mirror of
https://github.com/ryan4yin/nix-config.git
synced 2026-04-27 02:18:28 +02:00
8690978d7e
* feat: replace impermanence with preservation * fix: This module cannot be used with scripted initrd. * fix: permission for /var/lib/private * chore: boot.initrd.systemd.enable * docs: boot.initrd.luks.devices.<name>.fallbackToPassword is implied by systemd stage 1 * fix: typo
59 lines
1.4 KiB
Nix
59 lines
1.4 KiB
Nix
{
|
|
impermanence,
|
|
pkgs,
|
|
...
|
|
}: {
|
|
# TODO: migrate from impermanence to preservation.
|
|
# Currently initrd do not support read password from devices:
|
|
# boot.initrd.luks.devices.<name>.fallbackToPassword is implied by systemd stage 1.
|
|
#
|
|
# https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/system/boot/luksroot.nix
|
|
imports = [
|
|
impermanence.nixosModules.impermanence
|
|
];
|
|
|
|
environment.systemPackages = [
|
|
# `sudo ncdu -x /`
|
|
pkgs.ncdu
|
|
];
|
|
|
|
# NOTE: impermanence only mounts the directory/file list below to /persistent
|
|
# If the directory/file already exists in the root filesystem, you should
|
|
# move those files/directories to /persistent first!
|
|
environment.persistence."/persistent" = {
|
|
# sets the mount option x-gvfs-hide on all the bind mounts
|
|
# to hide them from the file manager
|
|
hideMounts = true;
|
|
directories = [
|
|
"/etc/NetworkManager/system-connections"
|
|
"/etc/ssh"
|
|
"/etc/nix/inputs"
|
|
"/etc/secureboot" # lanzaboote - secure boot
|
|
# my secrets
|
|
"/etc/agenix/"
|
|
|
|
"/var/log"
|
|
"/var/lib"
|
|
|
|
# k3s related
|
|
"/etc/iscsi"
|
|
"/etc/rancher"
|
|
];
|
|
files = [
|
|
"/etc/machine-id"
|
|
];
|
|
|
|
# the following directories will be passed to /persistent/home/$USER
|
|
users.ryan = {
|
|
directories = [
|
|
"codes"
|
|
"nix-config"
|
|
"tmp"
|
|
];
|
|
files = [
|
|
".config/nushell/history.txt"
|
|
];
|
|
};
|
|
};
|
|
}
|