From 26457aa7e909d016768b098617e9fb26e0cf8473 Mon Sep 17 00:00:00 2001 From: Adithya Nair Date: Wed, 26 Apr 2023 22:57:32 +0530 Subject: [PATCH] use btrfs and snapshotting for impermanence --- home/default.nix | 14 ++++----- hosts/skipper/default.nix | 1 + hosts/skipper/hardware/default.nix | 1 + hosts/skipper/hardware/filesystem.nix | 19 ++++++++----- hosts/skipper/rollback.nix | 41 +++++++++++++++------------ 5 files changed, 42 insertions(+), 34 deletions(-) diff --git a/home/default.nix b/home/default.nix index 7a7b18c..dac1521 100644 --- a/home/default.nix +++ b/home/default.nix @@ -5,12 +5,6 @@ in { programs.fuse.userAllowOther = true; - fileSystems."/home/${user.primary.userName}" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "mode=0755" "uid=1000" "gid=100" ]; - }; - home-manager.useUserPackages = true; home-manager.useGlobalPkgs = true; home-manager.users.${user.primary.userName} = { pkgs, ... }: { @@ -31,9 +25,11 @@ in xdg.mimeApps.enable = true; xdg.userDirs.enable = true; - xdg.desktopEntries."nixos-manual".name = "NixOS Manual"; - xdg.desktopEntries."nixos-manual".exec = "nixos-help"; - xdg.desktopEntries."nixos-manual".noDisplay = true; + xdg.desktopEntries."nixos-manual" = { + name = "NixOS Manual"; + exec = "nixos-help"; + noDisplay = true; + }; home.stateVersion = "23.05"; }; diff --git a/hosts/skipper/default.nix b/hosts/skipper/default.nix index 6d8ae31..b1ce298 100644 --- a/hosts/skipper/default.nix +++ b/hosts/skipper/default.nix @@ -5,6 +5,7 @@ ./services ./persistence.nix ./plymouth.nix + ./rollback.nix ./secureboot.nix ./security.nix ./virtualisation.nix diff --git a/hosts/skipper/hardware/default.nix b/hosts/skipper/hardware/default.nix index 31dfb00..0873d49 100644 --- a/hosts/skipper/hardware/default.nix +++ b/hosts/skipper/hardware/default.nix @@ -12,6 +12,7 @@ }; loader.efi.canTouchEfiVariables = true; resumeDevice = "/dev/vg0/swap"; + supportedFilesystems = [ "btrfs" ]; }; swapDevices = [{ device = "/dev/vg0/swap"; }]; diff --git a/hosts/skipper/hardware/filesystem.nix b/hosts/skipper/hardware/filesystem.nix index 18a2afe..946d1d7 100644 --- a/hosts/skipper/hardware/filesystem.nix +++ b/hosts/skipper/hardware/filesystem.nix @@ -1,33 +1,38 @@ { ... }: { fileSystems = { "/" = { - device = "tmpfs"; - fsType = "tmpfs"; - options = [ "defaults" "uid=0" "gid=0" "mode=0755" ]; + device = "/dev/vg0/system"; + fsType = "btrfs"; + options = [ "subvol=@root" "compress-force=zstd" "noatime" ]; neededForBoot = true; }; + "/home" = { + device = "/dev/vg0/system"; + fsType = "btrfs"; + options = [ "subvol=@home" "compress-force=zstd" "noatime" ]; + }; "/nix" = { device = "/dev/vg0/system"; fsType = "btrfs"; - options = [ "subvol=/@nix" "compress-force=zstd" ]; + options = [ "subvol=/@nix" "compress-force=zstd" "noatime" ]; neededForBoot = true; }; "/persist" = { device = "/dev/vg0/system"; fsType = "btrfs"; - options = [ "subvol=/@persist" "compress-force=zstd" ]; + options = [ "subvol=/@persist" "compress-force=zstd" "noatime" ]; neededForBoot = true; }; "/tmp" = { device = "/dev/vg0/system"; fsType = "btrfs"; - options = [ "subvol=/@tmp" "compress-force=zstd" "nosuid" "nodev" ]; + options = [ "subvol=/@tmp" "compress-force=zstd" "nosuid" "nodev" "noatime" ]; neededForBoot = true; }; "/mnt/system" = { device = "/dev/vg0/system"; fsType = "btrfs"; - options = [ "subvol=/" "compress-force=zstd" ]; + options = [ "subvol=/" "compress-force=zstd" "noatime" ]; }; "/boot" = { device = "/dev/disk/by-partlabel/ESP"; diff --git a/hosts/skipper/rollback.nix b/hosts/skipper/rollback.nix index 94e76b4..94c65ed 100644 --- a/hosts/skipper/rollback.nix +++ b/hosts/skipper/rollback.nix @@ -1,27 +1,32 @@ -{ lib, ... }: { - boot.initrd.postDeviceCommands = lib.mkBefore '' - mkdir -p /mnt - mount -o subvol=/ /dev/vg0/system /mnt +{ ... }: { + boot.initrd.systemd.services.rollback = { + description = "Rollback root subvolume to blank state"; + wantedBy = [ "initrd.target" ]; + after = [ "dev-vg0-system.device" ]; + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = '' + mkdir -p /mnt + mount -o subvol=/ /dev/vg0/system /mnt - btrfs subvolume list -o /mnt | - cut -f9 -d' ' | - while read subvolume; do + btrfs subvolume list -o /mnt/@root | cut -f9 -d' ' | while read subvolume; do echo "deleting /$subvolume subvolume..." btrfs subvolume delete "/mnt/$subvolume" done && - echo "deleting /root subvolume..." && - btrfs subvolume delete "/mnt/@root" + echo "deleting /root subvolume..." && + btrfs subvolume delete "/mnt/@root" + echo "restoring blank /root subvolume..." + btrfs subvolume snapshot "/mnt/@root-blank" "/mnt/@root" - echo "restoring blank /root subvolume..." - btrfs subvolume snapshot /mnt/@root-blank /mnt/@root + echo "deleting /home subvolume..." + btrfs subvolume delete "/mnt/@home" - echo "deleting /home subvolume..." - btrfs subvolume delete /mnt/@home + echo "restoring blank /home subvolume..." + btrfs subvolume snapshot "/mnt/@home-blank" "/mnt/@home" - echo "restoring blank /home subvolume..." - btrfs subvolume snapshot /mnt/@home-blank /mnt/@home - - umount /mnt - ''; + umount /mnt + ''; + }; }