Graduate eirene

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
2025-05-29 19:05:37 +01:00
parent 9273514e2a
commit fba4691ae0
33 changed files with 189 additions and 842 deletions
--- a/hosts/common/configs/system/impermanence/default.nix
+++ b/hosts/common/configs/system/impermanence/default.nix
@@ -1,4 +1,9 @@
-{ config, pkgs, ... }:
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
 {
  imports = [ ./options.nix ];

@@ -8,22 +13,11 @@
  # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
  sops.secrets.machineId.mode = "0444";

-  fileSystems."/persist".neededForBoot = true;
-
  environment = {
    impermanence.enable = true;

    etc.machine-id.source = pkgs.runCommandLocal "machine-id-link" { } ''
      ln -s ${config.sops.secrets.machineId.path} $out
    '';
-
-    persistence = {
-      "/persist/user"."/etc/nixos" = { };
-      "/persist/state" = {
-        "/var/lib/nixos" = { };
-        "/var/lib/systemd" = { };
-        "/var/log" = { };
-      };
-    };
  };
 }
--- a/hosts/common/configs/system/impermanence/options.nix
+++ b/hosts/common/configs/system/impermanence/options.nix
@@ -210,8 +210,6 @@ in
        };
      };

-      fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg;
-
      systemd = {
        mounts = builtins.map (c: {
          description = c.path;
@@ -274,11 +272,17 @@ in
        );
      };

-      environment.persistence."/persist" = {
-        "/etc/nixos" = { };
-        "/var/lib/nixos" = { };
-        "/var/lib/systemd" = { };
-        "/var/log" = { };
+      fileSystems = builtins.mapAttrs (_: _: { neededForBoot = true; }) cfg // {
+        "/persist".neededForBoot = true;
+      };
+
+      environment.persistence = {
+        "/persist/user"."/etc/nixos" = { };
+        "/persist/state" = {
+          "/var/lib/nixos" = { };
+          "/var/lib/systemd" = { };
+          "/var/log" = { };
+        };
      };

      assertions =
--- a/hosts/common/configs/system/sops/default.nix
+++ b/hosts/common/configs/system/sops/default.nix
@@ -26,7 +26,7 @@

      sshKeyPaths =
        if config.environment.impermanence.enable then
-          [ config.environment.persistence."/persist"."/etc/ssh/ssh_host_ed25519_key".source ]
+          [ config.environment.persistence."/persist/state"."/etc/ssh/ssh_host_ed25519_key".source ]
        else
          [ "/etc/ssh/ssh_host_ed25519_key" ];
    };
--- a/hosts/common/configs/system/ssh/default.nix
+++ b/hosts/common/configs/system/ssh/default.nix
@@ -2,7 +2,6 @@
 {
  programs.ssh.knownHosts = {
    installer.publicKeyFile = ../../../../installer/secrets/ssh_host_ed25519_key.pub;
-    eirene.publicKeyFile = ../../../../eirene/secrets/ssh_host_ed25519_key.pub;
    elara.publicKeyFile = ../../../../elara/secrets/ssh_host_ed25519_key.pub;
    himalia.publicKeyFile = ../../../../himalia/secrets/ssh_host_ed25519_key.pub;