From f9048e0602d85d09cd4750a1bed7c37d2663b806 Mon Sep 17 00:00:00 2001
From: Pierre Dal-Pra <p.dalpra@stuart.com>
Date: Wed, 21 Feb 2024 23:28:01 +0100
Subject: [PATCH] Setup impermanence + use ZFS

---
 flake.lock                           | 15 ++++++
 flake.nix                            |  4 +-
 lib/mk-nixos.nix                     |  5 +-
 system/configuration.nix             |  8 ++++
 system/impermanence.nix              | 31 +++++++++++++
 system/machines/vm/configuration.nix | 10 ++--
 system/machines/vm/disks.nix         | 69 ++++++++++++++++++++++++----
 system/users.nix                     |  6 ++-
 8 files changed, 129 insertions(+), 19 deletions(-)
 create mode 100644 system/impermanence.nix

diff --git a/flake.lock b/flake.lock
index c019b89..ecc9ff0 100644
--- a/flake.lock
+++ b/flake.lock
@@ -207,6 +207,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1706639736,
+        "narHash": "sha256-CaG4j9+UwBDfinxxvJMo6yOonSmSo0ZgnbD7aj2Put0=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "cd13c2917eaa68e4c49fea0ff9cada45440d7045",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1706826059,
diff --git a/flake.nix b/flake.nix
index 710f208..830b4d7 100644
--- a/flake.nix
+++ b/flake.nix
@@ -21,6 +21,7 @@
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    impermanence.url = "github:nix-community/impermanence";
 
     # Flake libraries
     flake-utils.url = "github:numtide/flake-utils";
@@ -38,6 +39,7 @@
     , agenix
     , home-manager
     , disko
+    , impermanence
     , flake-utils
     , ...
     }:
@@ -61,7 +63,7 @@
     nixpkgs.lib.recursiveUpdate perSystem {
       nixosConfigurations = {
         iso = mkISO { inherit nixpkgs system; };
-        vm = mkNixOS "vm" { inherit nixpkgs home-manager disko system revision; };
+        vm = mkNixOS "vm" { inherit nixpkgs home-manager disko impermanence system revision; };
       };
       homeConfigurations = {
         pdalpra = mkHM "pdalpra" { inherit nixpkgs nixpkgs-unstable nurpkgs home-manager system; };
diff --git a/lib/mk-nixos.nix b/lib/mk-nixos.nix
index b72258f..422bdd6 100644
--- a/lib/mk-nixos.nix
+++ b/lib/mk-nixos.nix
@@ -1,4 +1,4 @@
-name: { nixpkgs, home-manager, disko, system, revision }:
+name: { nixpkgs, home-manager, disko, impermanence, system, revision }:
 
 let
   specialArgs = {
@@ -12,13 +12,14 @@ let
   };
   machineRoot = ../system/machines + "/${name}";
   specificConfig = machineRoot + /configuration.nix;
-  diskoConfig = import (machineRoot + /disks.nix) { };
+  diskoConfig = machineRoot + /disks.nix;
 in
 nixpkgs.lib.nixosSystem {
   inherit system specialArgs;
 
   modules = [
     baseConfig
+    impermanence.nixosModules.impermanence
     disko.nixosModules.disko
     ./cachix.nix
     ../system/configuration.nix
diff --git a/system/configuration.nix b/system/configuration.nix
index 7d6714c..12be5bd 100644
--- a/system/configuration.nix
+++ b/system/configuration.nix
@@ -6,6 +6,14 @@ _:
     ./wm.nix
   ];
 
+  boot.loader = {
+    efi.canTouchEfiVariables = true;
+    systemd-boot = {
+      enable = true;
+      memtest86.enable = true;
+    };
+  };
+
   time.timeZone = "Europe/Paris";
   i18n.defaultLocale = "en_US.UTF-8";
 
diff --git a/system/impermanence.nix b/system/impermanence.nix
new file mode 100644
index 0000000..8e9c45e
--- /dev/null
+++ b/system/impermanence.nix
@@ -0,0 +1,31 @@
+_: {
+
+  environment = {
+
+    persistence = {
+      "/persistent/system" = {
+        hideMounts = true;
+        directories = [
+
+        ];
+        files = [
+          "/etc/machine-id"
+        ];
+      };
+
+      "/persistent/homes" = {
+        hideMounts = true;
+        users.pdalpra = {
+          directories = [
+            "Code"
+            "Documents"
+            "Downloads"
+            "Music"
+            "Pictures"
+            "Videos"
+          ];
+        };
+      };
+    };
+  };
+}
diff --git a/system/machines/vm/configuration.nix b/system/machines/vm/configuration.nix
index a8bf65e..e4e42fb 100644
--- a/system/machines/vm/configuration.nix
+++ b/system/machines/vm/configuration.nix
@@ -1,10 +1,12 @@
 {
+  imports = [
+    ../../impermanence.nix
+  ];
+
+  networking.hostId = "fcd4a364";
+
   boot = {
     initrd.availableKernelModules = [ "ata_piix" "ohci_pci" "sd_mod" "sr_mod" ];
-    loader = {
-      systemd-boot.enable = true;
-      efi.canTouchEfiVariables = true;
-    };
   };
 
   virtualisation.vmware.guest.enable = true;
diff --git a/system/machines/vm/disks.nix b/system/machines/vm/disks.nix
index 2eb913a..7782844 100644
--- a/system/machines/vm/disks.nix
+++ b/system/machines/vm/disks.nix
@@ -1,8 +1,40 @@
-{ disks ? [ "/dev/sda" ], ... }:
+{ config, lib, myUtils, ... }:
+
+with myUtils;
+
+
 let
-  mainDisk = builtins.elemAt disks 0;
+  mainDisk = "/dev/sda";
+  efiSize = "1G";
+  swapSize = "4G";
+  blankSnapshot = "main/root@blank";
+  persistentFolders = [
+    "/nix"
+    "/persistent/system"
+    "/persistent/homes"
+  ];
+  neededForBoot = mergeAll (map
+    (fs: {
+      fileSystems.${fs}.neededForBoot = true;
+    })
+    persistentFolders);
+  zfs_fs = mountpoint: {
+    inherit mountpoint;
+    type = "zfs_fs";
+    options.mountpoint = "legacy";
+  };
 in
-{
+neededForBoot // {
+  services.zfs.trim.enable = true;
+
+  boot = {
+    supportedFilesystems = [ "zfs" ];
+    kernelPackages = config.boot.zfs.package.latestCompatibleLinuxPackages;
+    initrd.postDeviceCommands = lib.mkAfter ''
+      zfs rollback -r ${blankSnapshot} && echo "Blank snapshot restored"
+    '';
+  };
+
   disko.devices = {
     disk.main = {
       device = mainDisk;
@@ -13,20 +45,23 @@ in
           ESP = {
             name = "ESP";
             type = "EF00";
-            size = "512M";
+            size = efiSize;
             content = {
               type = "filesystem";
               format = "vfat";
               mountpoint = "/boot";
             };
           };
-          root = {
-            name = "root";
-            end = "-2G";
+          luks = {
+            end = "-${swapSize}";
             content = {
-              type = "filesystem";
-              format = "ext4";
-              mountpoint = "/";
+              type = "luks";
+              name = "encrypted";
+              extraOpenArgs = [ "--allow-discards" ];
+              content = {
+                type = "zfs";
+                pool = "main";
+              };
             };
           };
           swap = {
@@ -39,5 +74,19 @@ in
         };
       };
     };
+    zpool.main = {
+      type = "zpool";
+      mode = ""; # unmirrored
+      options.ashift = "12";
+      rootFsOptions.canmount = "off";
+      datasets = {
+        root = zfs_fs "/" // {
+          postCreateHook = "zfs snapshot ${blankSnapshot}";
+        };
+        nix = zfs_fs "/nix";
+        persistedSystem = zfs_fs "/persistent/system";
+        persistedHomes = zfs_fs "/persistent/homes";
+      };
+    };
   };
 }
diff --git a/system/users.nix b/system/users.nix
index fd1ed89..8d84d78 100644
--- a/system/users.nix
+++ b/system/users.nix
@@ -1,13 +1,15 @@
 { pkgs, hmPkgs, ... }:
 
+let user = "pdalpra";
+in
 {
   users = {
     defaultUserShell = pkgs.bash;
     users = {
-      pdalpra = {
+      "${user}" = {
         isNormalUser = true;
         uid = 1000;
-        home = "/home/pdalpra";
+        home = "/home/${user}";
         createHome = true;
         shell = pkgs.zsh;
         packages = [ hmPkgs.home-manager ];