jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: fixed merge incompatibilities

Browse source
This commit is contained in:
Leyla Becker 2026-03-07 12:03:09 -06:00
parent fa0adaa511
commit 1145703cfe
9 changed files with 259 additions and 131 deletions
Download patch file Download diff file Expand all files Collapse all files

1
configurations/nixos/defiant/configuration.nix
View file

@ -67,7 +67,6 @@
};
storage = {
generateBase = false;
zfs = {
enable = true;
notifications = {

97
configurations/nixos/defiant/legacy-impermanence.nix
View file

@ -1,19 +1,32 @@
# Legacy impermanence module for defiant
# This module contains all the impermanence configurations that were previously
# handled by individual service modules on the main branch. It allows us to
# merge the storage-refactor branch into main while keeping current functionality,
# and then migrate services one at a time to the new automated impermanence system.
# See legacy-storage.nix for the full incremental migration plan.
#
# To migrate a service to the new system:
# 1. Remove the service's configuration from this file
# 2. Set `impermanence.enable = true` for that service in configuration.nix
# 3. Remove `impermanence.enable = false` from the service configuration
# This file is consumed in two phases:
#
# Phase 3 (after generateBase is enabled):
# Remove the SYSTEM-LEVEL entries marked [PHASE 3] below. These will be
# handled automatically by storage.nix, ssh.nix, and the impermanence module:
# - var-lib-private-permissions activation script
# - /etc/machine-id
# - SSH host keys
# - /var/lib/nixos
# - /var/lib/systemd/coredump
# - /persist/system/var/log persistence block
#
# Phase 4 (migrate services one at a time, any order):
# For each service:
# 1. Remove the service's section marked [PHASE 4] from this file
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# For jellyfin/qbittorrent, also remove the separate media persistence blocks.
#
# Phase 5: Delete this file once empty.
{
config,
lib,
...
}: {
config = lib.mkIf config.storage.impermanence.enable {
# [PHASE 3] Remove this activation script after enabling generateBase
system.activationScripts = {
"var-lib-private-permissions" = {
deps = ["specialfs"];
@ -27,8 +40,28 @@
environment.persistence."/persist/system/root" = {
enable = true;
hideMounts = true;
# [PHASE 3] Remove this files block after enabling generateBase
files = lib.mkMerge [
["/etc/machine-id"]
# SSH host keys
(lib.mkIf config.services.openssh.enable (
lib.lists.flatten (
builtins.map (hostKey: [
hostKey.path
"${hostKey.path}.pub"
])
config.services.openssh.hostKeys
)
))
];
directories = lib.mkMerge [
# PostgreSQL
# [PHASE 3] Remove these system directories after enabling generateBase
[
"/var/lib/nixos"
"/var/lib/systemd/coredump"
]
# [PHASE 4] PostgreSQL
(lib.mkIf config.services.postgresql.enable [
{
directory = "/var/lib/postgresql/16";
@ -37,7 +70,7 @@
}
])
# Reverse Proxy (ACME)
# [PHASE 4] Reverse Proxy (ACME)
(lib.mkIf config.services.reverseProxy.enable [
{
directory = "/var/lib/acme";
@ -46,7 +79,7 @@
}
])
# Ollama
# [PHASE 4] Ollama
(lib.mkIf config.services.ollama.enable [
{
directory = "/var/lib/private/ollama";
@ -56,7 +89,7 @@
}
])
# Tailscale
# [PHASE 4] Tailscale
(lib.mkIf config.services.tailscale.enable [
{
directory = "/var/lib/tailscale";
@ -65,7 +98,7 @@
}
])
# Syncthing
# [PHASE 4] Syncthing
(lib.mkIf config.services.syncthing.enable [
{
directory = "/mnt/sync";
@ -79,7 +112,7 @@
}
])
# Fail2ban
# [PHASE 4] Fail2ban
(lib.mkIf config.services.fail2ban.enable [
{
directory = "/var/lib/fail2ban";
@ -88,7 +121,7 @@
}
])
# Jellyfin (data/cache only - media is on separate dataset)
# [PHASE 4] Jellyfin (data/cache only - media is on separate dataset)
(lib.mkIf config.services.jellyfin.enable [
{
directory = "/var/lib/jellyfin";
@ -102,7 +135,7 @@
}
])
# Immich
# [PHASE 4] Immich
(lib.mkIf config.services.immich.enable [
{
directory = "/var/lib/immich";
@ -111,7 +144,7 @@
}
])
# Forgejo
# [PHASE 4] Forgejo
(lib.mkIf config.services.forgejo.enable [
{
directory = "/var/lib/forgejo";
@ -120,7 +153,7 @@
}
])
# Actual
# [PHASE 4] Actual
(lib.mkIf config.services.actual.enable [
{
directory = "/var/lib/private/actual";
@ -129,7 +162,7 @@
}
])
# Home Assistant
# [PHASE 4] Home Assistant
(lib.mkIf config.services.home-assistant.enable [
{
directory = "/var/lib/hass";
@ -138,7 +171,7 @@
}
])
# Paperless
# [PHASE 4] Paperless
(lib.mkIf config.services.paperless.enable [
{
directory = "/var/lib/paperless";
@ -147,7 +180,7 @@
}
])
# Crab-hole
# [PHASE 4] Crab-hole
(lib.mkIf config.services.crab-hole.enable [
{
directory = "/var/lib/private/crab-hole";
@ -156,7 +189,7 @@
}
])
# qBittorrent (config only - media is on separate dataset)
# [PHASE 4] qBittorrent (config only - media is on separate dataset)
(lib.mkIf config.services.qbittorrent.enable [
{
directory = "/var/lib/qBittorrent/";
@ -165,7 +198,7 @@
}
])
# Sonarr
# [PHASE 4] Sonarr
(lib.mkIf config.services.sonarr.enable [
{
directory = "/var/lib/sonarr/.config/NzbDrone";
@ -174,7 +207,7 @@
}
])
# Radarr
# [PHASE 4] Radarr
(lib.mkIf config.services.radarr.enable [
{
directory = "/var/lib/radarr/.config/Radarr";
@ -183,7 +216,7 @@
}
])
# Bazarr
# [PHASE 4] Bazarr
(lib.mkIf config.services.bazarr.enable [
{
directory = "/var/lib/bazarr";
@ -192,7 +225,7 @@
}
])
# Lidarr
# [PHASE 4] Lidarr
(lib.mkIf config.services.lidarr.enable [
{
directory = "/var/lib/lidarr/.config/Lidarr";
@ -201,7 +234,7 @@
}
])
# Jackett
# [PHASE 4] Jackett
(lib.mkIf config.services.jackett.enable [
{
directory = "/var/lib/jackett/.config/Jackett";
@ -210,7 +243,7 @@
}
])
# FlareSolverr
# [PHASE 4] FlareSolverr
(lib.mkIf config.services.flaresolverr.enable [
{
directory = "/var/lib/flaresolverr";
@ -221,7 +254,8 @@
];
};
# Jellyfin media on separate dataset (matching main)
# [PHASE 4 - LAST] Jellyfin media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/jellyfin" = lib.mkIf config.services.jellyfin.enable {
enable = true;
hideMounts = true;
@ -235,7 +269,8 @@
];
};
# qBittorrent media on separate dataset (matching main)
# [PHASE 4 - LAST] qBittorrent media on separate dataset
# Requires Phase 2 media dataset merge before migrating (several days of data copy)
environment.persistence."/persist/system/qbittorrent" = lib.mkIf config.services.qbittorrent.enable {
enable = true;
hideMounts = true;
@ -249,7 +284,7 @@
];
};
# /var/log persistence (matching main)
# [PHASE 3] /var/log persistence - handled by storage.nix after generateBase
environment.persistence."/persist/system/var/log" = {
enable = true;
hideMounts = true;

147
configurations/nixos/defiant/legacy-storage.nix
View file

@ -1,20 +1,131 @@
# Legacy storage configuration for defiant
# This file manually defines ZFS datasets matching the main branch structure
# to allow incremental migration to the new storage module.
# This file manually defines ZFS datasets matching the existing on-disk layout
# to allow incremental migration to the new storage module (generateBase = true).
#
# Datasets from main branch:
# - local/ - ephemeral parent
# - local/home/leyla - ephemeral user home
# - local/system/nix - nix store
# - local/system/root - root filesystem (rolled back on boot)
# - local/system/sops - sops age key
# - persist/ - persistent parent
# - persist/home/leyla - persistent user home
# - persist/system/jellyfin - jellyfin media
# - persist/system/qbittorrent - qbittorrent media
# - persist/system/root - persistent root data
# - persist/system/var/log - log persistence
# ============================================================================
# INCREMENTAL MIGRATION PLAN
# ============================================================================
#
# Current disk usage (for reference):
# rpool/local/system/nix ~26G (renamed in place, no copy)
# rpool/local/system/sops ~328K (renamed in place, no copy)
# rpool/persist/system/jellyfin ~32T (renamed in place, no copy)
# rpool/persist/system/qbittorrent ~6.5T (copied into media dataset, ~6.5T temp)
# rpool free space ~30T
#
# Phase 1: Migrate base datasets on disk (boot from live USB or rescue)
# All operations in this phase are instant renames -- no data is copied.
#
# Unlock the pool:
# zfs load-key -a
#
# Step 1a: Move nix and sops out of local/ (they go to persist/local/)
# The -p flag auto-creates the parent datasets.
#
# zfs rename -p rpool/local/system/nix rpool/persist/local/nix
# zfs rename -p rpool/local/system/sops rpool/persist/local/system/sops
#
# Step 1b: Rename local/ -> ephemeral/ (takes remaining children with it)
# zfs rename rpool/local rpool/ephemeral
# # This moves: local/system/root -> ephemeral/system/root
# # local/home/leyla -> ephemeral/home/leyla
#
# Step 1c: Recreate blank snapshots on ephemeral datasets
# zfs destroy rpool/ephemeral/system/root@blank
# zfs snapshot rpool/ephemeral/system/root@blank
# zfs destroy rpool/ephemeral/home/leyla@blank
# zfs snapshot rpool/ephemeral/home/leyla@blank
#
# Step 1d: Move persist/ children under persist/replicate/
# zfs create -o canmount=off rpool/persist/replicate
# zfs create -o canmount=off rpool/persist/replicate/system
# zfs rename rpool/persist/system/root rpool/persist/replicate/system/root
# zfs rename rpool/persist/system/var rpool/persist/replicate/system/var
# zfs rename rpool/persist/home/leyla rpool/persist/replicate/home
# # Clean up the now-empty home parent
# zfs destroy rpool/persist/home
# # NOTE: Do NOT destroy rpool/persist/system -- it still contains
# # persist/system/jellyfin and persist/system/qbittorrent which are
# # migrated in Phase 2.
#
# Verify the new layout:
# zfs list -r rpool -o name,used,mountpoint
#
# Phase 2: Merge media into a single dataset (do this last)
# Strategy: Rename the jellyfin dataset to become the shared media dataset
# (zero copy, instant), then copy qbittorrent data into it (~6.5T copy).
# This avoids duplicating the 32T jellyfin dataset.
#
# Step 2a: Rename jellyfin dataset to the shared media name
# zfs rename rpool/persist/system/jellyfin rpool/persist/replicate/system/media
#
# Step 2b: Copy qbittorrent data into the media dataset
# This copies ~6.5T and may take several hours/days depending on disk speed.
# The qbittorrent data is not critical to back up so no snapshot needed.
#
# systemctl stop qbittorrent
# rsync -avPHAX /persist/system/qbittorrent/ /persist/replicate/system/media/
#
# Step 2c: Verify the data and clean up
# ls -la /persist/replicate/system/media/
# zfs destroy rpool/persist/system/qbittorrent
# # persist/system should now be empty, clean it up:
# zfs destroy rpool/persist/system
#
# Phase 3: Enable generateBase
# In the nix config:
# - Delete this file (legacy-storage.nix) and remove its import from default.nix
# - Remove [PHASE 3] entries from legacy-impermanence.nix:
# - var-lib-private-permissions activation script
# - /etc/machine-id, SSH host keys (files block)
# - /var/lib/nixos, /var/lib/systemd/coredump (directories)
# - /persist/system/var/log persistence block
# These are now handled automatically by storage.nix and ssh.nix.
# Rebuild and verify:
# sudo nixos-rebuild switch --flake .#defiant
# # Verify mounts: findmnt -t fuse.bindfs,fuse
# # Verify persist: ls /persist/replicate/system/root/var/lib/nixos
# # Verify boot: reboot and confirm system comes up cleanly
#
# Phase 4: Migrate services (one at a time, any order)
# For each service (except jellyfin/qbittorrent):
# 1. Remove the service's [PHASE 4] section from legacy-impermanence.nix
# 2. Remove `impermanence.enable = false` for that service in configuration.nix
# 3. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 4. Verify: systemctl status <service>, check the service's data is intact
# No data migration is needed -- the data already lives on the renamed
# dataset at the new path.
#
# Migrate jellyfin and qbittorrent LAST (after Phase 2 media merge):
# 1. Remove [PHASE 4 - LAST] jellyfin entries from legacy-impermanence.nix
# 2. Remove [PHASE 4 - LAST] qbittorrent entries from legacy-impermanence.nix
# 3. Remove `impermanence.enable = false` for both in configuration.nix
# 4. Rebuild: sudo nixos-rebuild switch --flake .#defiant
# 5. Verify: systemctl status jellyfin qbittorrent
#
# Phase 5: Cleanup
# Once all services are migrated and legacy-impermanence.nix is empty:
# - Delete legacy-impermanence.nix and remove its import from default.nix
# - Rebuild: sudo nixos-rebuild switch --flake .#defiant
#
# ============================================================================
#
# Current on-disk dataset layout:
# rpool/local/ - ephemeral parent
# rpool/local/home/leyla - ephemeral user home (rolled back on boot)
# rpool/local/system/nix - nix store
# rpool/local/system/root - root filesystem (rolled back on boot)
# rpool/local/system/sops - sops age key
# rpool/persist/ - persistent parent
# rpool/persist/home/leyla - persistent user home
# rpool/persist/system/jellyfin - jellyfin media
# rpool/persist/system/qbittorrent - qbittorrent media
# rpool/persist/system/root - persistent root data
# rpool/persist/system/var/log - log persistence
{lib, ...}: {
# Disable automatic base dataset generation so we can define them manually
storage.generateBase = false;
# Manually define ZFS datasets matching main's structure
storage.zfs.datasets = {
# Ephemeral datasets (local/)
@ -47,7 +158,7 @@
};
"local/system/sops" = {
type = "zfs_fs";
mount = "/persist/sops";
mount = "/var/lib/sops-nix";
};
# Persistent datasets (persist/)
@ -87,9 +198,10 @@
};
};
# Boot commands to rollback ephemeral root on boot
# Boot commands to rollback ephemeral root and user homes on boot
boot.initrd.postResumeCommands = lib.mkAfter ''
zfs rollback -r rpool/local/system/root@blank
zfs rollback -r rpool/local/home/leyla@blank
'';
# FileSystems needed for boot
@ -99,5 +211,8 @@
"/persist/system/var/log".neededForBoot = true;
"/persist/system/jellyfin".neededForBoot = true;
"/persist/system/qbittorrent".neededForBoot = true;
"/var/lib/sops-nix".neededForBoot = true;
"/persist/home/leyla".neededForBoot = true;
"/home/leyla".neededForBoot = true;
};
}