feat: Impermanence (system)

I had to disable initrd's systemd stuff. I just /couldn't/ get a rollback service working; believe me, not for a lack of effort! I've been working on this on-and-off for a month or two now.
2025-01-01 15:45:10 -07:00
parent dfa5d6625b
commit 9516c35c7f
7 changed files with 109 additions and 381 deletions
--- a/modules/nixos/impermanence/rollback.nix
+++ b/modules/nixos/impermanence/rollback.nix
@@ -0,0 +1,59 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+
+let cfg = config.impermanence.rollback;
+in {
+  options = {
+    impermanence.rollback = {
+      enable = mkEnableOption "rollback of the root filesystem";
+
+      device = mkOption {
+        description = "Device to be wiped";
+        type = types.str;
+      };
+
+      subvolume = mkOption {
+        description = ''
+          The subvolume to be rolled back.  Usually, this should be where your
+          root filesystem resides.
+        '';
+        type = types.str;
+      };
+    };
+  };
+
+  config = mkIf cfg.enable {
+    boot.initrd.postDeviceCommands = ''
+      # Mount the btrfs filesystem.
+      mkdir -p /btrfs-tmp
+      mount -t btrfs "${cfg.device}" /btrfs-tmp
+
+      # If the moribound subvolume exists, send it do 'death row' (old-roots),
+      # where live for about three days before its eventual deletion.
+      if [[ -e "/btrfs-tmp/${cfg.subvolume}" ]]; then
+          mkdir -p /btrfs-tmp/old-roots
+          timestamp=$(date --date="@$(stat -c %Y "/btrfs-tmp/${cfg.subvolume}")" "+%Y-%m-%-d_%H:%M:%S")
+          mv "/btrfs-tmp/${cfg.subvolume}" "/btrfs-tmp/old-roots/$timestamp"
+      fi
+
+      delete_subvolume_recursively() {
+          IFS=$'\n'
+          for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+              delete_subvolume_recursively "/btrfs-tmp/$i"
+          done
+          btrfs subvolume delete "$1"
+      }
+
+      # Delete previous roots older than three days.
+      # TODO: I would prefer archiving the last N previous roots, rather than
+      # time.
+      for i in $(find /btrfs-tmp/old-roots/ -maxdepth 1 -mtime +3); do
+          delete_subvolume_recursively "$i"
+      done
+
+      btrfs subvolume create "/btrfs-tmp/${cfg.subvolume}"
+      umount /btrfs-tmp
+    '';
+  };
+}