maurice/snix
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat(tazjin/tverskoy): Configure ephemeral home bind-mounts

Browse source 
Uses the impermanence module to configure the bind-mounts for the few
applications that are allowed to persist stuff between boots.

For now this setup uses ZFS rollbacks to get /home back into a clean
state, where the `tazjin-clean` snapshot is a partition with only the
`/home/tazjin` folder and the correct partitions on it.

This gives me enough scratch space to e.g. download stuff larger than
my RAM without accumulating state.

Change-Id: I7cdb2276f087ea62201690cb8b36ae074203f87c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2623
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
This commit is contained in:
Vincent Ambo 2021-03-21 04:21:16 +02:00 committed by tazjin
parent 2b42afa800
commit 13a43a6392
1 changed files with 44 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

43
users/tazjin/nixos/tverskoy/default.nix
View file

@ -19,11 +19,18 @@ config: let
in lib.fix(self: { in lib.fix(self: {
imports = [ imports = [
"${depot.third_party.impermanence}/nixos.nix" "${depot.third_party.impermanence}/nixos.nix"
"${nixpkgs.home-manager.src}/nixos"
]; ];
boot = { boot = {
initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
initrd.kernelModules = [ ]; initrd.kernelModules = [ ];
# Restore /home to the blank snapshot, erasing all ephemeral data.
initrd.postDeviceCommands = lib.mkAfter ''
zfs rollback -r zpool/ephemeral/home@tazjin-clean
'';
kernelModules = [ "kvm-amd" ]; kernelModules = [ "kvm-amd" ];
extraModulePackages = [ ]; extraModulePackages = [ ];
kernelPackages = nixpkgs.linuxPackages_latest; kernelPackages = nixpkgs.linuxPackages_latest;
@ -156,6 +163,7 @@ in lib.fix(self: {
users.users.tazjin = { users.users.tazjin = {
isNormalUser = true; isNormalUser = true;
createHome = true;
extraGroups = [ "wheel" "networkmanager" ]; extraGroups = [ "wheel" "networkmanager" ];
uid = 1000; uid = 1000;
shell = nixpkgs.fish; shell = nixpkgs.fish;
@ -164,6 +172,9 @@ in lib.fix(self: {
programs = { programs = {
light.enable = true; light.enable = true;
# Required by impermanence
fuse.userAllowOther = true;
}; };
environment.systemPackages = environment.systemPackages =
@ -216,5 +227,37 @@ in lib.fix(self: {
xsecurelock xsecurelock
]); ]);
home-manager.useGlobalPkgs = true;
home-manager.users.tazjin = { config, lib, ... }: {
imports = [ "${depot.third_party.impermanence}/home-manager.nix" ];
home.persistence."/persist/tazjin/home" = {
allowOther = true;
directories = [
".config/google-chrome"
".config/quassel-irc.org"
".config/spotify"
".gnupg"
".local/share/direnv"
".local/share/fish/"
".password-store"
".ssh"
".telega"
"mail"
];
files = [
".notmuch-config"
];
};
programs.git = {
enable = true;
userName = "Vincent Ambo";
userEmail = "mail@tazj.in";
};
};
system.stateVersion = "20.09"; system.stateVersion = "20.09";
}) })