starred/nix-config-ryan4yin
1
0
Fork 0
mirror of https://github.com/ryan4yin/nix-config.git synced 2026-04-25 17:38:29 +02:00
Code Issues Packages Projects Releases 10 Wiki Activity
Files
c231ba66f881c06efd17c2a9b65d8983eff36833
nix-config-ryan4yin/hosts/k8s/kubevirt-shoryu/preservation.nix
Ryan Yin c231ba66f8 chore: nushell do not use history.txt now
2025-07-16 23:00:23 +08:00

103 lines
2.8 KiB
Nix
Raw Blame History

{
preservation,
pkgs,
myvars,
...
}: let
inherit (myvars) username;
in {
imports = [
preservation.nixosModules.default
];
preservation.enable = true;
boot.initrd.systemd.enable = true;
environment.systemPackages = [
# `sudo ncdu -x /`
pkgs.ncdu
];
# NOTE: `preservation` only mounts the directory/file list below to /persistent
# If the directory/file already exists in the root filesystem you should
# move those files/directories to /persistent first!
preservation.preserveAt."/persistent" = {
directories = [
"/etc/NetworkManager/system-connections"
"/etc/ssh"
"/etc/nix/inputs"
"/etc/secureboot" # lanzaboote - secure boot
# my secrets
"/etc/agenix/"
"/var/log"
"/var/lib"
# k3s related
"/etc/iscsi"
"/etc/rancher"
];
files = [
# auto-generated machine ID
{
file = "/etc/machine-id";
inInitrd = true;
}
];
# the following directories will be passed to /persistent/home/$USER
users.${username} = {
directories = [
"codes"
"nix-config"
"tmp"
];
};
};
# Create some directories with custom permissions.
#
# In this configuration the path `/home/butz/.local` is not an immediate parent
# of any persisted file so it would be created with the systemd-tmpfiles default
# ownership `root:root` and mode `0755`. This would mean that the user `butz`
# could not create other files or directories inside `/home/butz/.local`.
#
# Therefore systemd-tmpfiles is used to prepare such directories with
# appropriate permissions.
#
# Note that immediate parent directories of persisted files can also be
# configured with ownership and permissions from the `parent` settings if
# `configureParent = true` is set for the file.
systemd.tmpfiles.settings.preservation = let
permission = {
user = username;
group = "users";
mode = "0755";
};
in {
"/home/${username}/.config".d = permission;
"/home/${username}/.local".d = permission;
"/home/${username}/.local/share".d = permission;
"/home/${username}/.local/state".d = permission;
"/home/${username}/.terraform.d".d = permission;
};
# systemd-machine-id-commit.service would fail but it is not relevant
# in this specific setup for a persistent machine-id so we disable it
#
# see the firstboot example below for an alternative approach
systemd.suppressedSystemUnits = ["systemd-machine-id-commit.service"];
# let the service commit the transient ID to the persistent volume
systemd.services.systemd-machine-id-commit = {
unitConfig.ConditionPathIsMountPoint = [
""
"/persistent/etc/machine-id"
];
serviceConfig.ExecStart = [
""
"systemd-machine-id-setup --commit --root /persistent"
];
};
}
Reference in New Issue View Git Blame Copy Permalink