45 lines
1.2 KiB
Nix
45 lines
1.2 KiB
Nix
{ config, pkgs, ... }:
|
|
{
|
|
imports = [ ./options.nix ];
|
|
|
|
boot.initrd.systemd = {
|
|
enable = true;
|
|
|
|
initrdBin = with pkgs; [
|
|
coreutils
|
|
util-linux
|
|
findutils
|
|
btrfs-progs
|
|
];
|
|
|
|
services.impermanence = {
|
|
description = "Rollback BTRFS subvolumes to a pristine state";
|
|
wantedBy = [ "initrd.target" ];
|
|
before = [ "sysroot.mount" ];
|
|
after = [ "cryptsetup.target" ];
|
|
unitConfig.DefaultDependencies = "no";
|
|
serviceConfig.Type = "oneshot";
|
|
script = builtins.readFile ./scripts/wipe.sh;
|
|
};
|
|
};
|
|
|
|
# uuidgen -r | tr -d -
|
|
# https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
|
|
# https://github.com/NixOS/nixpkgs/pull/286140/files
|
|
# https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
|
|
sops.secrets."machineId".mode = "0444";
|
|
|
|
environment = {
|
|
etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
|
|
ln -s ${config.sops.secrets."machineId".path} $out
|
|
'';
|
|
|
|
persistence."/persist" = {
|
|
"/etc/nixos" = { };
|
|
"/var/lib/nixos" = { };
|
|
"/var/lib/systemd" = { };
|
|
"/var/log" = { };
|
|
};
|
|
};
|
|
}
|