From 977bfa7114c13eaad664e126db466dfb736e9252 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Mon, 25 Sep 2023 22:03:19 +0200 Subject: [PATCH 1/2] fixed a merge thingy in README --- README.md | 4 ---- 1 file changed, 4 deletions(-) diff --git a/README.md b/README.md index 759e36e..26734c0 100644 --- a/README.md +++ b/README.md @@ -80,10 +80,6 @@ If you have a `nixos-rebuild` available on your system it can automatize these t `--target-host` parameters. But there are some pitfalls so look at the `nixos-rebuild` documentation beforehand. ### On the machine -<<<<<<< HEAD - -======= ->>>>>>> d89313e25d9c66bafdaed10bb11716589472bac3 clone this repo to `/etc/nixos/` and `nixos-rebuild boot` or `nixos-rebuild switch` that will select the appropriate machine based on hostname. From 52e3f98cb176e7fd03f43c4ca9b19a94fa3ee414 Mon Sep 17 00:00:00 2001 From: Dennis Frieberg Date: Thu, 28 Sep 2023 17:12:34 +0200 Subject: [PATCH 2/2] first impermanence config --- flake.lock | 16 +++++++++++++ flake.nix | 3 +++ nixos/flake-module.nix | 1 + nixos/modules/impermanence.nix | 42 ++++++++++++++++++++++++++++++++++ nixos/roles/default.nix | 3 +++ 5 files changed, 65 insertions(+) create mode 100644 nixos/modules/impermanence.nix diff --git a/flake.lock b/flake.lock index 2ad8261..2a7be87 100644 --- a/flake.lock +++ b/flake.lock @@ -33,6 +33,21 @@ "type": "indirect" } }, + "impermanence": { + "locked": { + "lastModified": 1694622745, + "narHash": "sha256-z397+eDhKx9c2qNafL1xv75lC0Q4nOaFlhaU1TINqb8=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "e9643d08d0d193a2e074a19d4d90c67a874d932e", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nixos-mailserver": { "inputs": { "blobs": "blobs", @@ -139,6 +154,7 @@ "root": { "inputs": { "flake-parts": "flake-parts", + "impermanence": "impermanence", "nixos-mailserver": "nixos-mailserver", "nixpkgs": "nixpkgs", "sops-nix": "sops-nix" diff --git a/flake.nix b/flake.nix index 727dd91..0c61327 100644 --- a/flake.nix +++ b/flake.nix @@ -14,6 +14,9 @@ url = "github:Mic92/sops-nix"; inputs.nixpkgs.follows = "nixpkgs"; }; + impermanence = { + url = "github:nix-community/impermanence"; + }; }; outputs = inputs@{ flake-parts, ... }: diff --git a/nixos/flake-module.nix b/nixos/flake-module.nix index d82fbd4..a995aff 100644 --- a/nixos/flake-module.nix +++ b/nixos/flake-module.nix @@ -21,6 +21,7 @@ imports = [ (import (./. + "/machines/${name}/configuration.nix") inputs) inputs.sops-nix.nixosModules.sops + inputs.impermanence.nixosModules.impermanence ]; }; in lib.genAttrs machines makeSystem); diff --git a/nixos/modules/impermanence.nix b/nixos/modules/impermanence.nix new file mode 100644 index 0000000..0f955fd --- /dev/null +++ b/nixos/modules/impermanence.nix @@ -0,0 +1,42 @@ +{lib, config, ...} : + +let + inherit (lib) + mkEnableOption + mkIf + mkOption + types + ; + cfg = config.impermanence; +in + +{ +imports = [ ]; + +options.impermanence = { + enable = mkEnableOption "impermanence"; + storagePath = mkOption { + type = types.path; + default = "/persist/persist"; + description = "The path where persistent data is stored"; + }; + name = mkOption { + type = types.str; + default = "persist"; + description = "the name of the persistent data store"; + }; +}; + +config = mkIf cfg.enable { + environment.persistence.${cfg.name} = { + persistentStoragePath = cfg.storagePath; + directories = [ + "/var/log" + "/etc/ssh" + "/var/lib/nixos" + ]; + }; + environment.etc.machine-id.source = "${cfg.storagePath}/machine-id"; +}; + +} diff --git a/nixos/roles/default.nix b/nixos/roles/default.nix index de4eb17..d540660 100644 --- a/nixos/roles/default.nix +++ b/nixos/roles/default.nix @@ -3,6 +3,7 @@ imports = [ ./admins.nix ./nix_keys.nix + ../modules/impermanence.nix ]; nix = { extraOptions = '' @@ -25,6 +26,8 @@ users = { mutableUsers = false; }; +impermanence.enable = true; + sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; environment = {