Put impermanence behind an option to make kopia work.

WIP: container config for kopia.
Fix tailscale option.
2024-09-25 10:33:27 +01:00 · 2024-09-25 10:26:44 +01:00 · 2024-09-25 10:13:13 +01:00 · 2024-09-25 10:01:55 +01:00 · 2024-09-25 09:48:15 +01:00
8 changed files with 124 additions and 153 deletions
--- a/common/container-node.nix
+++ b/common/container-node.nix
@@ -0,0 +1,11 @@
+{ lib, ... }:
+{
+  imports = [
+    ./impermanence.nix  # TODO: find a way to avoid needing this here
+  ];
+
+  boot.isContainer = true;
+  custom.impermanence.enable = false;
+  custom.tailscale.enable = false;
+  networking.useDHCP = lib.mkForce false;
+}
--- a/common/global/tailscale.nix
+++ b/common/global/tailscale.nix
@@ -7,9 +7,10 @@ in
  imports = [ ./tailscale_lib.nix ];

  options.custom.tailscale = {
-    enable = mkEnableOption {
-      description = "Enable Tailscale";
+    enable = mkOption {
+      type = lib.types.bool;
      default = true;
+      description = "Whether to enable Tailscale";
    };
  };

--- a/common/impermanence.nix
+++ b/common/impermanence.nix
@@ -1,71 +1,84 @@
-{ pkgs, inputs, ... }:
+{ pkgs, inputs, lib, config, ... }:
+let
+  cfg = config.custom.impermanence;
+in
 {
-  environment.persistence = {
-    "/persist" = {
-      directories = [ "/var/lib/nixos" ];
-      files = [
-        "/etc/machine-id"
-        "/etc/ssh/ssh_host_ed25519_key"
-        "/etc/ssh/ssh_host_ed25519_key.pub"
-        "/etc/ssh/ssh_host_rsa_key"
-        "/etc/ssh/ssh_host_rsa_key.pub"
-      ];
+  options.custom.impermanence = {
+    enable = lib.mkOption {
+      type = lib.types.bool;
+      default = true;
+      description = "Enable impermanent root fs";
    };
  };

-  fileSystems."/".options = [
-    "compress=zstd"
-    "noatime"
-  ];
-  fileSystems."/nix".options = [
-    "compress=zstd"
-    "noatime"
-  ];
-  fileSystems."/persist".options = [
-    "compress=zstd"
-    "noatime"
-  ];
-  fileSystems."/persist".neededForBoot = true;
-  fileSystems."/var/log".options = [
-    "compress=zstd"
-    "noatime"
-  ];
-  fileSystems."/var/log".neededForBoot = true;
+  config = lib.mkIf cfg.enable {
+    environment.persistence = {
+      "/persist" = {
+        directories = [ "/var/lib/nixos" ];
+        files = [
+          "/etc/machine-id"
+          "/etc/ssh/ssh_host_ed25519_key"
+          "/etc/ssh/ssh_host_ed25519_key.pub"
+          "/etc/ssh/ssh_host_rsa_key"
+          "/etc/ssh/ssh_host_rsa_key.pub"
+        ];
+      };
+    };

-  users.mutableUsers = false;
+    fileSystems."/".options = [
+      "compress=zstd"
+      "noatime"
+    ];
+    fileSystems."/nix".options = [
+      "compress=zstd"
+      "noatime"
+    ];
+    fileSystems."/persist".options = [
+      "compress=zstd"
+      "noatime"
+    ];
+    fileSystems."/persist".neededForBoot = true;
+    fileSystems."/var/log".options = [
+      "compress=zstd"
+      "noatime"
+    ];
+    fileSystems."/var/log".neededForBoot = true;

-  # rollback results in sudo lectures after each reboot
-  security.sudo.extraConfig = ''
-    Defaults lecture = never
-  '';
+    users.mutableUsers = false;

-  # needed for allowOther in the home-manager impermanence config
-  programs.fuse.userAllowOther = true;
+    # rollback results in sudo lectures after each reboot
+    security.sudo.extraConfig = ''
+      Defaults lecture = never
+    '';

-  # reset / at each boot
-  # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
-  boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
-    mkdir /mnt
-    mount /dev/mapper/luksroot /mnt
-    if [[ -e /mnt/root ]]; then
-        mkdir -p /mnt/old_roots
-        timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
-        mv /mnt/root "/mnt/old_roots/$timestamp"
-    fi
+    # needed for allowOther in the home-manager impermanence config
+    programs.fuse.userAllowOther = true;

-    delete_subvolume_recursively() {
-        IFS=$'\n'
-        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-            delete_subvolume_recursively "/mnt/$i"
-        done
-        btrfs subvolume delete "$1"
-    }
+    # reset / at each boot
+    # Note `lib.mkBefore` is used instead of `lib.mkAfter` here.
+    boot.initrd.postDeviceCommands = pkgs.lib.mkBefore ''
+      mkdir /mnt
+      mount /dev/mapper/luksroot /mnt
+      if [[ -e /mnt/root ]]; then
+          mkdir -p /mnt/old_roots
+          timestamp=$(date --date="@$(stat -c %Y /mnt/root)" "+%Y-%m-%-d_%H:%M:%S")
+          mv /mnt/root "/mnt/old_roots/$timestamp"
+      fi

-    for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do
-        delete_subvolume_recursively "$i"
-    done
+      delete_subvolume_recursively() {
+          IFS=$'\n'
+          for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+              delete_subvolume_recursively "/mnt/$i"
+          done
+          btrfs subvolume delete "$1"
+      }

-    btrfs subvolume create /mnt/root
-    umount /mnt
-  '';
+      for i in $(find /mnt/old_roots/ -maxdepth 1 -mtime +30); do
+          delete_subvolume_recursively "$i"
+      done
+
+      btrfs subvolume create /mnt/root
+      umount /mnt
+    '';
+  };
 }
--- a/common/lxc-node.nix
+++ b/common/lxc-node.nix
@@ -1,7 +0,0 @@
-{
-  imports = [
-  ];
-
-  custom.tailscale.enable = false;
-  proxmoxLXC.manageNetwork = true;
-}
--- a/flake.lock
+++ b/flake.lock
@@ -261,42 +261,6 @@
        "type": "github"
      }
    },
-    "nixlib": {
-      "locked": {
-        "lastModified": 1726966855,
-        "narHash": "sha256-25ByioeOBFcnitO5lM/Mufnv/u7YtHEHEM8QFuiS40k=",
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "rev": "575704ff85d3a41dc5bfef7b55380cbc7b87f3c2",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixpkgs.lib",
-        "type": "github"
-      }
-    },
-    "nixos-generators": {
-      "inputs": {
-        "nixlib": "nixlib",
-        "nixpkgs": [
-          "nixpkgs"
-        ]
-      },
-      "locked": {
-        "lastModified": 1727053438,
-        "narHash": "sha256-t/+z1Tf7hSaStU1pBYkY7i0/GkG+YIPSmfeRrK8eYUw=",
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "rev": "e8c1cd886cc17e31e424f915efd32e84d8af0ce9",
-        "type": "github"
-      },
-      "original": {
-        "owner": "nix-community",
-        "repo": "nixos-generators",
-        "type": "github"
-      }
-    },
    "nixpkgs": {
      "locked": {
        "lastModified": 1726320982,
@@ -388,7 +352,6 @@
        "home-manager": "home-manager",
        "impermanence": "impermanence",
        "nix-index-database": "nix-index-database",
-        "nixos-generators": "nixos-generators",
        "nixpkgs": "nixpkgs",
        "nixpkgs-unstable": "nixpkgs-unstable",
        "nixvim": "nixvim",
--- a/flake.nix
+++ b/flake.nix
@@ -17,10 +17,6 @@
      url = "github:nix-community/nix-index-database";
      inputs.nixpkgs.follows = "nixpkgs";
    };
-    nixos-generators = {
-      url = "github:nix-community/nixos-generators";
-      inputs.nixpkgs.follows = "nixpkgs";
-    };
    nixvim = {
      url = "github:nix-community/nixvim";
      inputs.nixpkgs.follows = "nixpkgs-unstable";
@@ -42,7 +38,6 @@
      disko,
      home-manager,
      sops-nix,
-      nixos-generators,
      impermanence,
      ...
    }@inputs:
@@ -66,27 +61,31 @@
            disko.nixosModules.disko
            sops-nix.nixosModules.sops
            impermanence.nixosModules.impermanence
-            home-manager.nixosModules.home-manager
-            {
-              home-manager = {
-                useGlobalPkgs = true;
-                useUserPackages = true;
-                users.ppetru = {
-                  imports = [
-                    (inputs.impermanence + "/home-manager.nix")
-                    inputs.nix-index-database.hmModules.nix-index
-                    inputs.nixvim.homeManagerModules.nixvim
-                    ./home
-                  ];
-                };
-              };
-            }
          ] ++ modules;
          specialArgs = {
            inherit inputs self;
          };
        };

+      mkHMNixos =
+        system: modules:
+        mkNixos system ([
+          home-manager.nixosModules.home-manager
+          {
+            home-manager = {
+              useGlobalPkgs = true;
+              useUserPackages = true;
+              users.ppetru = {
+                imports = [
+                  (inputs.impermanence + "/home-manager.nix")
+                  inputs.nix-index-database.hmModules.nix-index
+                  inputs.nixvim.homeManagerModules.nixvim
+                  ./home
+                ];
+              };
+            };
+          }] ++ modules);
+
      pkgsFor =
        system:
        import nixpkgs {
@@ -112,12 +111,13 @@
    in
    {
      nixosConfigurations = {
-        c1 = mkNixos "x86_64-linux" [ ./hosts/c1 ];
-        c2 = mkNixos "x86_64-linux" [ ./hosts/c2 ];
-        c3 = mkNixos "x86_64-linux" [ ./hosts/c3 ];
-        alo-cloud-1 = mkNixos "aarch64-linux" [ ./hosts/alo-cloud-1 ];
-        zippy = mkNixos "x86_64-linux" [ ./hosts/zippy ];
-        chilly = mkNixos "x86_64-linux" [ ./hosts/chilly ];
+        c1 = mkHMNixos "x86_64-linux" [ ./hosts/c1 ];
+        c2 = mkHMNixos "x86_64-linux" [ ./hosts/c2 ];
+        c3 = mkHMNixos "x86_64-linux" [ ./hosts/c3 ];
+        alo-cloud-1 = mkHMNixos "aarch64-linux" [ ./hosts/alo-cloud-1 ];
+        zippy = mkHMNixos "x86_64-linux" [ ./hosts/zippy ];
+        chilly = mkHMNixos "x86_64-linux" [ ./hosts/chilly ];
+        kopia = mkNixos "x86_64-linux" [ ./hosts/kopia ];
      };

      deploy = {
@@ -173,21 +173,6 @@
        };
      };

-      packages.x86_64-linux = {
-        kopia-lxc = nixos-generators.nixosGenerate {
-          system = "x86_64-linux";
-          format = "proxmox-lxc";
-          modules = [
-            sops-nix.nixosModules.sops
-            impermanence.nixosModules.impermanence
-            ./hosts/kopia-lxc
-          ];
-          specialArgs = {
-            inherit inputs self;
-          };
-        };
-      };
-
      checks = builtins.mapAttrs (system: deployLib: deployLib.deployChecks self.deploy) deploy-rs.lib;

      formatter.x86_64-linux = nixpkgs.legacyPackages.x86_64-linux.nixfmt-rfc-style;
--- a/hosts/kopia-lxc/default.nix
+++ b/hosts/kopia-lxc/default.nix
@@ -1,7 +0,0 @@
-{
-  imports = [
-    ../../common/global
-    ../../common/lxc-node.nix
-  ];
-  networking.hostName = "kopia";
-}
--- a/hosts/kopia/default.nix
+++ b/hosts/kopia/default.nix
@@ -0,0 +1,12 @@
+{ pkgs, ... }:
+{
+  imports = [
+    ../../common/global
+    ../../common/container-node.nix
+  ];
+  networking.hostName = "kopia";
+
+  environment.systemPackages = with pkgs; [
+    kopia
+  ];
+}
Author	SHA1	Message	Date
Petru Paler	c565aba76c	Put impermanence behind an option to make kopia work.	2024-09-25 10:33:27 +01:00
Petru Paler	92a59e004a	WIP: container config for kopia.	2024-09-25 10:26:44 +01:00
Petru Paler	e460d69ebb	Fix tailscale option.	2024-09-25 10:13:13 +01:00
Petru Paler	cdc8f49013	Make it possible to have nixos configs without home manager.	2024-09-25 10:01:55 +01:00
Petru Paler	6d78075aa5	WIP: remove nixos-generators, aim for nspawn now.	2024-09-25 09:48:15 +01:00