Compare commits
9 commits
977bfa7114
...
554c5c89a8
Author | SHA1 | Date | |
---|---|---|---|
|
554c5c89a8 | ||
f6091a935a | |||
3b01487d1d | |||
377ff0141e | |||
6e4469fa8f | |||
2ffe242e8f | |||
889d0a8736 | |||
08f06f3a92 | |||
4f29103fdb |
7 changed files with 88 additions and 0 deletions
16
flake.lock
16
flake.lock
|
@ -33,6 +33,21 @@
|
|||
"type": "indirect"
|
||||
}
|
||||
},
|
||||
"impermanence": {
|
||||
"locked": {
|
||||
"lastModified": 1694622745,
|
||||
"narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=",
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e",
|
||||
"type": "github"
|
||||
},
|
||||
"original": {
|
||||
"owner": "nix-community",
|
||||
"repo": "impermanence",
|
||||
"type": "github"
|
||||
}
|
||||
},
|
||||
"nixos-mailserver": {
|
||||
"inputs": {
|
||||
"blobs": "blobs",
|
||||
|
@ -139,6 +154,7 @@
|
|||
"root": {
|
||||
"inputs": {
|
||||
"flake-parts": "flake-parts",
|
||||
"impermanence": "impermanence",
|
||||
"nixos-mailserver": "nixos-mailserver",
|
||||
"nixpkgs": "nixpkgs",
|
||||
"sops-nix": "sops-nix"
|
||||
|
|
|
@ -14,6 +14,9 @@
|
|||
url = "github:Mic92/sops-nix";
|
||||
inputs.nixpkgs.follows = "nixpkgs";
|
||||
};
|
||||
impermanence = {
|
||||
url = "github:nix-community/impermanence";
|
||||
};
|
||||
};
|
||||
|
||||
outputs = inputs@{ flake-parts, ... }:
|
||||
|
|
|
@ -21,6 +21,7 @@
|
|||
imports = [
|
||||
(import (./. + "/machines/${name}/configuration.nix") inputs)
|
||||
inputs.sops-nix.nixosModules.sops
|
||||
inputs.impermanence.nixosModules.impermanence
|
||||
];
|
||||
};
|
||||
in lib.genAttrs machines makeSystem);
|
||||
|
|
|
@ -11,5 +11,6 @@ imports = [
|
|||
|
||||
# System configuration here
|
||||
|
||||
networking.hostName = "nyarlathotep";
|
||||
system.stateVersion = "23.11";
|
||||
}
|
||||
|
|
|
@ -2,9 +2,25 @@
|
|||
imports = [ ];
|
||||
|
||||
fileSystems."/" = {
|
||||
device = "nya-root";
|
||||
fsType = "tmpfs";
|
||||
options = [ "size=1G" "mode=755" ];
|
||||
};
|
||||
fileSystems."/persist" = {
|
||||
device = "/dev/disk/by-uuid/a72da670-f631-49b1-bcb3-6d378cc1f2d0";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=persist" ];
|
||||
neededForBoot = true;
|
||||
};
|
||||
fileSystems."/boot" = {
|
||||
device = "/dev/disk/by-uuid/75b01f48-e159-4d72-b049-54b7af072076";
|
||||
fsType = "ext4";
|
||||
};
|
||||
fileSystems."/nix" = {
|
||||
device = "/dev/disk/by-uuid/a72da670-f631-49b1-bcb3-6d378cc1f2d0";
|
||||
fsType = "btrfs";
|
||||
options = [ "subvol=nix" ];
|
||||
};
|
||||
fileSystems."/var/vmail" = {
|
||||
device = "/dev/disk/by-uuid/23c44c93-5035-4e29-9e46-75c1c08f4cea";
|
||||
fsType = "ext4";
|
||||
|
|
47
nixos/modules/impermanence.nix
Normal file
47
nixos/modules/impermanence.nix
Normal file
|
@ -0,0 +1,47 @@
|
|||
{lib, config, ...} :
|
||||
|
||||
let
|
||||
inherit (lib)
|
||||
mkEnableOption
|
||||
mkIf
|
||||
mkOption
|
||||
types
|
||||
;
|
||||
cfg = config.impermanence;
|
||||
in
|
||||
|
||||
{
|
||||
imports = [ ];
|
||||
|
||||
options.impermanence = {
|
||||
enable = mkEnableOption "impermanence";
|
||||
storagePath = mkOption {
|
||||
type = types.path;
|
||||
default = "/persist";
|
||||
description = "The path where persistent data is stored";
|
||||
};
|
||||
name = mkOption {
|
||||
type = types.str;
|
||||
default = "persist";
|
||||
description = "the name of the persistent data store";
|
||||
};
|
||||
};
|
||||
|
||||
config = mkIf cfg.enable {
|
||||
environment.persistence.${cfg.name} = {
|
||||
persistentStoragePath = cfg.storagePath;
|
||||
directories = [
|
||||
"/var/log"
|
||||
"/var/lib/nixos"
|
||||
];
|
||||
files = [
|
||||
"/etc/ssh/ssh_host_ed25519_key"
|
||||
"/etc/ssh/ssh_host_ed25519_key.pub"
|
||||
"/etc/ssh/ssh_host_rsa_key"
|
||||
"/etc/ssh/ssh_host_rsa_key.pub"
|
||||
];
|
||||
};
|
||||
environment.etc.machine-id.source = "${cfg.storagePath}/machine-id";
|
||||
};
|
||||
|
||||
}
|
|
@ -3,6 +3,7 @@
|
|||
imports = [
|
||||
./admins.nix
|
||||
./nix_keys.nix
|
||||
../modules/impermanence.nix
|
||||
];
|
||||
nix = {
|
||||
extraOptions = ''
|
||||
|
@ -23,8 +24,11 @@ networking = {
|
|||
|
||||
users = {
|
||||
mutableUsers = false;
|
||||
users.root.hashedPassword = "!";
|
||||
};
|
||||
|
||||
impermanence.enable = true;
|
||||
|
||||
sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
|
||||
|
||||
environment = {
|
||||
|
|
Loading…
Reference in a new issue