use btrfs and snapshotting for impermanence

home/default.nix

@@ -5,12 +5,6 @@ in
 {
   programs.fuse.userAllowOther = true;
 
-  fileSystems."/home/${user.primary.userName}" = {
-    device = "tmpfs";
-    fsType = "tmpfs";
-    options = [ "mode=0755" "uid=1000" "gid=100" ];
-  };
-
   home-manager.useUserPackages = true;
   home-manager.useGlobalPkgs = true;
   home-manager.users.${user.primary.userName} = { pkgs, ... }: {
@@ -31,9 +25,11 @@ in
     xdg.mimeApps.enable = true;
     xdg.userDirs.enable = true;
 
-    xdg.desktopEntries."nixos-manual".name = "NixOS Manual";
-    xdg.desktopEntries."nixos-manual".exec = "nixos-help";
-    xdg.desktopEntries."nixos-manual".noDisplay = true;
+    xdg.desktopEntries."nixos-manual" = {
+      name = "NixOS Manual";
+      exec = "nixos-help";
+      noDisplay = true;
+    };
 
     home.stateVersion = "23.05";
   };

hosts/skipper/default.nix

@@ -5,6 +5,7 @@
     ./services
     ./persistence.nix
     ./plymouth.nix
+    ./rollback.nix
     ./secureboot.nix
     ./security.nix
     ./virtualisation.nix

hosts/skipper/hardware/default.nix

@@ -12,6 +12,7 @@
     };
     loader.efi.canTouchEfiVariables = true;
     resumeDevice = "/dev/vg0/swap";
+    supportedFilesystems = [ "btrfs" ];
   };
 
   swapDevices = [{ device = "/dev/vg0/swap"; }];

hosts/skipper/hardware/filesystem.nix

@@ -1,33 +1,38 @@
 { ... }: {
   fileSystems = {
     "/" = {
-      device = "tmpfs";
-      fsType = "tmpfs";
-      options = [ "defaults" "uid=0" "gid=0" "mode=0755" ];
+      device = "/dev/vg0/system";
+      fsType = "btrfs";
+      options = [ "subvol=@root" "compress-force=zstd" "noatime" ];
       neededForBoot = true;
     };
+    "/home" = {
+      device = "/dev/vg0/system";
+      fsType = "btrfs";
+      options = [ "subvol=@home" "compress-force=zstd" "noatime" ];
+    };
     "/nix" = {
       device = "/dev/vg0/system";
       fsType = "btrfs";
-      options = [ "subvol=/@nix" "compress-force=zstd" ];
+      options = [ "subvol=/@nix" "compress-force=zstd" "noatime" ];
       neededForBoot = true;
     };
     "/persist" = {
       device = "/dev/vg0/system";
       fsType = "btrfs";
-      options = [ "subvol=/@persist" "compress-force=zstd" ];
+      options = [ "subvol=/@persist" "compress-force=zstd" "noatime" ];
       neededForBoot = true;
     };
     "/tmp" = {
       device = "/dev/vg0/system";
       fsType = "btrfs";
-      options = [ "subvol=/@tmp" "compress-force=zstd" "nosuid" "nodev" ];
+      options = [ "subvol=/@tmp" "compress-force=zstd" "nosuid" "nodev" "noatime" ];
       neededForBoot = true;
     };
     "/mnt/system" = {
       device = "/dev/vg0/system";
       fsType = "btrfs";
-      options = [ "subvol=/" "compress-force=zstd" ];
+      options = [ "subvol=/" "compress-force=zstd" "noatime" ];
     };
     "/boot" = {
       device = "/dev/disk/by-partlabel/ESP";

hosts/skipper/rollback.nix

@@ -1,27 +1,32 @@
-{ lib, ... }: {
-  boot.initrd.postDeviceCommands = lib.mkBefore ''
-    mkdir -p /mnt
-    mount -o subvol=/ /dev/vg0/system /mnt
+{  ... }: {
+  boot.initrd.systemd.services.rollback = {
+    description = "Rollback root subvolume to blank state";
+    wantedBy = [ "initrd.target" ];
+    after = [ "dev-vg0-system.device" ];
+    before = [ "sysroot.mount" ];
+    unitConfig.DefaultDependencies = "no";
+    serviceConfig.Type = "oneshot";
+    script = ''
+      mkdir -p /mnt
+      mount -o subvol=/ /dev/vg0/system /mnt
 
-    btrfs subvolume list -o /mnt |
-      cut -f9 -d' ' |
-      while read subvolume; do
+      btrfs subvolume list -o /mnt/@root | cut -f9 -d' ' | while read subvolume; do
         echo "deleting /$subvolume subvolume..."
         btrfs subvolume delete "/mnt/$subvolume"
       done &&
-    echo "deleting /root subvolume..." &&
-    btrfs subvolume delete "/mnt/@root"
+      echo "deleting /root subvolume..." &&
+      btrfs subvolume delete "/mnt/@root"
 
+      echo "restoring blank /root subvolume..."
+      btrfs subvolume snapshot "/mnt/@root-blank" "/mnt/@root"
 
-    echo "restoring blank /root subvolume..."
-    btrfs subvolume snapshot /mnt/@root-blank /mnt/@root
+      echo "deleting /home subvolume..."
+      btrfs subvolume delete "/mnt/@home"
 
-    echo "deleting /home subvolume..."
-    btrfs subvolume delete /mnt/@home
+      echo "restoring blank /home subvolume..."
+      btrfs subvolume snapshot "/mnt/@home-blank" "/mnt/@home"
 
-    echo "restoring blank /home subvolume..."
-    btrfs subvolume snapshot /mnt/@home-blank /mnt/@home
-
-    umount /mnt
-  '';
+      umount /mnt
+    '';
+  };
 }