init

2025-01-01 20:56:11 -05:00 · 2025-01-01 20:56:11 -05:00 · fb51ba8285
commit fb51ba8285
parent c4d9468173
4 changed files with 40 additions and 1 deletions
--- a/flake.lock
+++ b/flake.lock
@ -139,6 +139,21 @@
        "type": "github"
      }
    },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1734945620,
+        "narHash": "sha256-olIfsfJK4/GFmPH8mXMmBDAkzVQ1TWJmeGT3wBGfQPY=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "d000479f4f41390ff7cf9204979660ad5dd16176",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
    "lanzaboote": {
      "inputs": {
        "crane": "crane",
@ -293,6 +308,7 @@
      "inputs": {
        "disko": "disko",
        "home-manager": "home-manager",
+        "impermanence": "impermanence",
        "lanzaboote": "lanzaboote",
        "nixpkgs": "nixpkgs",
        "nixpkgs-borg": "nixpkgs-borg",
--- a/flake.nix
+++ b/flake.nix
@ -21,6 +21,7 @@
      url = "github:nix-community/lanzaboote/v0.4.1";
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    impermanence.url = "github:nix-community/impermanence";

    nixpkgs-borg.url = "github:cything/nixpkgs/borg"; # unmerged PR
    nixpkgs-btrbk.url = "github:cything/nixpkgs/btrbk"; # unmerged PR
@ -123,6 +124,7 @@
              ./hosts/chunk
              inputs.sops-nix.nixosModules.sops
              ./modules
+              inputs.impermanence.nixosModules.impermanence
            ];
          };

--- a/hosts/chunk/hardware-configuration.nix
+++ b/hosts/chunk/hardware-configuration.nix
@ -22,9 +22,10 @@
  boot.kernelModules = [ "kvm-intel" ];
  boot.extraModulePackages = [ ];

-  fileSystems."/" = {
+  fileSystems."/persistent" = {
    device = "/dev/disk/by-uuid/6fff5dd4-8d7a-43fa-85be-eec74ef2089e";
    fsType = "ext4";
+    neededForBoot = true;
  };

  swapDevices = [ ];
--- a/hosts/chunk/impermanence.nix
+++ b/hosts/chunk/impermanence.nix
@ -0,0 +1,20 @@
+{...}: {
+  environment.persistence."/persistent" = {
+    enable = true;
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/opt"
+      "/var/lib"
+
+      "/root/.config/borg" # nonce
+      # used a hack to disable cache
+      # see https://borgbackup.readthedocs.io/en/stable/faq.html#the-borg-cache-eats-way-too-much-disk-space-what-can-i-do
+      "/root/.cache/borg"
+      "/root/.config/sops"
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+  };
+}