From 52e3f98cb176e7fd03f43c4ca9b19a94fa3ee414 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Thu, 28 Sep 2023 17:12:34 +0200 Subject: [PATCH] first impermanence config --- flake.lock | 16 +++++++++++++ flake.nix | 3 +++ nixos/flake-module.nix | 1 + nixos/modules/impermanence.nix | 42 ++++++++++++++++++++++++++++++++++ nixos/roles/default.nix | 3 +++ 5 files changed, 65 insertions(+) create mode 100644 nixos/modules/impermanence.nix diff --git a/flake.lock b/flake.lock index 2ad8261..2a7be87 100644 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,21 @@ "type": "indirect" } }, + "impermanence": { + "locked": { + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nixos-mailserver": { "inputs": { "blobs": "blobs", @@ -139,6 +154,7 @@ "root": { "inputs": { "flake-parts": "flake-parts", + "impermanence": "impermanence", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index 727dd91..0c61327 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,9 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence = { + url = "github:nix-community/impermanence"; + }; }; outputs = inputs@{ flake-parts, ... }: diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix index d82fbd4..a995aff 100644 --- a/nixos/flake-module.nix +++ b/nixos/flake-module.nix @@ -21,6 +21,7 @@ imports = [ (import (./. + "/machines/${name}/configuration.nix") inputs) inputs.sops-nix.nixosModules.sops + inputs.impermanence.nixosModules.impermanence ]; }; in lib.genAttrs machines makeSystem); diff --git a/nixos/modules/impermanence.nix b/nixos/modules/impermanence.nix new file mode 100644 index 0000000..0f955fd --- /dev/null +++ b/nixos/modules/impermanence.nix @@ -0,0 +1,42 @@ +{lib, config, ...} : + +let + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; + cfg = config.impermanence; +in + +{ +imports = [ ]; + +options.impermanence = { + enable = mkEnableOption "impermanence"; + storagePath = mkOption { + type = types.path; + default = "/persist/persist"; + description = "The path where persistent data is stored"; + }; + name = mkOption { + type = types.str; + default = "persist"; + description = "the name of the persistent data store"; + }; +}; + +config = mkIf cfg.enable { + environment.persistence.${cfg.name} = { + persistentStoragePath = cfg.storagePath; + directories = [ + "/var/log" + "/etc/ssh" + "/var/lib/nixos" + ]; + }; + environment.etc.machine-id.source = "${cfg.storagePath}/machine-id"; +}; + +} diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index de4eb17..d540660 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -3,6 +3,7 @@ imports = [ ./admins.nix ./nix_keys.nix + ../modules/impermanence.nix ]; nix = { extraOptions = '' @@ -25,6 +26,8 @@ users = { mutableUsers = false; }; +impermanence.enable = true; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; environment = {