ppetru/alo-cluster
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Put impermanence behind an option to make kopia work.

Browse Source
This commit is contained in:
Petru
2024-09-25 10:33:27 +01:00
parent 92a59e004a
commit c565aba76c
2 changed files with 74 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
common/container-node.nix
View File

@@ -1,9 +1,11 @@
{ lib, ... }: { lib, ... }:
{ {
imports = [ imports = [
./impermanence.nix # TODO: find a way to avoid needing this here
]; ];
boot.isContainer = true; boot.isContainer = true;
custom.impermanence.enable = false;
custom.tailscale.enable = false; custom.tailscale.enable = false;
networking.useDHCP = lib.mkForce false; networking.useDHCP = lib.mkForce false;
} }

131
common/impermanence.nix
View File

@@ -1,71 +1,84 @@
{ pkgs, inputs, ... }: { pkgs, inputs, lib, config, ... }:
let
cfg = config.custom.impermanence;
in
{ {
environment.persistence = { options.custom.impermanence = {
"/persist" = { enable = lib.mkOption {
directories = [ "/var/lib/nixos" ]; type = lib.types.bool;
files = [ default = true;
"/etc/machine-id" description = "Enable impermanent root fs";
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
}; };
}; };
fileSystems."/".options = [ config = lib.mkIf cfg.enable {
"compress=zstd" environment.persistence = {
"noatime" "/persist" = {
]; directories = [ "/var/lib/nixos" ];
fileSystems."/nix".options = [ files = [
"compress=zstd" "/etc/machine-id"
"noatime" "/etc/ssh/ssh_host_ed25519_key"
]; "/etc/ssh/ssh_host_ed25519_key.pub"
fileSystems."/persist".options = [ "/etc/ssh/ssh_host_rsa_key"
"compress=zstd" "/etc/ssh/ssh_host_rsa_key.pub"
"noatime" ];
]; };
fileSystems."/persist".neededForBoot = true; };
fileSystems."/var/log".options = [
"compress=zstd"
"noatime"
];
fileSystems."/var/log".neededForBoot = true;
users.mutableUsers = false; fileSystems."/".options = [
"compress=zstd"
"noatime"
];
fileSystems."/nix".options = [
"compress=zstd"
"noatime"
];
fileSystems."/persist".options = [
"compress=zstd"
"noatime"
];
fileSystems."/persist".neededForBoot = true;
fileSystems."/var/log".options = [
"compress=zstd"
"noatime"
];
fileSystems."/var/log".neededForBoot = true;
# rollback results in sudo lectures after each reboot users.mutableUsers = false;
security.sudo.extraConfig = ''
Defaults lecture = never
'';
# needed for allowOther in the home-manager impermanence config # rollback results in sudo lectures after each reboot
programs.fuse.userAllowOther = true; security.sudo.extraConfig = ''
Defaults lecture = never
'';
# reset / at each boot # needed for allowOther in the home-manager impermanence config
# Note `lib.mkBefore` is used instead of `lib.mkAfter` here. programs.fuse.userAllowOther = true;
boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
mkdir /mnt
mount /dev/mapper/luksroot /mnt
if [[ -e /mnt/root ]]; then
mkdir -p /mnt/old_roots
timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /mnt/root "/mnt/old_roots/$timestamp"
fi
delete_subvolume_recursively() { # reset / at each boot
IFS=$'\n' # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
delete_subvolume_recursively "/mnt/$i" mkdir /mnt
done mount /dev/mapper/luksroot /mnt
btrfs subvolume delete "$1" if [[ -e /mnt/root ]]; then
} mkdir -p /mnt/old_roots
timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
mv /mnt/root "/mnt/old_roots/$timestamp"
fi
for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do delete_subvolume_recursively() {
delete_subvolume_recursively "$i" IFS=$'\n'
done for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/mnt/$i"
done
btrfs subvolume delete "$1"
}
btrfs subvolume create /mnt/root for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do
umount /mnt delete_subvolume_recursively "$i"
''; done
btrfs subvolume create /mnt/root
umount /mnt
'';
};
} }