jan-leila/nix-config
1
0
Fork 1
Code Issues Pull requests 1 Projects Releases Packages Wiki Activity Actions

storage-refactor #9

Open
jan-leila wants to merge 40 commits from storage-refactor into main
pull from: storage-refactor
merge into: jan-leila:main
Conversation 0 Commits 40 Files changed 118 +73 -51
3 changed files with 73 additions and 51 deletions
Download patch file Download diff file Expand all files Collapse all files
Showing only changes of commit f8edad75bf - Show all commits

14
modules/nixos-modules/storage/storage.nix
View file

@ -10,6 +10,16 @@
lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
storage.zfs.datasets = {
"persist" = {
type = "zfs_fs";
};
"persist/local" = {
type = "zfs_fs";
};
"persist/replicate" = {
type = "zfs_fs";
};
"persist/local/nix" = {
type = "zfs_fs";
mount = {
@ -22,6 +32,7 @@
atime = "off";
relatime = "off";
};
"persist/replicate/system/var/log" = {
type = "zfs_fs";
mount = {
@ -54,6 +65,9 @@
'';
storage.zfs.datasets = {
"ephemeral" = {
type = "zfs_fs";
};
"ephemeral/system/root" = {
type = "zfs_fs";
mount = {

6
modules/nixos-modules/storage/submodules/dataset.nix
View file

@ -73,11 +73,7 @@
snapshot = {
# This option should set this option flag
# "com.sun:auto-snapshot" = "false";
autoSnapshot = lib.mkOption {
type = lib.types.bool;
default = false;
description = "Enable automatic snapshots for this dataset";
};
autoSnapshot = lib.mkEnableOption "Enable automatic snapshots for this dataset";
# Creates a blank snapshot in the post create hook for rollback purposes
blankSnapshot = lib.mkEnableOption "Should a blank snapshot be auto created in the post create hook";
};

104
modules/nixos-modules/users.nix
View file

@ -399,53 +399,65 @@ in {
};
};
}
(lib.mkIf config.storage.impermanence.enable (lib.mkMerge [
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# sops age key needs to be available to pre persist for user generation
storage.zfs.datasets = lib.mkMerge [
{
"persist/local/system/sops" = {
type = "zfs_fs";
mount = {
enable = true;
mountPoint = SOPS_AGE_KEY_DIRECTORY;
};
atime = "off";
relatime = "off";
};
}
(lib.mkMerge (
builtins.map (user: {
"ephemeral/home/${user.name}" = {
type = "zfs_fs";
mount = {
enable = true;
mountPoint = "/home/${user.name}";
};
snapshot.blankSnapshot = true;
};
})
normalUsers
))
];
# Post resume commands to rollback user home datasets to blank snapshots
boot.initrd.postResumeCommands = lib.mkAfter (
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
normalUsers)
);
# Create persist home directories with proper permissions
systemd = {
tmpfiles.rules =
builtins.map (
user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
)
normalUsers;
(lib.mkIf config.storage.zfs.enable (lib.mkMerge [
{
# sops age key needs to be available to pre persist for user generation
storage.zfs.datasets."persist/local/system/sops" = {
type = "zfs_fs";
mount = {
enable = true;
mountPoint = SOPS_AGE_KEY_DIRECTORY;
};
}
]))
atime = "off";
relatime = "off";
};
}
(lib.mkIf (!config.storage.impermanence.enable) {
storage.zfs.datasets = lib.mkMerge (
builtins.map (user: {
"persist/replicate/home/${user.name}" = {
type = "zfs_fs";
mount = {
enable = true;
mountPoint = "/home/${user.name}";
};
snapshot.autoSnapshot = true;
};
})
normalUsers
);
})
(lib.mkIf config.storage.impermanence.enable {
storage.zfs.datasets = lib.mkMerge (
builtins.map (user: {
"ephemeral/home/${user.name}" = {
type = "zfs_fs";
mount = {
enable = true;
mountPoint = "/home/${user.name}";
};
snapshot.blankSnapshot = true;
};
})
normalUsers
);
# Post resume commands to rollback user home datasets to blank snapshots
boot.initrd.postResumeCommands = lib.mkAfter (
lib.strings.concatLines (builtins.map (user: "zfs rollback -r rpool/ephemeral/home/${user.name}@blank")
normalUsers)
);
# TODO: I don't think we need this anymore but I have not tested it
# Create persist home directories with proper permissions
# systemd = {
# tmpfiles.rules =
# builtins.map (
# user: "d /persist/replicate/home/${user.name} 700 ${user.name} ${user.name} -"
# )
# normalUsers;
# };
})
]))
];
}