Refactor persistence structure
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
@@ -11,7 +11,7 @@ usage() {
|
||||
}
|
||||
|
||||
cleanup() {
|
||||
if [ -d "/persist.bak" ]; then btrfs -q subvolume delete "/persist.bak"; fi
|
||||
if [ -d "/persist/user.bak" ]; then btrfs -q subvolume delete "/persist/user.bak"; fi
|
||||
if [ -n "$backup_location" ]; then rm -f "$backup_location.tmp"; fi
|
||||
|
||||
if [ -n "$mount_location" ]; then
|
||||
@@ -56,11 +56,11 @@ fi
|
||||
|
||||
backup_location="$backup_location/$(hostname)-$(date +%Y-%m-%d-%H-%M-%S).btrfs.gz"
|
||||
|
||||
echo "Creating /persist snapshot..."
|
||||
btrfs -q subvolume snapshot -r "/persist" "/persist.bak"
|
||||
echo "Creating /persist/user snapshot..."
|
||||
btrfs -q subvolume snapshot -r "/persist/user" "/persist/user.bak"
|
||||
|
||||
echo "Creating backup at $backup_location..."
|
||||
btrfs -q send "/persist.bak" | gzip > "$backup_location.tmp"
|
||||
btrfs -q send "/persist/user.bak" | gzip > "$backup_location.tmp"
|
||||
|
||||
mv "$backup_location.tmp" "$backup_location"
|
||||
|
||||
|
||||
@@ -8,10 +8,10 @@
|
||||
};
|
||||
};
|
||||
|
||||
environment.persistence."/persist"."/var/lib/bluetooth" = { };
|
||||
environment.persistence."/persist/state"."/var/lib/bluetooth" = { };
|
||||
|
||||
systemd.services.bluetooth.after = [
|
||||
config.environment.persistence."/persist"."/var/lib/bluetooth".mount
|
||||
config.environment.persistence."/persist/state"."/var/lib/bluetooth".mount
|
||||
];
|
||||
|
||||
home-manager.sharedModules = [ { services.mpris-proxy.enable = config.services.pipewire.enable; } ];
|
||||
|
||||
@@ -18,12 +18,12 @@
|
||||
};
|
||||
|
||||
environment = {
|
||||
persistence."/persist"."/var/lib/docker" = { };
|
||||
persistence."/persist/state"."/var/lib/docker" = { };
|
||||
systemPackages = with pkgs; [ docker-compose ];
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.docker.after = [ config.environment.persistence."/persist"."/var/lib/docker".mount ];
|
||||
sockets.docker.after = [ config.environment.persistence."/persist"."/var/lib/docker".mount ];
|
||||
services.docker.after = [ config.environment.persistence."/persist/state"."/var/lib/docker".mount ];
|
||||
sockets.docker.after = [ config.environment.persistence."/persist/state"."/var/lib/docker".mount ];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -38,11 +38,13 @@
|
||||
ln -s ${config.sops.secrets."machineId".path} $out
|
||||
'';
|
||||
|
||||
persistence."/persist" = {
|
||||
"/etc/nixos" = { };
|
||||
"/var/lib/nixos" = { };
|
||||
"/var/lib/systemd" = { };
|
||||
"/var/log" = { };
|
||||
persistence = {
|
||||
"/persist/user"."/etc/nixos" = { };
|
||||
"/persist/state" = {
|
||||
"/var/lib/nixos" = { };
|
||||
"/var/lib/systemd" = { };
|
||||
"/var/log" = { };
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
||||
@@ -41,7 +41,7 @@
|
||||
"ovmf/edk2-i386-vars.fd".source =
|
||||
"${config.virtualisation.libvirtd.qemu.package}/share/qemu/edk2-i386-vars.fd";
|
||||
};
|
||||
persistence."/persist"."/var/lib/libvirt" = { };
|
||||
persistence."/persist/state"."/var/lib/libvirt" = { };
|
||||
};
|
||||
|
||||
programs.virt-manager.enable = true;
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
{
|
||||
networking.networkmanager.enable = true;
|
||||
|
||||
environment.persistence."/persist"."/etc/NetworkManager/system-connections" = { };
|
||||
environment.persistence."/persist/state"."/etc/NetworkManager/system-connections" = { };
|
||||
|
||||
systemd.services.NetworkManager.after = [
|
||||
config.environment.persistence."/persist"."/etc/NetworkManager/system-connections".mount
|
||||
config.environment.persistence."/persist/state"."/etc/NetworkManager/system-connections".mount
|
||||
];
|
||||
}
|
||||
|
||||
@@ -63,8 +63,8 @@ prepare_disk() {
|
||||
}
|
||||
|
||||
copy_keys() {
|
||||
mkdir -p "$root/persist/etc/ssh"
|
||||
cp -f "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/etc/ssh/ssh_host_ed25519_key"
|
||||
mkdir -p "$root/persist/state/etc/ssh"
|
||||
cp -f "$flake/hosts/$host/secrets/ssh_host_ed25519_key" "$root/persist/state/etc/ssh/ssh_host_ed25519_key"
|
||||
|
||||
for path in "$flake/hosts/$host/users"/*; do
|
||||
if [[ -z "$key" ]]; then
|
||||
@@ -73,8 +73,8 @@ copy_keys() {
|
||||
|
||||
local user
|
||||
user=$(basename "$path")
|
||||
mkdir -p "$root/persist/home/$user/.config/sops-nix"
|
||||
cp -f "$flake/secrets/$key/key.txt" "$root/persist/home/$user/.config/sops-nix/key.txt"
|
||||
mkdir -p "$root/persist/state/home/$user/.config/sops-nix"
|
||||
cp -f "$flake/secrets/$key/key.txt" "$root/persist/state/home/$user/.config/sops-nix/key.txt"
|
||||
done
|
||||
}
|
||||
|
||||
@@ -82,7 +82,7 @@ set_permissions() {
|
||||
for path in "$flake/hosts/$host/users"/*; do
|
||||
local user
|
||||
user=$(basename "$path")
|
||||
chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/home/$user"
|
||||
chown -R "$(cat "$flake/hosts/$host/users/$user/uid"):100" "$root/persist/*/home/$user"
|
||||
done
|
||||
}
|
||||
|
||||
@@ -92,8 +92,9 @@ install() {
|
||||
|
||||
copy_config() {
|
||||
echo "Copying configuration..."
|
||||
rm -rf "$root/persist/etc/nixos"
|
||||
cp -r "$flake" "$root/persist/etc/nixos"
|
||||
mkdir -p "$root/persist/user/etc/nixos"
|
||||
rm -rf "$root/persist/user/etc/nixos"
|
||||
cp -r "$flake" "$root/persist/user/etc/nixos"
|
||||
}
|
||||
|
||||
finish() {
|
||||
|
||||
@@ -14,7 +14,7 @@
|
||||
};
|
||||
|
||||
environment = {
|
||||
persistence."/persist"."/var/lib/containers" = { };
|
||||
persistence."/persist/state"."/var/lib/containers" = { };
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
podman-compose
|
||||
|
||||
@@ -18,19 +18,19 @@
|
||||
};
|
||||
};
|
||||
|
||||
environment.persistence."/persist" = {
|
||||
environment.persistence."/persist/state" = {
|
||||
"/var/lib/cups/ppd" = { };
|
||||
"/var/lib/cups/printers.conf" = { };
|
||||
};
|
||||
|
||||
systemd = {
|
||||
services.cups.after = [
|
||||
config.environment.persistence."/persist"."/var/lib/cups/ppd".mount
|
||||
config.environment.persistence."/persist"."/var/lib/cups/printers.conf".mount
|
||||
config.environment.persistence."/persist/state"."/var/lib/cups/ppd".mount
|
||||
config.environment.persistence."/persist/state"."/var/lib/cups/printers.conf".mount
|
||||
];
|
||||
sockets.cups.after = [
|
||||
config.environment.persistence."/persist"."/var/lib/cups/ppd".mount
|
||||
config.environment.persistence."/persist"."/var/lib/cups/printers.conf".mount
|
||||
config.environment.persistence."/persist/state"."/var/lib/cups/ppd".mount
|
||||
config.environment.persistence."/persist/state"."/var/lib/cups/printers.conf".mount
|
||||
];
|
||||
};
|
||||
}
|
||||
|
||||
@@ -8,7 +8,7 @@
|
||||
imports = [ inputs.sops-nix.nixosModules.sops ];
|
||||
|
||||
environment = {
|
||||
persistence."/persist"."/etc/ssh/ssh_host_ed25519_key" = { };
|
||||
persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key" = { };
|
||||
|
||||
systemPackages = with pkgs; [
|
||||
sops
|
||||
@@ -22,7 +22,9 @@
|
||||
|
||||
age = {
|
||||
generateKey = true;
|
||||
sshKeyPaths = [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ];
|
||||
sshKeyPaths = [
|
||||
config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source
|
||||
];
|
||||
keyFile = "/var/lib/sops-nix/key.txt";
|
||||
};
|
||||
};
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
{
|
||||
environment = {
|
||||
enableAllTerminfo = true;
|
||||
persistence."/persist"."/var/lib/fail2ban" = { };
|
||||
persistence."/persist/state"."/var/lib/fail2ban" = { };
|
||||
};
|
||||
|
||||
services = {
|
||||
|
||||
@@ -6,7 +6,7 @@
|
||||
};
|
||||
|
||||
environment = {
|
||||
persistence."/persist"."/var/lib/zsh" = { };
|
||||
persistence."/persist/state"."/var/lib/zsh" = { };
|
||||
pathsToLink = [ "/share/zsh" ];
|
||||
};
|
||||
|
||||
|
||||
Reference in New Issue
Block a user