sokai/mynixos-config
1
1
Fork 0
forked from mirrors_public/oddlama_nix-config
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

chore: add separate /state directory for reboot-persistent non-backuped state

Browse source
This commit is contained in:
oddlama 2023-06-03 17:50:54 +02:00
parent ba1932d2ef
commit b0e9978ead
No known key found for this signature in database
GPG key ID: 14EFE510775FE39A
3 changed files with 54 additions and 44 deletions
Download patch file Download diff file Expand all files Collapse all files

90
hosts/common/core/impermanence.nix
View file

@ -3,21 +3,46 @@
lib, lib,
... ...
}: { }: {
# State that should be kept across reboots, but is otherwise
# NOT important information in any way that needs to be backed up.
#environment.persistence."/local" = {
# with new dataset --> ^-- , or without v--
#environment.persistence."/nix/state" = {
# hideMounts = true;
# files = [
# ];
# directories = [
# ];
#};
# Give agenix access to the hostkey independent of impermanence activation # Give agenix access to the hostkey independent of impermanence activation
age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"]; age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
# State that should be kept across reboots, but is otherwise
# NOT important information in any way that needs to be backed up.
environment.persistence."/state" = {
hideMounts = true;
directories =
[
{
directory = "/var/lib/systemd";
user = "root";
group = "root";
mode = "0755";
}
{
directory = "/var/log";
user = "root";
group = "root";
mode = "0755";
}
#{ directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
#{ directory = "/var/tmp"; user = "root"; group = "root"; mode = "1777"; }
{
directory = "/var/spool";
user = "root";
group = "root";
mode = "0755";
}
]
++ lib.optionals config.networking.wireless.iwd.enable [
{
directory = "/var/lib/iwd";
user = "root";
group = "root";
mode = "0700";
}
];
};
# State that should be kept forever, and backed up accordingly. # State that should be kept forever, and backed up accordingly.
environment.persistence."/persist" = { environment.persistence."/persist" = {
hideMounts = true; hideMounts = true;
@ -34,37 +59,6 @@
group = "root"; group = "root";
mode = "0755"; mode = "0755";
} }
# TODO only persist across reboots, don't backup, once loki is used
{
directory = "/var/lib/systemd";
user = "root";
group = "root";
mode = "0755";
}
# TODO only persist across reboots, don't backup, once loki is used
{
directory = "/var/log";
user = "root";
group = "root";
mode = "0755";
}
#{ directory = "/tmp"; user = "root"; group = "root"; mode = "1777"; }
#{ directory = "/var/tmp"; user = "root"; group = "root"; mode = "1777"; }
# TODO only persist across reboots, don't backup, once loki is used
{
directory = "/var/spool";
user = "root";
group = "root";
mode = "0777";
}
]
++ lib.optionals config.networking.wireless.iwd.enable [
{
directory = "/var/lib/iwd";
user = "root";
group = "root";
mode = "0700";
}
] ]
++ lib.optionals config.security.acme.acceptTerms [ ++ lib.optionals config.security.acme.acceptTerms [
{ {
@ -100,12 +94,20 @@
] ]
++ lib.optionals config.services.gitea.enable [ ++ lib.optionals config.services.gitea.enable [
{ {
directory = "/var/lib/gitea"; directory = config.services.gitea.stateDir;
user = "gitea"; user = "gitea";
group = "gitea"; group = "gitea";
mode = "0700"; mode = "0700";
} }
] ]
++ lib.optionals config.services.loki.enable [
{
directory = "/var/lib/loki";
user = "loki";
group = "loki";
mode = "0700";
}
]
++ lib.optionals config.services.grafana.enable [ ++ lib.optionals config.services.grafana.enable [
{ {
directory = config.services.grafana.dataDir; directory = config.services.grafana.dataDir;

4
hosts/sentinel/fs.nix
View file

@ -32,6 +32,7 @@
postCreateHook = "zfs snapshot rpool/local/root@blank"; postCreateHook = "zfs snapshot rpool/local/root@blank";
}; };
"local/nix" = filesystem "/nix"; "local/nix" = filesystem "/nix";
"local/state" = filesystem "/state";
"safe" = unmountable; "safe" = unmountable;
"safe/persist" = filesystem "/persist"; "safe/persist" = filesystem "/persist";
}; };
@ -41,6 +42,9 @@
boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"]; boot.loader.grub.devices = ["/dev/disk/by-id/${config.repo.secrets.local.disk.main}"];
boot.initrd.luks.devices.enc-rpool.allowDiscards = true; boot.initrd.luks.devices.enc-rpool.allowDiscards = true;
# TODO remove once this is upstreamed
boot.initrd.systemd.services."zfs-import-rpool".after = ["cryptsetup.target"];
fileSystems."/state".neededForBoot = true;
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
# After importing the rpool, rollback the root system to be empty. # After importing the rpool, rollback the root system to be empty.

4
hosts/ward/fs.nix
View file

@ -33,6 +33,7 @@
postCreateHook = "zfs snapshot rpool/local/root@blank"; postCreateHook = "zfs snapshot rpool/local/root@blank";
}; };
"local/nix" = filesystem "/nix"; "local/nix" = filesystem "/nix";
"local/state" = filesystem "/state";
"safe" = unmountable; "safe" = unmountable;
"safe/persist" = filesystem "/persist"; "safe/persist" = filesystem "/persist";
"safe/vms" = unmountable; "safe/vms" = unmountable;
@ -41,6 +42,9 @@
}; };
}; };
# TODO remove once this is upstreamed
boot.initrd.systemd.services."zfs-import-rpool".after = ["cryptsetup.target"];
fileSystems."/state".neededForBoot = true;
fileSystems."/persist".neededForBoot = true; fileSystems."/persist".neededForBoot = true;
# After importing the rpool, rollback the root system to be empty. # After importing the rpool, rollback the root system to be empty.