Add jupiter vps

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-03-01 00:07:58 +00:00
parent d90ad86c16
commit 95b79ab224
19 changed files with 277 additions and 59 deletions
--- a/hosts/common/configs/system/boot/default.nix
+++ b/hosts/common/configs/system/boot/default.nix
@@ -10,11 +10,9 @@
      timeout = 1;
      efi.canTouchEfiVariables = true;
    };
+
    initrd.systemd.enable = true;
    kernelPackages = pkgs.linuxPackages_latest;
-    supportedFilesystems = [
-      "btrfs"
-      "ntfs"
-    ];
+    supportedFilesystems = [ "btrfs" ];
  };
 }
--- a/hosts/common/configs/system/impermanence/default.nix
+++ b/hosts/common/configs/system/impermanence/default.nix
@@ -1,32 +1,12 @@
-{ config, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
  imports = [ ./options.nix ];

-  boot.initrd.systemd = {
-    enable = true;
-
-    initrdBin = with pkgs; [
-      coreutils
-      util-linux
-      findutils
-      btrfs-progs
-    ];
-
-    services.impermanence = {
-      description = "Rollback BTRFS subvolumes to a pristine state";
-      wantedBy = [ "initrd.target" ];
-      before = [ "sysroot.mount" ];
-      after = [
-        "cryptsetup.target"
-        "local-fs-pre.target"
-      ];
-      unitConfig.DefaultDependencies = false;
-      serviceConfig.Type = "oneshot";
-      environment.DEVICE = config.environment.impermanence.device;
-      script = builtins.readFile ./scripts/wipe.sh;
-    };
-  };
-
  # uuidgen -r | tr -d -
  # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
  # https://github.com/NixOS/nixpkgs/pull/286140/files
@@ -36,6 +16,8 @@
  fileSystems."/persist".neededForBoot = true;

  environment = {
+    impermanence.enable = true;
+
    etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
      ln -s ${config.sops.secrets."machineId".path} $out
    '';
--- a/hosts/common/configs/system/impermanence/options.nix
+++ b/hosts/common/configs/system/impermanence/options.nix
@@ -1,6 +1,7 @@
 {
  config,
  lib,
+  pkgs,
  utils,
  ...
 }:
@@ -47,12 +48,16 @@ in
    with lib;
    with types;
    {
-      impermanence.device = mkOption {
-        type = str;
-        default = config.disko.devices.disk.main.content.partitions.root.content.content.device;
-        description = ''
-          LUKS BTRFS partition to wipe on boot.
-        '';
+      impermanence = {
+        enable = mkEnableOption "Impermanence";
+
+        device = mkOption {
+          type = str;
+          default = config.disko.devices.disk.main.content.partitions.root.content.content.device;
+          description = ''
+            LUKS BTRFS partition to wipe on boot.
+          '';
+        };
      };

      persistence =
@@ -179,7 +184,32 @@ in
    let
      all = lib.lists.flatten (builtins.concatMap builtins.attrValues (builtins.attrValues cfg));
    in
-    {
+    lib.mkIf config.environment.impermanence.enable {
+      boot.initrd.systemd = {
+        enable = true;
+
+        initrdBin = with pkgs; [
+          coreutils
+          util-linux
+          findutils
+          btrfs-progs
+        ];
+
+        services.impermanence = {
+          description = "Rollback BTRFS subvolumes to a pristine state";
+          wantedBy = [ "initrd.target" ];
+          before = [ "sysroot.mount" ];
+          after = [
+            "cryptsetup.target"
+            "local-fs-pre.target"
+          ];
+          unitConfig.DefaultDependencies = false;
+          serviceConfig.Type = "oneshot";
+          environment.DEVICE = config.environment.impermanence.device;
+          script = builtins.readFile ./scripts/wipe.sh;
+        };
+      };
+
      fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg;

      systemd = {
@@ -244,6 +274,13 @@ in
        );
      };

+      environment.persistence."/persist" = {
+        "/etc/nixos" = { };
+        "/var/lib/nixos" = { };
+        "/var/lib/systemd" = { };
+        "/var/log" = { };
+      };
+
      assertions =
        let
          paths = builtins.map (c: c.path) all;
--- a/hosts/common/configs/system/sops/default.nix
+++ b/hosts/common/configs/system/sops/default.nix
@@ -22,10 +22,13 @@

    age = {
      generateKey = true;
-      sshKeyPaths = [
-        config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source
-      ];
      keyFile = "/var/lib/sops-nix/key.txt";
+
+      sshKeyPaths =
+        if config.environment.impermanence.enable then
+          [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ]
+        else
+          [ "/etc/ssh/ssh_host_ed25519_key" ];
    };
  };
 }
--- a/hosts/common/configs/system/ssh/default.nix
+++ b/hosts/common/configs/system/ssh/default.nix
@@ -6,5 +6,6 @@
    elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
    himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub;
    jupiter.publicKeyFile = ../../../../jupiter/secrets/ssh_host_ed25519_key.pub;
+    jupiter-vps.publicKeyFile = ../../../../jupiter-vps/secrets/ssh_host_ed25519_key.pub;
  };
 }