
+      ];
+    };
+  };
+
+  programs.fuse.userAllowOther = true;
+  system.activationScripts.persistent-dirs.text = let
+    mkHomePersist = user:
+      lib.optionalString user.createHome ''
+        mkdir -p /persist/${user.home}
+        chown ${user.name}:${user.group} /persist/${user.home}
+        chmod ${user.homeMode} /persist/${user.home}
+      '';
+    users = lib.attrValues config.users.users;
+  in
+    lib.concatLines (map mkHomePersist users);
+}
--- a/hosts/common/optional/ephemeral-btrfs.nix
+++ b/hosts/common/optional/ephemeral-btrfs.nix
@@ -1,5 +1,49 @@
 {
+  lib,
+  config,
+  ...
+}: let
+  root = config.fileSystems."/";

-}: {
+  wipeScript = ''
+    mkdir /tmp -p
+    MNTPOINT=$(mktemp -d)
+    (
+      mount -t btrfs -o subvol=/ ${root.device} "$MNTPOINT"
+      trap 'umount "$MNTPOINT"' EXIT

+      echo "Creating needed directories"
+      mkdir -p "$MNTPOINT"/persist/var/{log,lib/{nixos,systemd}}
+      if [ -e "$MNTPOINT/dont-wipe" ]; then
+        echo "Skipping wipe"
+      else
+        echo "Cleaning root subvolume"
+        btrfs subvolume delete -R "$MNTPOINT/root"
+        echo "Restoring blank subvolume"
+        btrfs subvolume snapshot "$MNTPOINT/root-blank" "$MNTPOINT/root"
+      fi
+    )
+  '';
+
+  # Convert a device path to a systemd .device
+  toSystemdDevice = device: lib.concatStringsSep "-" (lib.tail (map (lib.replaceString "-" "\\x2d" ) (lib.splitString "/" device))) + ".device";
+
+  phase1Systemd = config.boot.initrd.systemd.enable;
+in {
+  boot.initrd = {
+    supportedFilesystems = ["btrfs"];
+    postDeviceCommands = lib.mkIf (!phase1Systemd) (lib.mkBefore wipeScript);
+    systemd.services.restore-root = lib.mkIf phase1Systemd {
+      description = "Rollback btrfs rootfs";
+      wantedBy = ["initrd.target"];
+      requires = [(toSystemdDevice root.device)];
+      after = [(toSystemdDevice root.device)];
+      before = ["sysroot.mount"];
+      unitConfig.DefaultDependencies = "no";
+      serviceConfig.Type = "oneshot";
+      script = wipeScript;
+    };
+  };
+
+  fileSystems."/persist".neededForBoot = lib.mkDefault true;
 }