Setup impermanence + use ZFS

pdalpra · Feb 23, 2024 · f9048e0 · f9048e0
1 parent 886496f
commit f9048e0
Show file tree

Hide file tree

Showing 8 changed files with 129 additions and 19 deletions.
diff --git a/flake.lock b/flake.lock
diff --git a/flake.nix b/flake.nix
@@ -21,6 +21,7 @@
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    impermanence.url = "github:nix-community/impermanence";
 
     # Flake libraries
     flake-utils.url = "github:numtide/flake-utils";
@@ -38,6 +39,7 @@
     , agenix
     , home-manager
     , disko
+    , impermanence
     , flake-utils
     , ...
     }:
@@ -61,7 +63,7 @@
     nixpkgs.lib.recursiveUpdate perSystem {
       nixosConfigurations = {
         iso = mkISO { inherit nixpkgs system; };
-        vm = mkNixOS "vm" { inherit nixpkgs home-manager disko system revision; };
+        vm = mkNixOS "vm" { inherit nixpkgs home-manager disko impermanence system revision; };
       };
       homeConfigurations = {
         pdalpra = mkHM "pdalpra" { inherit nixpkgs nixpkgs-unstable nurpkgs home-manager system; };

diff --git a/lib/mk-nixos.nix b/lib/mk-nixos.nix
@@ -1,4 +1,4 @@
-name: { nixpkgs, home-manager, disko, system, revision }:
+name: { nixpkgs, home-manager, disko, impermanence, system, revision }:
 
 let
   specialArgs = {
@@ -12,13 +12,14 @@ let
   };
   machineRoot = ../system/machines + "/${name}";
   specificConfig = machineRoot + /configuration.nix;
-  diskoConfig = import (machineRoot + /disks.nix) { };
+  diskoConfig = machineRoot + /disks.nix;
 in
 nixpkgs.lib.nixosSystem {
   inherit system specialArgs;
 
   modules = [
     baseConfig
+    impermanence.nixosModules.impermanence
     disko.nixosModules.disko
     ./cachix.nix
     ../system/configuration.nix

diff --git a/system/configuration.nix b/system/configuration.nix
@@ -6,6 +6,14 @@ _:
     ./wm.nix
   ];
 
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      memtest86.enable = true;
+    };
+  };
+
   time.timeZone = "Europe/Paris";
   i18n.defaultLocale = "en_US.UTF-8";
 

diff --git a/system/impermanence.nix b/system/impermanence.nix
@@ -0,0 +1,31 @@
+_: {
+
+  environment = {
+
+    persistence = {
+      "/persistent/system" = {
+        hideMounts = true;
+        directories = [
+
+        ];
+        files = [
+          "/etc/machine-id"
+        ];
+      };
+
+      "/persistent/homes" = {
+        hideMounts = true;
+        users.pdalpra = {
+          directories = [
+            "Code"
+            "Documents"
+            "Downloads"
+            "Music"
+            "Pictures"
+            "Videos"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/system/machines/vm/configuration.nix b/system/machines/vm/configuration.nix
@@ -1,10 +1,12 @@
 {
+  imports = [
+    ../../impermanence.nix
+  ];
+
+  networking.hostId = "fcd4a364";
+
   boot = {
     initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ];
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
   };
 
   virtualisation.vmware.guest.enable = true;

diff --git a/system/machines/vm/disks.nix b/system/machines/vm/disks.nix
@@ -1,8 +1,40 @@
-{ disks ? [ "/dev/sda" ], ... }:
+{ config, lib, myUtils, ... }:
+
+with myUtils;
+
+
 let
-  mainDisk = builtins.elemAt disks 0;
+  mainDisk = "/dev/sda";
+  efiSize = "1G";
+  swapSize = "4G";
+  blankSnapshot = "main/root@blank";
+  persistentFolders = [
+    "/nix"
+    "/persistent/system"
+    "/persistent/homes"
+  ];
+  neededForBoot = mergeAll (map
+    (fs: {
+      fileSystems.${fs}.neededForBoot = true;
+    })
+    persistentFolders);
+  zfs_fs = mountpoint: {
+    inherit mountpoint;
+    type = "zfs_fs";
+    options.mountpoint = "legacy";
+  };
 in
-{
+neededForBoot // {
+  services.zfs.trim.enable = true;
+
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    initrd.postDeviceCommands = lib.mkAfter ''
+      zfs rollback -r ${blankSnapshot} && echo "Blank snapshot restored"
+    '';
+  };
+
   disko.devices = {
     disk.main = {
       device = mainDisk;
@@ -13,20 +45,23 @@ in
           ESP = {
             name = "ESP";
             type = "EF00";
-            size = "512M";
+            size = efiSize;
             content = {
               type = "filesystem";
               format = "vfat";
               mountpoint = "/boot";
             };
           };
-          root = {
-            name = "root";
-            end = "-2G";
+          luks = {
+            end = "-${swapSize}";
             content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
+              type = "luks";
+              name = "encrypted";
+              extraOpenArgs = [ "--allow-discards" ];
+              content = {
+                type = "zfs";
+                pool = "main";
+              };
             };
           };
           swap = {
@@ -39,5 +74,19 @@ in
         };
       };
     };
+    zpool.main = {
+      type = "zpool";
+      mode = ""; # unmirrored
+      options.ashift = "12";
+      rootFsOptions.canmount = "off";
+      datasets = {
+        root = zfs_fs "/" // {
+          postCreateHook = "zfs snapshot ${blankSnapshot}";
+        };
+        nix = zfs_fs "/nix";
+        persistedSystem = zfs_fs "/persistent/system";
+        persistedHomes = zfs_fs "/persistent/homes";
+      };
+    };
   };
 }
diff --git a/system/users.nix b/system/users.nix
@@ -1,13 +1,15 @@
 { pkgs, hmPkgs, ... }:
 
+let user = "pdalpra";
+in
 {
   users = {
     defaultUserShell = pkgs.bash;
     users = {
-      pdalpra = {
+      "${user}" = {
         isNormalUser = true;
         uid = 1000;
-        home = "/home/pdalpra";
+        home = "/home/${user}";
         createHome = true;
         shell = pkgs.zsh;
         packages = [ hmPkgs.home-manager ];