feat(tazjin/tverskoy): Configure ephemeral home bind-mounts

Uses the impermanence module to configure the bind-mounts for the few applications that are allowed to persist stuff between boots. For now this setup uses ZFS rollbacks to get /home back into a clean state, where the `tazjin-clean` snapshot is a partition with only the `/home/tazjin` folder and the correct partitions on it. This gives me enough scratch space to e.g. download stuff larger than my RAM without accumulating state. Change-Id: I7cdb2276f087ea62201690cb8b36ae074203f87c Reviewed-on: https://cl.tvl.fyi/c/depot/+/2623 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
2021-03-21 04:21:16 +02:00 · 2021-03-21 04:21:16 +02:00 · 13a43a6392
commit 13a43a6392
parent 2b42afa800
1 changed files with 44 additions and 1 deletions
--- a/users/tazjin/nixos/tverskoy/default.nix
+++ b/users/tazjin/nixos/tverskoy/default.nix
@ -19,11 +19,18 @@ config: let
 in lib.fix(self: {
  imports = [
    "${depot.third_party.impermanence}/nixos.nix"
+    "${nixpkgs.home-manager.src}/nixos"
  ];

  boot = {
    initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
    initrd.kernelModules = [ ];
+
+    # Restore /home to the blank snapshot, erasing all ephemeral data.
+    initrd.postDeviceCommands = lib.mkAfter ''
+      zfs rollback -r zpool/ephemeral/home@tazjin-clean
+    '';
+
    kernelModules = [ "kvm-amd" ];
    extraModulePackages = [ ];
    kernelPackages = nixpkgs.linuxPackages_latest;
@ -156,6 +163,7 @@ in lib.fix(self: {

  users.users.tazjin = {
    isNormalUser = true;
+    createHome = true;
    extraGroups = [ "wheel" "networkmanager" ];
    uid = 1000;
    shell = nixpkgs.fish;
@ -164,6 +172,9 @@ in lib.fix(self: {

  programs = {
    light.enable = true;
+
+    # Required by impermanence
+    fuse.userAllowOther = true;
  };

  environment.systemPackages =
@ -216,5 +227,37 @@ in lib.fix(self: {
      xsecurelock
    ]);

-  system.stateVersion = "20.09";
+    home-manager.useGlobalPkgs = true;
+    home-manager.users.tazjin = { config, lib, ... }: {
+      imports = [ "${depot.third_party.impermanence}/home-manager.nix" ];
+
+      home.persistence."/persist/tazjin/home" = {
+        allowOther = true;
+
+        directories = [
+          ".config/google-chrome"
+          ".config/quassel-irc.org"
+          ".config/spotify"
+          ".gnupg"
+          ".local/share/direnv"
+          ".local/share/fish/"
+          ".password-store"
+          ".ssh"
+          ".telega"
+          "mail"
+        ];
+
+        files = [
+          ".notmuch-config"
+        ];
+      };
+
+      programs.git = {
+        enable = true;
+        userName = "Vincent Ambo";
+        userEmail = "mail@tazj.in";
+      };
+    };
+
+    system.stateVersion = "20.09";
 })