jan-leila/nix-config
1
0
Fork 0
Code Issues Pull requests Actions Packages Projects Releases Wiki Activity

drafted out impermanence for defiant

Browse source
This commit is contained in:
Leyla Becker 2024-11-11 17:17:50 -06:00
parent 818110419e
commit 22f6a37ea8
5 changed files with 182 additions and 46 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
README.md
View file

@ -60,4 +60,4 @@ to update passwords run: `nix shell nixpkgs#sops -c sops secrets/user-passwords.
- mastodon server
- tail scale clients
- wake on LAN
- ISO target that contains authorized keys for nixos-anywhere
- ISO target that contains authorized keys for nixos-anywhere https://github.com/diegofariasm/yggdrasil/blob/4acc43ebc7bcbf2e41376d14268e382007e94d78/hosts/bootstrap/default.nix

16
flake.lock
View file

@ -74,6 +74,21 @@
"type": "github"
}
},
"impermanence": {
"locked": {
"lastModified": 1730403150,
"narHash": "sha256-W1FH5aJ/GpRCOA7DXT/sJHFpa5r8sq2qAUncWwRZ3Gg=",
"owner": "nix-community",
"repo": "impermanence",
"rev": "0d09341beeaa2367bac5d718df1404bf2ce45e6f",
"type": "github"
},
"original": {
"owner": "nix-community",
"repo": "impermanence",
"type": "github"
}
},
"nix-vscode-extensions": {
"inputs": {
"flake-compat": "flake-compat",
@ -146,6 +161,7 @@
"inputs": {
"disko": "disko",
"home-manager": "home-manager",
"impermanence": "impermanence",
"nix-vscode-extensions": "nix-vscode-extensions",
"nixos-hardware": "nixos-hardware",
"nixpkgs": "nixpkgs",

6
flake.nix
View file

@ -23,6 +23,10 @@
inputs.nixpkgs.follows = "nixpkgs";
};
impermanence = {
url = "github:nix-community/impermanence";
};
# users home directories
home-manager = {
url = "github:nix-community/home-manager";
@ -49,6 +53,7 @@
outputs = {
nixpkgs,
disko,
impermanence,
nixos-hardware,
home-manager,
...
@ -102,6 +107,7 @@
specialArgs = {inherit inputs lib;};
modules = [
./overlays
impermanence.nixosModules.impermanence
disko.nixosModules.disko
home-manager.nixosModules.home-manager
home-manager-config

91
hosts/defiant/disko-config.nix
View file

@ -1,10 +1,9 @@
{lib, ...}: let
{...}: let
bootDisk = devicePath: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
boot = {
size = "1M";
@ -32,37 +31,37 @@
size = "100%";
content = {
type = "zfs";
pool = "zroot";
};
};
};
};
};
cacheDisk = devicePath: swapSize: {
type = "disk";
device = devicePath;
content = {
type = "gpt";
partitions = {
encryptedSwap = {
size = swapSize;
content = {
type = "swap";
randomEncryption = true;
discardPolicy = "both";
resumeDevice = true;
};
};
zfs = {
size = "100%";
content = {
type = "zfs";
pool = "zroot";
pool = "rpool";
};
};
};
};
};
# cacheDisk = devicePath: swapSize: {
# type = "disk";
# device = devicePath;
# content = {
# type = "gpt";
# partitions = {
# encryptedSwap = {
# size = swapSize;
# content = {
# type = "swap";
# randomEncryption = true;
# discardPolicy = "both";
# resumeDevice = true;
# };
# };
# zfs = {
# size = "100%";
# content = {
# type = "zfs";
# pool = "rpool";
# };
# };
# };
# };
# };
in {
disko.devices = {
disk = {
@ -75,7 +74,7 @@ in {
# ssd_2_tb_a = cacheDisk "64G" "/dev/disk/by-id/XXX";
};
zpool = {
zroot = {
rpool = {
type = "zpool";
mode = {
topology = {
@ -92,7 +91,7 @@ in {
}
];
cache = [];
# cache = [ "ssd_2_tb_a" ];
# cache = [ "ssd_2_tb_a" ];z
};
};
@ -101,34 +100,40 @@ in {
};
rootFsOptions = {
encryption = "on";
keyformat = "hex";
keylocation = "prompt";
# encryption = "on";
# keyformat = "hex";
# keylocation = "prompt";
compression = "lz4";
xattr = "sa";
acltype = "posixacl";
canmount = "off";
"com.sun:auto-snapshot" = "false";
};
mountpoint = "/";
postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank";
datasets = {
"nix" = {
root = {
type = "zfs_fs";
mountpoint = "/";
options.mountpoint = "legacy";
postCreateHook = "zfs snapshot rpool/root@blank";
};
home = {
type = "zfs_fs";
options.mountpoint = "legacy";
mountpoint = "/home";
postCreateHook = "zfs snapshot rpool/home@blank";
};
nix = {
type = "zfs_fs";
mountpoint = "/nix";
};
"home" = {
persistent = {
type = "zfs_fs";
mountpoint = "/mnt/home";
mountpoint = "/persistent";
options = {
"com.sun:auto-snapshot" = "true";
};
};
"var" = {
type = "zfs_fs";
mountpoint = "/var";
};
};
};
};

113
hosts/defiant/hardware-configuration.nix
View file

@ -2,9 +2,9 @@
# and may be overwritten by future invocations. Please make changes
# to /etc/nixos/configuration.nix instead.
{
pkgs,
config,
lib,
pkgs,
modulesPath,
...
}: {
@ -13,27 +13,136 @@
../hardware-common.nix
];
security.sudo.extraConfig = "Defaults lecture=never";
boot = {
initrd = {
availableKernelModules = ["xhci_pci" "aacraid" "ahci" "usbhid" "usb_storage" "sd_mod"];
kernelModules = [];
# TODO: figure out some kind of snapshotting before rolebacks
# postDeviceCommands = lib.mkAfter ''
# zfs rollback -r rpool/root@blank
# zfs rollback -r rpool/home@blank
# '';
systemd = {
enable = lib.mkDefault true;
services.rollback = {
description = "Rollback root filesystem to a pristine state on boot";
wantedBy = [
"zfs.target"
"initrd.target"
];
after = [
"zfs-import-rpool.service"
];
before = [
"sysroot.mount"
"fs.target"
];
path = with pkgs; [
zfs
];
unitConfig.DefaultDependencies = "no";
# serviceConfig = {
# Type = "oneshot";
# ExecStart =
# "${config.boot.zfs.package}/sbin/zfs rollback -r rpool/home@blank";
# };
serviceConfig.Type = "oneshot";
script = ''
zfs list -t snapshot || echo
zfs rollback -r rpool/root@blank
zfs rollback -r rpool/home@blank
'';
};
};
};
kernelModules = ["kvm-amd"];
kernelParams = ["quiet"];
extraModulePackages = [];
supportedFilesystems = ["zfs"];
zfs.extraPools = ["zroot"];
zfs.extraPools = ["rpool"];
};
swapDevices = [];
fileSystems = {
"/" = {
neededForBoot = true;
};
"/home" = {
neededForBoot = true;
};
"/persistent" = {
neededForBoot = true;
};
};
networking = {
hostId = "c51763d6";
hostName = "defiant"; # Define your hostname.
useNetworkd = true;
};
environment.persistence."/persistent" = {
enable = true;
hideMounts = true;
directories = [
# "/run/secrets"
"/etc/ssh"
"/var/log"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
# config.apps.pihole.directory.root
# config.apps.jellyfin.mediaDirectory
# config.services.jellyfin.configDir
# config.services.jellyfin.cacheDir
# config.services.jellyfin.dataDir
# "/var/hass" # config.users.users.hass.home
# "/var/postgresql" # config.users.users.postgresql.home
# "/var/forgejo" # config.users.users.forgejo.home
# "/var/nextcloud" # config.users.users.nextcloud.home
# "/var/headscale" # config.users.users.headscale.home
];
files = [
"/etc/machine-id"
# config.environment.sessionVariables.SOPS_AGE_KEY_FILE
];
users.leyla = {
directories = [
"documents"
".ssh"
];
files = [];
};
};
# systemd.services = {
# # https://github.com/openzfs/zfs/issues/10891
# systemd-udev-settle.enable = false;
# # Snapshots are not accessable on boot for some reason this should fix it
# # https://github.com/NixOS/nixpkgs/issues/257505
# zfs-mount = {
# serviceConfig = {
# # ExecStart = [ "${lib.getExe' pkgs.util-linux "mount"} -a -t zfs -o remount" ];
# ExecStart = [
# "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/root -o remount"
# "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/home -o remount"
# "${lib.getExe' pkgs.util-linux "mount"} -t zfs rpool/persistent -o remount"
# ];
# };
# };
# };
systemd.network = {
enable = true;