forked from jan-leila/nix-config
got impermanence to wipe drive
This commit is contained in:
parent
d2b3f0116e
commit
848c57caa0
10 changed files with 281 additions and 234 deletions
87
configurations/nixos/defiant/impermanence.nix
Normal file
87
configurations/nixos/defiant/impermanence.nix
Normal file
|
|
@ -0,0 +1,87 @@
|
|||
{
|
||||
lib,
|
||||
config,
|
||||
...
|
||||
}: {
|
||||
boot.initrd.postResumeCommands = lib.mkAfter ''
|
||||
zfs rollback -r rpool/local/system/root@blank
|
||||
zfs rollback -r rpool/local/home/leyla@blank
|
||||
'';
|
||||
|
||||
# systemd.services = {
|
||||
# # https://github.com/openzfs/zfs/issues/10891
|
||||
# systemd-udev-settle.enable = false;
|
||||
# # Snapshots are not accessible on boot for some reason this should fix it
|
||||
# # https://github.com/NixOS/nixpkgs/issues/257505
|
||||
# zfs-mount = {
|
||||
# serviceConfig = {
|
||||
# ExecStart = ["zfs mount -a -o remount"];
|
||||
# # ExecStart = [
|
||||
# # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/local -o remount"
|
||||
# # "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount"
|
||||
# # ];
|
||||
# };
|
||||
# };
|
||||
# };
|
||||
|
||||
# boot.initrd.systemd.services.rollback = {
|
||||
# description = "Rollback filesystem to a pristine state on boot";
|
||||
# wantedBy = [
|
||||
# "initrd.target"
|
||||
# ];
|
||||
# after = [
|
||||
# "zfs-import-rpool.service"
|
||||
# ];
|
||||
# before = [
|
||||
# "sysroot.mount"
|
||||
# ];
|
||||
# requiredBy = [
|
||||
# "sysroot.mount"
|
||||
# ];
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# ExecStart = ''
|
||||
# zfs rollback -r rpool/local/system/root@blank
|
||||
# zfs rollback -r rpool/local/home@blank
|
||||
# '';
|
||||
# };
|
||||
# };
|
||||
|
||||
fileSystems."/".neededForBoot = true;
|
||||
fileSystems."/home/leyla".neededForBoot = true;
|
||||
fileSystems."/persist/system/root".neededForBoot = true;
|
||||
fileSystems."/persist/home/leyla".neededForBoot = true;
|
||||
|
||||
environment.persistence."/persist/system/root" = {
|
||||
enable = true;
|
||||
hideMounts = true;
|
||||
directories = [
|
||||
"/run/secrets"
|
||||
|
||||
"/etc/ssh"
|
||||
|
||||
"/var/log"
|
||||
"/var/lib/nixos"
|
||||
"/var/lib/systemd/coredump"
|
||||
|
||||
# config.apps.pihole.directory.root
|
||||
|
||||
# config.apps.jellyfin.mediaDirectory
|
||||
# config.services.jellyfin.configDir
|
||||
# config.services.jellyfin.cacheDir
|
||||
# config.services.jellyfin.dataDir
|
||||
|
||||
# "/var/hass" # config.users.users.hass.home
|
||||
# "/var/postgresql" # config.users.users.postgresql.home
|
||||
# "/var/forgejo" # config.users.users.forgejo.home
|
||||
# "/var/nextcloud" # config.users.users.nextcloud.home
|
||||
# "/var/headscale" # config.users.users.headscale.home
|
||||
];
|
||||
files = [
|
||||
"/etc/machine-id"
|
||||
config.environment.sessionVariables.SOPS_AGE_KEY_FILE
|
||||
];
|
||||
};
|
||||
|
||||
security.sudo.extraConfig = "Defaults lecture=never";
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue