49 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
			
		
		
	
	
			49 lines
		
	
	
		
			1.3 KiB
		
	
	
	
		
			Nix
		
	
	
	
	
	
| { config, pkgs, ... }:
 | |
| {
 | |
|   imports = [ ./options.nix ];
 | |
| 
 | |
|   boot.initrd.systemd = {
 | |
|     enable = true;
 | |
| 
 | |
|     initrdBin = with pkgs; [
 | |
|       coreutils
 | |
|       util-linux
 | |
|       findutils
 | |
|       btrfs-progs
 | |
|     ];
 | |
| 
 | |
|     services.impermanence = {
 | |
|       description = "Rollback BTRFS subvolumes to a pristine state";
 | |
|       wantedBy = [ "initrd.target" ];
 | |
|       before = [ "sysroot.mount" ];
 | |
|       after = [
 | |
|         "cryptsetup.target"
 | |
|         "local-fs-pre.target"
 | |
|       ];
 | |
|       unitConfig.DefaultDependencies = false;
 | |
|       serviceConfig.Type = "oneshot";
 | |
|       environment.DEVICE = config.environment.impermanence.device;
 | |
|       script = builtins.readFile ./scripts/wipe.sh;
 | |
|     };
 | |
|   };
 | |
| 
 | |
|   # uuidgen -r | tr -d -
 | |
|   # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
 | |
|   # https://github.com/NixOS/nixpkgs/pull/286140/files
 | |
|   # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
 | |
|   sops.secrets."machineId".mode = "0444";
 | |
| 
 | |
|   environment = {
 | |
|     etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
 | |
|       ln -s ${config.sops.secrets."machineId".path} $out
 | |
|     '';
 | |
| 
 | |
|     persistence."/persist" = {
 | |
|       "/etc/nixos" = { };
 | |
|       "/var/lib/nixos" = { };
 | |
|       "/var/lib/systemd" = { };
 | |
|       "/var/log" = { };
 | |
|     };
 | |
|   };
 | |
| }
 |