msyds/sydnix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

(wip) Setup btrfs impermanence

Browse Source
This commit is contained in:
Madeleine Sydney
2024-12-28 20:29:43 -07:00
parent 6240431d36
commit 9a99a6dfb7
4 changed files with 140 additions and 50 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hosts/nixos-testbed/configuration.nix
View File

@@ -6,6 +6,7 @@
]; ];
sydnix = { sydnix = {
filesystemType = "btrfs";
impermanence = { impermanence = {
enable = false; enable = false;
directories = [ directories = [
@@ -13,10 +14,12 @@
# This means all users/groups without specified uids/gids will have them # This means all users/groups without specified uids/gids will have them
# reassigned on reboot." # reassigned on reboot."
"/var/lib/nixos" "/var/lib/nixos"
# We don't want to have different ssh keys on reboot, because ssh keys
# are expected to consistently identify machines... I think. I mostly
# just think it's annoying to edit ~/.ssh/known_hosts all the time.
"/etc/ssh" "/etc/ssh"
]; ];
rollbackTo = "blank"; device = "placeholderrrr";
dataset = "rpool/local/home";
archiveLimit = 3; archiveLimit = 3;
}; };
users.users = [ users.users = [

13
modules/nixos/filesystemType.nix Normal file
View File

@@ -0,0 +1,13 @@
{ config, lib, pkgs, ... }:
with lib;
{
options = {
sydnix.filesystemType = mkOption {
type = types.nullOr (types.enum [ "btrfs" ]);
description = "The name of the filesystem to be used.";
default = null;
};
};
}

127
modules/nixos/impermanence.nix
View File

@@ -32,30 +32,29 @@ in {
default = []; default = [];
}; };
rollbackTo = mkOption { device = mkOption {
type = types.str; description = "Device to be wiped";
};
archiveTo = mkOption {
type = types.str;
default = "/persist/previous/home";
};
dataset = mkOption {
type = types.str; type = types.str;
}; };
archiveLimit = mkOption { archiveLimit = mkOption {
type = types.ints.positive; type = types.ints.positive;
description = "The number of previous roots to preserve.";
default = 3; default = 3;
}; };
}; };
}; };
config = mkIf cfg.enable { config = mkIf cfg.enable {
# Create a group called `cfg.persistGroupName`
users.groups.${cfg.persistGroupName} = { users.groups.${cfg.persistGroupName} = {
name = cfg.persistGroupName; name = cfg.persistGroupName;
}; };
systemd.tmpfiles.settings = { systemd.tmpfiles.settings = {
"10-persist" = { "10-persist" = {
# Permit members of `cfg.persistGroupName` to read, write, and execute
# /persist.
"/persist" = { "/persist" = {
z = { z = {
group = cfg.persistGroupName; group = cfg.persistGroupName;
@@ -65,68 +64,100 @@ in {
}; };
}; };
boot.initrd.systemd.initrdBin = with pkgs; [
zfs
];
# TODO: Move this somewhere else. # TODO: Move this somewhere else.
programs.fuse.userAllowOther = true; programs.fuse.userAllowOther = true;
# sudo mount -o ro -t virtiofs mount-dots /persist/dots
boot.initrd.systemd = {
# `pkgs.babashka` calls `pkgs.babashka-unwrapped`, and will explode if it
# cannot find it.
storePaths = [ pkgs.babashka-unwrapped ];
initrdBin = with pkgs; [
babashka
util-linux
];
};
boot.initrd.systemd.services.erase-darlings = boot.initrd.systemd.services.erase-darlings =
let service = { let service = {
description = "Rollback filesystem to a blank state on boot"; description = "Rollback filesystem to a blank state on boot";
wantedBy = [ wantedBy = [
"initrd.target" "initrd.target"
]; ];
after = [
# "zfs-import.service"
"zfs-import-rpool.service"
];
before = [ before = [
"sysroot.mount" "sysroot.mount"
]; ];
path = [ pkgs.zfs ]; path = with pkgs; [ util-linux babashka ];
unitConfig.DefaultDependencies = "no"; unitConfig.DefaultDependencies = "no";
serviceConfig = { serviceConfig = {
Type = "oneshot"; Type = "oneshot";
RemainAfterExit = true; RemainAfterExit = true;
}; };
script = /* bash */ '' script =
zfs rollback -r rpool/local/root@blank \ let bb-script = "/sysroot" + ./impermanence/erase-darlings.clj;
&& echo ">> >> rollback complete << <<" in ''${pkgs.babashka}/bin/bb "${bb-script}" -n "${toString cfg.archiveLimit}" --device "${cfg.device}"'';
'';
}; };
in if config.boot.initrd.systemd.enable in if config.boot.initrd.systemd.enable
then service then service
else throw "sydnix.impermanence currently requires config.boot.initrd.systemd.enable'!"; else throw "sydnix.impermanence currently requires config.boot.initrd.systemd.enable'!";
systemd.services = # TODO: Remove this.
let erase-home-darlings = { # boot.initrd.systemd.services.erase-darlings-old =
description = "Rollback home to a blank state on boot"; # let service = {
wantedBy = [ # description = "Rollback filesystem to a blank state on boot";
"local-fs-pre.target" # wantedBy = [
"zfs-mount.service" # "initrd.target"
]; # ];
before = [ # after = [
"local-fs.target" # # "zfs-import.service"
"local-fs-pre.target" # "zfs-import-rpool.service"
"zfs-mount.service" # ];
]; # before = [
path = [ pkgs.zfs pkgs.babashka pkgs.util-linux ]; # "sysroot.mount"
unitConfig.DefaultDependencies = "no"; # ];
serviceConfig = { # path = [ pkgs.zfs ];
Type = "oneshot"; # unitConfig.DefaultDependencies = "no";
RemainAfterExit = true; # serviceConfig = {
ExecStart = # Type = "oneshot";
let script = ./erase-home-darlings.clj; # RemainAfterExit = true;
in ''${pkgs.babashka}/bin/bb "${script}" -n "${toString cfg.archiveLimit}" --dataset "${cfg.dataset}" --rollback-to "${cfg.rollbackTo}"''; # };
}; # script = /* bash */ ''
stopIfChanged = false; # zfs rollback -r rpool/local/root@blank \
restartIfChanged = false; # && echo ">> >> rollback complete << <<"
}; # '';
in { # };
# inherit erase-home-darlings; # in if config.boot.initrd.systemd.enable
}; # then service
# else throw "sydnix.impermanence currently requires config.boot.initrd.systemd.enable'!";
# systemd.services =
# let erase-home-darlings = {
# description = "Rollback home to a blank state on boot";
# wantedBy = [
# "local-fs-pre.target"
# "zfs-mount.service"
# ];
# before = [
# "local-fs.target"
# "local-fs-pre.target"
# "zfs-mount.service"
# ];
# path = [ pkgs.zfs pkgs.babashka pkgs.util-linux ];
# unitConfig.DefaultDependencies = "no";
# serviceConfig = {
# Type = "oneshot";
# RemainAfterExit = true;
# ExecStart =
# let script = ./erase-home-darlings.clj;
# in ''${pkgs.babashka}/bin/bb "${script}" -n "${toString cfg.archiveLimit}" --dataset "${cfg.dataset}" --rollback-to "${cfg.rollbackTo}"'';
# };
# stopIfChanged = false;
# restartIfChanged = false;
# };
# in {
# # inherit erase-home-darlings;
# };
environment.persistence."/persist/root" = { environment.persistence."/persist/root" = {
directories = cfg.directories; directories = cfg.directories;

43
modules/nixos/impermanence/erase-darlings.clj Normal file
View File

@@ -0,0 +1,43 @@
#!/usr/bin/env bb
(require '[clojure.core.match :refer [match]]
'[babashka.cli :as cli]
'[clojure.pprint :as pp]
'[clojure.tools.logging :as l]
'[babashka.process :refer [shell check process] :as p])
(def cli-spec
{:spec
{:archive-limit {:coerce :int
:alias :n
:validate #(pos? %)
:default 3
:desc "Number of archives to save at a time."}
:device {:coerce :string
;; :validate fs/exists?
:require true
:desc "Dataset to be archived and rolled back."}
:previous-roots
{:coerce :string
:default "/persist/previous"
:desc "The path under which previous roots will be stored."}
:error-fn
(fn [{:keys [spec type cause msg option] :as data}]
(when (= :org.babashka/cli type)
(case cause
:require
(println
(format "Missing required argument: %s\n" option))))
(System/exit 1))}})
(defmacro with-echoed-shell-commands [& body]
(let [print-cmd #(println (str "+ " (str/join (:cmd %))))]
`(binding [p/*defaults* {:pre-start-fn ~print-cmd}]
~@body)))
(defn -main [opts]
(pp/pprint opts)
(with-echoed-shell-commands
(shell "mount")))
(-main (cli/parse-opts *command-line-args* cli-spec))