feat: Impermanence (system)
I had to disable initrd's systemd stuff. I just /couldn't/ get a rollback service working; believe me, not for a lack of effort! I've been working on this on-and-off for a month or two now.
This commit is contained in:
Madeleine Sydney
@@ -1,4 +1,3 @@
|
||||
# Requires boot.initrd.enable = true and boot.initrd.systemd.enable = true!
|
||||
{ config, lib, pkgs, ... }:
|
||||
|
||||
with lib;
|
||||
@@ -6,41 +5,38 @@ with lib;
|
||||
let
|
||||
cfg = config.sydnix.impermanence;
|
||||
in {
|
||||
imports = [
|
||||
./impermanence/rollback.nix
|
||||
];
|
||||
|
||||
options = {
|
||||
sydnix.impermanence = {
|
||||
enable = mkOption {
|
||||
description = "Enable Impermanence";
|
||||
type = types.bool;
|
||||
default = false;
|
||||
};
|
||||
enable = mkEnableOption "Impermanence";
|
||||
|
||||
directories = mkOption {
|
||||
description = "";
|
||||
type = with types; listOf anything;
|
||||
default = [];
|
||||
};
|
||||
|
||||
files = mkOption {
|
||||
type = with types; listOf anything;
|
||||
default = [];
|
||||
};
|
||||
|
||||
persistDirectory = mkOption {
|
||||
default = "/persist";
|
||||
type = types.str;
|
||||
description = ''
|
||||
The directory in which persistent files live.
|
||||
'';
|
||||
};
|
||||
|
||||
persistGroupName = mkOption {
|
||||
default = "persist";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
files = mkOption {
|
||||
description = "";
|
||||
|
||||
type = with types; listOf anything;
|
||||
default = [];
|
||||
};
|
||||
|
||||
device = mkOption {
|
||||
description = "Device to be wiped";
|
||||
type = types.str;
|
||||
};
|
||||
|
||||
archiveLimit = mkOption {
|
||||
type = types.ints.positive;
|
||||
description = "The number of previous roots to preserve.";
|
||||
default = 3;
|
||||
description = ''
|
||||
Name of the group whose members have access to the persist directory.
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
@@ -51,115 +47,19 @@ in {
|
||||
name = cfg.persistGroupName;
|
||||
};
|
||||
|
||||
systemd.tmpfiles.settings = {
|
||||
"10-persist" = {
|
||||
# Permit members of `cfg.persistGroupName` to read, write, and execute
|
||||
# /persist.
|
||||
"/persist" = {
|
||||
z = {
|
||||
group = cfg.persistGroupName;
|
||||
mode = "2775";
|
||||
};
|
||||
};
|
||||
# Permit members of `cfg.persistGroupName` to read, write, and execute
|
||||
# /persist.
|
||||
systemd.tmpfiles.settings."10-persist".${cfg.persistDirectory} = {
|
||||
z = {
|
||||
group = cfg.persistGroupName;
|
||||
mode = "2775";
|
||||
};
|
||||
};
|
||||
|
||||
# TODO: Move this somewhere else.
|
||||
programs.fuse.userAllowOther = true;
|
||||
|
||||
# sudo mount -o ro -t virtiofs mount-dots /persist/dots
|
||||
boot.initrd.systemd = {
|
||||
# `pkgs.babashka` calls `pkgs.babashka-unwrapped`, and will explode if it
|
||||
# cannot find it.
|
||||
storePaths = [ pkgs.babashka-unwrapped ];
|
||||
|
||||
initrdBin = with pkgs; [
|
||||
babashka
|
||||
util-linux
|
||||
];
|
||||
};
|
||||
|
||||
boot.initrd.systemd.services.erase-darlings =
|
||||
let service = {
|
||||
description = "Rollback filesystem to a blank state on boot";
|
||||
wantedBy = [
|
||||
"initrd.target"
|
||||
];
|
||||
before = [
|
||||
"sysroot.mount"
|
||||
];
|
||||
path = with pkgs; [ util-linux babashka ];
|
||||
unitConfig.DefaultDependencies = "no";
|
||||
serviceConfig = {
|
||||
Type = "oneshot";
|
||||
RemainAfterExit = true;
|
||||
};
|
||||
script =
|
||||
let bb-script = "/sysroot" + ./impermanence/erase-darlings.clj;
|
||||
in ''${pkgs.babashka}/bin/bb "${bb-script}" -n "${toString cfg.archiveLimit}" --device "${cfg.device}"'';
|
||||
};
|
||||
in if config.boot.initrd.systemd.enable
|
||||
then service
|
||||
else throw "sydnix.impermanence currently requires config.boot.initrd.systemd.enable'!";
|
||||
|
||||
# TODO: Remove this.
|
||||
# boot.initrd.systemd.services.erase-darlings-old =
|
||||
# let service = {
|
||||
# description = "Rollback filesystem to a blank state on boot";
|
||||
# wantedBy = [
|
||||
# "initrd.target"
|
||||
# ];
|
||||
# after = [
|
||||
# # "zfs-import.service"
|
||||
# "zfs-import-rpool.service"
|
||||
# ];
|
||||
# before = [
|
||||
# "sysroot.mount"
|
||||
# ];
|
||||
# path = [ pkgs.zfs ];
|
||||
# unitConfig.DefaultDependencies = "no";
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# RemainAfterExit = true;
|
||||
# };
|
||||
# script = /* bash */ ''
|
||||
# zfs rollback -r rpool/local/root@blank \
|
||||
# && echo ">> >> rollback complete << <<"
|
||||
# '';
|
||||
# };
|
||||
# in if config.boot.initrd.systemd.enable
|
||||
# then service
|
||||
# else throw "sydnix.impermanence currently requires config.boot.initrd.systemd.enable'!";
|
||||
|
||||
# systemd.services =
|
||||
# let erase-home-darlings = {
|
||||
# description = "Rollback home to a blank state on boot";
|
||||
# wantedBy = [
|
||||
# "local-fs-pre.target"
|
||||
# "zfs-mount.service"
|
||||
# ];
|
||||
# before = [
|
||||
# "local-fs.target"
|
||||
# "local-fs-pre.target"
|
||||
# "zfs-mount.service"
|
||||
# ];
|
||||
# path = [ pkgs.zfs pkgs.babashka pkgs.util-linux ];
|
||||
# unitConfig.DefaultDependencies = "no";
|
||||
# serviceConfig = {
|
||||
# Type = "oneshot";
|
||||
# RemainAfterExit = true;
|
||||
# ExecStart =
|
||||
# let script = ./erase-home-darlings.clj;
|
||||
# in ''${pkgs.babashka}/bin/bb "${script}" -n "${toString cfg.archiveLimit}" --dataset "${cfg.dataset}" --rollback-to "${cfg.rollbackTo}"'';
|
||||
# };
|
||||
# stopIfChanged = false;
|
||||
# restartIfChanged = false;
|
||||
# };
|
||||
# in {
|
||||
# # inherit erase-home-darlings;
|
||||
# };
|
||||
|
||||
environment.persistence."/persist/root" = {
|
||||
environment.persistence."${cfg.persistDirectory}/root" = {
|
||||
directories = cfg.directories;
|
||||
files = cfg.files;
|
||||
};
|
||||
|
||||
Reference in New Issue
Block a user