From 96ba2614c4560172f24dc30481be26e1bec2668b Mon Sep 17 00:00:00 2001 From: Chris Dombroski Date: Fri, 31 May 2024 20:04:28 -0400 Subject: [PATCH] Impermanence for zeus --- flake.nix | 5 +++- modules/common/sops.nix | 2 +- systems/orangepihole/configuration.nix | 2 -- systems/smolboi/configuration.nix | 3 +-- systems/zeus/configuration.nix | 34 +++++++++++++++++++------ systems/zeus/hardware-configuration.nix | 7 +++++ 6 files changed, 39 insertions(+), 14 deletions(-) diff --git a/flake.nix b/flake.nix index 79dab5d..d3afc64 100644 --- a/flake.nix +++ b/flake.nix @@ -73,7 +73,10 @@ zeus = nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs; }; - modules = [ ./systems/zeus/configuration.nix ]; + modules = [ + impermanence.nixosModules.impermanence + ./systems/zeus/configuration.nix + ]; }; orangepihole = nixpkgs.lib.nixosSystem { system = "aarch64-linux"; diff --git a/modules/common/sops.nix b/modules/common/sops.nix index 6ad329a..26743b9 100644 --- a/modules/common/sops.nix +++ b/modules/common/sops.nix @@ -1,7 +1,7 @@ { inputs, ... }: { imports = [ inputs.sops-nix.nixosModules.sops ]; sops.defaultSopsFile = ../../secrets/secret.yaml; - sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; + sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; sops.age.keyFile = "/var/lib/sops-nix/key.txt"; sops.age.generateKey = true; } diff --git a/systems/orangepihole/configuration.nix b/systems/orangepihole/configuration.nix index 8d1ca93..907ff1c 100644 --- a/systems/orangepihole/configuration.nix +++ b/systems/orangepihole/configuration.nix @@ -10,7 +10,6 @@ boot.loader.grub.enable = false; boot.loader.generic-extlinux-compatible.enable = true; boot.loader.timeout = 1; -# boot.kernelPackages = pkgs.linuxPackages_6_6; boot.tmp.cleanOnBoot = true; networking = { hostName = "orangepihole"; # Define your hostname. @@ -35,7 +34,6 @@ ipv6SendRAConfig.EmitDNS = false; ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }]; }; - sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; zramSwap.enable = true; swapDevices = [{ device = "/persist/swapfile"; diff --git a/systems/smolboi/configuration.nix b/systems/smolboi/configuration.nix index 8b86f8e..be5ce72 100644 --- a/systems/smolboi/configuration.nix +++ b/systems/smolboi/configuration.nix @@ -25,7 +25,6 @@ tmp.cleanOnBoot = true; }; powerManagement.cpuFreqGovernor = "schedutil"; - sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ]; sops.secrets."cdombroski/password" = { neededForUsers = true; sopsFile = ../../secrets/smolboi/users.yaml; @@ -238,7 +237,7 @@ }; }; cursor = { - package = pkgs.breeze-qt5; + package = pkgs.kdePackages.breeze; name = "breeze_cursors"; size = 24; }; diff --git a/systems/zeus/configuration.nix b/systems/zeus/configuration.nix index 80902b2..e84776e 100644 --- a/systems/zeus/configuration.nix +++ b/systems/zeus/configuration.nix @@ -263,14 +263,32 @@ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole" ]; }; - environment.systemPackages = with pkgs; [ - vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. - dive - podman-tui - docker-compose - tcpdump - ethtool - ]; + environment = { + systemPackages = with pkgs; [ + vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default. + dive + podman-tui + docker-compose + tcpdump + ethtool + ]; + persistence."/persist" = { + hideMounts = true; + directories = [ + "/srv/docker" + "/tmp" + "/etc/containers/networks" + ]; + files = [ + "/etc/machine-id" + "/etc/adjtime" + "/etc/ssh/ssh_host_rsa_key" + "/etc/ssh/ssh_host_rsa_key.pub" + "/etc/ssh/ssh_host_ed25519_key" + "/etc/ssh/ssh_host_ed25519_key.pub" + ]; + }; + }; services = { samba = { diff --git a/systems/zeus/hardware-configuration.nix b/systems/zeus/hardware-configuration.nix index 77c4559..961dda8 100644 --- a/systems/zeus/hardware-configuration.nix +++ b/systems/zeus/hardware-configuration.nix @@ -13,8 +13,15 @@ boot.extraModulePackages = [ ]; fileSystems."/" = { + device = "none"; + fsType = "tmpfs"; + options = [ "defaults" "mode=755" ]; + }; + + fileSystems."/persist" = { device = "zroot/root"; fsType = "zfs"; + neededForBoot = true; }; fileSystems."/boot" = {