tuxcord/tuxcord.nix
8
2
Fork 1
Code Issues 13 Pull Requests Actions Packages Projects 1 Releases Wiki Activity
Files
e0bd689d4f59d92f5e2509a3054de3f91c7b39f9
tuxcord.nix/nixos/impermanence.nix
T
ErrorNoInternet a18a871eb3
Check / Nix flake (push) Failing after 10s
Details
Lint / Nix expressions (push) Failing after 12s
Details
nixos/impermanence: remove ssh host key persistence 
The SSH host key files are already defined in the OpenSSH module, so
there is no need to persist them with impermanence.nix.
2026-05-03 22:24:33 -04:00

94 lines
2.3 KiB
Nix
Raw Blame History

{
config,
lib,
pkgs,
...
}:
{
boot.initrd.systemd = {
extraBin = {
"mkdir" = "${pkgs.coreutils}/bin/mkdir";
"date" = "${pkgs.coreutils}/bin/date";
"stat" = "${pkgs.coreutils}/bin/stat";
"mv" = "${pkgs.coreutils}/bin/mv";
"find" = lib.getExe pkgs.findutils;
"btrfs" = lib.getExe pkgs.btrfs-progs;
};
services.impermanence-btrfs-rolling-root = {
unitConfig.DefaultDependencies = false;
serviceConfig.Type = "oneshot";
requiredBy = [ "initrd.target" ];
before = [ "sysroot.mount" ];
requires = [ "initrd-root-device.target" ];
after = [
"initrd-root-device.target"
"local-fs-pre.target"
];
script = ''
mkdir /impermanence_tmp
mount /dev/disk/by-label/${config.host.name} /impermanence_tmp || mount /dev/disk/by-label/NIXOS_SD /impermanence_tmp
timestamp=$(date --date="@$(stat -c %Y /impermanence_tmp/@)" "+%Y-%m-%d_%H:%M:%S")
if [[ -e /impermanence_tmp/@ ]]; then
mkdir -p /impermanence_tmp/roots
mv /impermanence_tmp/@ "/impermanence_tmp/roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/impermanence_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /impermanence_tmp/roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /impermanence_tmp/@
umount /impermanence_tmp
'';
};
};
fileSystems."/persist".neededForBoot = true;
environment.persistence."/persist" = {
enable = true;
hideMounts = true;
directories = [
"/export"
"/mnt"
"/var/db/sudo/lectured"
"/var/lib/nfs"
"/var/lib/nixos"
"/var/lib/systemd/coredump"
"/var/log"
];
files = [
"/etc/machine-id"
];
};
services.openssh.hostKeys =
let
statePath = config.environment.persistence."/persist".persistentStoragePath + "/etc/ssh";
in
[
{
path = statePath + "/ssh_host_rsa_key";
type = "rsa";
bits = 4096;
}
{
path = statePath + "/ssh_host_ed25519_key";
type = "ed25519";
}
];
}
Reference in New Issue View Git Blame Copy Permalink