From f0d56df191506504488fbee123c3f8d8efb691df Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 13:06:13 +0200 Subject: [PATCH 01/10] Addid disko config for zfs --- flake.nix | 6 ++++++ profiles/disko/vm.nix | 48 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 54 insertions(+) create mode 100644 profiles/disko/vm.nix diff --git a/flake.nix b/flake.nix index 131919f..bcd520d 100644 --- a/flake.nix +++ b/flake.nix @@ -2,9 +2,15 @@ description = "System configuration for NixOS"; inputs = { + # General inputs nixpkgs.url = "github:nixos/nixpkgs/nixpkgs-unstable"; home-manager.url = "github:nix-community/home-manager"; home-manager.inputs.nixpkgs.follows = "nixpkgs"; + disko.url = "github:nix-community/disko"; + disko.inputs.nixpkgs.follows = "nixpkgs"; + impermanence.url = "github:nix-community/impermanence"; + + # For Minecraft VM nix-minecraft.url = "github:Jan-Bulthuis/nix-minecraft"; nix-minecraft.inputs.nixpkgs.follows = "nixpkgs"; nix-modpack.url = "github:Jan-Bulthuis/nix-modpack"; diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix new file mode 100644 index 0000000..58bfe01 --- /dev/null +++ b/profiles/disko/vm.nix @@ -0,0 +1,48 @@ +{ + disko.devices = { + disk = { + main = { + type = "disk"; + content = { + type = "gpt"; + partitions = { + boot = { + size = "512M"; + type = "EF00"; + content = { + type = "filesystem"; + format = "vfat"; + mountpoint = "/boot"; + mountOptions = [ "umask=0077" ]; + }; + }; + zfs = { + size = "100%"; + content = { + type = "zfs"; + pool = "tank"; + }; + }; + }; + }; + }; + }; + zpool = { + tank = { + type = "zpool"; + rootFsOptions = { + compression = "zstd"; + }; + mountpoint = "none"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + + datasets = { + root = { + type = "zfs_fs"; + mountpoint = "/"; + }; + }; + }; + }; + }; +} From 51ab89cd98f03c223c1fe7e0f17d063862829c26 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 14:19:19 +0200 Subject: [PATCH 02/10] Better disko setup --- flake.lock | 37 +++++++++++++++++++++++++++++++++++++ modules/nixos/disko.nix | 24 ++++++++++++++++++++++++ profiles/disko/vm.nix | 10 +++++++++- profiles/nixos/vm.nix | 22 +++++++--------------- 4 files changed, 77 insertions(+), 16 deletions(-) create mode 100644 modules/nixos/disko.nix diff --git a/flake.lock b/flake.lock index cd645d1..cab0620 100644 --- a/flake.lock +++ b/flake.lock @@ -1,5 +1,25 @@ { "nodes": { + "disko": { + "inputs": { + "nixpkgs": [ + "nixpkgs" + ] + }, + "locked": { + "lastModified": 1748225455, + "narHash": "sha256-AzlJCKaM4wbEyEpV3I/PUq5mHnib2ryEy32c+qfj6xk=", + "owner": "nix-community", + "repo": "disko", + "rev": "a894f2811e1ee8d10c50560551e50d6ab3c392ba", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "disko", + "type": "github" + } + }, "flake-compat": { "flake": false, "locked": { @@ -54,6 +74,21 @@ "type": "github" } }, + "impermanence": { + "locked": { + "lastModified": 1737831083, + "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=", + "owner": "nix-community", + "repo": "impermanence", + "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "impermanence", + "type": "github" + } + }, "nix-minecraft": { "inputs": { "flake-compat": "flake-compat", @@ -114,7 +149,9 @@ }, "root": { "inputs": { + "disko": "disko", "home-manager": "home-manager", + "impermanence": "impermanence", "nix-minecraft": "nix-minecraft", "nix-modpack": "nix-modpack", "nixpkgs": "nixpkgs" diff --git a/modules/nixos/disko.nix b/modules/nixos/disko.nix new file mode 100644 index 0000000..dbdbc36 --- /dev/null +++ b/modules/nixos/disko.nix @@ -0,0 +1,24 @@ +{ + lib, + config, + inputs, + ... +}: + +with lib; +let + cfg = config.modules.disko; + profile = import "${inputs.self}/profiles/disko/${cfg.profile}.nix"; +in +{ + options.modules.disko = { + enable = mkEnableOption "Disko module"; + profile = mkOption { + type = types.str; + default = null; + description = "The profile to use for the disko module."; + }; + }; + + config = mkIf cfg.enable { disko.devices = profile.disko.devices; }; +} diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 58bfe01..9c3446c 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -33,7 +33,7 @@ rootFsOptions = { compression = "zstd"; }; - mountpoint = "none"; + mountpoint = null; postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; datasets = { @@ -41,6 +41,14 @@ type = "zfs_fs"; mountpoint = "/"; }; + nix = { + type = "zfs_fs"; + mountpoint = "/nix"; + }; + persist = { + type = "zfs_fs"; + mountpoint = "/persist"; + }; }; }; }; diff --git a/profiles/nixos/vm.nix b/profiles/nixos/vm.nix index 8a52ff6..6314d6d 100644 --- a/profiles/nixos/vm.nix +++ b/profiles/nixos/vm.nix @@ -19,6 +19,10 @@ in # Enabled modules modules = { profiles.base.enable = true; + disko = { + enable = true; + profile = "vm"; + }; ssh.enable = true; }; @@ -36,6 +40,9 @@ in # Machine platform nixpkgs.hostPlatform = "x86_64-linux"; + # Set hostid + networking.hostId = "deadbeef"; + # Hardware configuration hardware.enableRedistributableFirmware = true; boot.initrd.availableKernelModules = [ @@ -51,21 +58,6 @@ in boot.extraModulePackages = [ ]; hardware.cpu.intel.updateMicrocode = true; - # Filesystems - fileSystems."/" = { - device = "/dev/disk/by-partlabel/root"; - fsType = "ext4"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-partlabel/EFI"; - fsType = "vfat"; - options = [ - "fmask=0077" - "dmask=0077" - ]; - }; - # Swapfile swapDevices = [ { From 43f472fe88e7aeacb49b386ac3bff0cc608fa212 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 14:36:07 +0200 Subject: [PATCH 03/10] Fixed reference to incorrect zfs pool --- profiles/disko/vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 9c3446c..572913d 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -34,7 +34,7 @@ compression = "zstd"; }; mountpoint = null; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^zroot@blank$' || zfs snapshot zroot@blank"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^tank@blank$' || zfs snapshot tank@blank"; datasets = { root = { From 793015646dc5aef6681bdf48706e0d45cfefa826 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 15:10:10 +0200 Subject: [PATCH 04/10] Updated base vm config --- profiles/disko/vm.nix | 2 +- profiles/nixos/vm.nix | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 572913d..4d64883 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -34,7 +34,7 @@ compression = "zstd"; }; mountpoint = null; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^tank@blank$' || zfs snapshot tank@blank"; + postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^tank@blank$' || zfs snapshot -r tank@blank && zfs holds -r tank@blank"; datasets = { root = { diff --git a/profiles/nixos/vm.nix b/profiles/nixos/vm.nix index 6314d6d..c07cd0c 100644 --- a/profiles/nixos/vm.nix +++ b/profiles/nixos/vm.nix @@ -28,6 +28,7 @@ in # Admin users users.users.local = { + initialPassword = "local"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxoQSxfYqf9ITN8Fhckk8WbY4dwtBAXOhC9jxihJvq jan@bulthuis.dev" @@ -40,7 +41,7 @@ in # Machine platform nixpkgs.hostPlatform = "x86_64-linux"; - # Set hostid + # Set hostid for ZFS networking.hostId = "deadbeef"; # Hardware configuration From b8a607c3d09918975873894fb33f9647a0debfb7 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 15:31:46 +0200 Subject: [PATCH 05/10] Fixed hold command --- profiles/disko/vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 4d64883..8117b7f 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -34,7 +34,7 @@ compression = "zstd"; }; mountpoint = null; - postCreateHook = "zfs list -t snapshot -H -o name | grep -E '^tank@blank$' || zfs snapshot -r tank@blank && zfs holds -r tank@blank"; + postCreateHook = "zfs snapshot -r tank@blank && zfs holds -r blank tank@blank"; datasets = { root = { From 01021d179d211b151c173828aeb76b116f54edc8 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 15:49:24 +0200 Subject: [PATCH 06/10] Fixed hold command --- profiles/disko/vm.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 8117b7f..2035785 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -34,7 +34,7 @@ compression = "zstd"; }; mountpoint = null; - postCreateHook = "zfs snapshot -r tank@blank && zfs holds -r blank tank@blank"; + postCreateHook = "zfs snapshot -r tank@blank && zfs hold -r blank tank@blank"; datasets = { root = { From b0a8874a93d73e0719e8376bd280278cfe2757e4 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 16:34:24 +0200 Subject: [PATCH 07/10] Set up impermanence --- modules/home/utilities/impermanence.nix | 34 ++++++++++++++++++++ modules/nixos/impermanence.nix | 42 +++++++++++++++++++++++++ profiles/nixos/vm.nix | 8 +++++ 3 files changed, 84 insertions(+) create mode 100644 modules/home/utilities/impermanence.nix create mode 100644 modules/nixos/impermanence.nix diff --git a/modules/home/utilities/impermanence.nix b/modules/home/utilities/impermanence.nix new file mode 100644 index 0000000..a7bb2a7 --- /dev/null +++ b/modules/home/utilities/impermanence.nix @@ -0,0 +1,34 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.impermanence; +in +{ + options.modules.impermanence = { + enable = mkEnableOption "Impermanence"; + directories = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Directories that should be stored in persistent storage. + ''; + }; + files = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Files that should be stored in persistent storage. + ''; + }; + }; + + config = mkIf cfg.enable { + home.persistence."/persist/home" = { + enable = true; + hideMounts = true; + directories = cfg.directories; + files = cfg.files; + }; + }; +} diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix new file mode 100644 index 0000000..b0ff42f --- /dev/null +++ b/modules/nixos/impermanence.nix @@ -0,0 +1,42 @@ +{ lib, config, ... }: + +with lib; +let + cfg = config.modules.impermanence; +in +{ + options.modules.impermanence = { + enable = mkEnableOption "Impermanence"; + directories = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Directories that should be stored in persistent storage. + ''; + }; + files = mkOption { + type = types.listOf types.str; + default = [ ]; + description = '' + Files that should be stored in persistent storage. + ''; + }; + resetScript = mkOption { + type = types.lines; + description = '' + Script to run on boot that resets the root partition. + ''; + }; + }; + + config = mkIf cfg.enable { + boot.initrd.postResumeCommands = mkAfter cfg.resetScript; + + environment.persistence."/persist/system" = { + enable = true; + hideMounts = true; + directories = cfg.directories; + files = cfg.files; + }; + }; +} diff --git a/profiles/nixos/vm.nix b/profiles/nixos/vm.nix index c07cd0c..341a139 100644 --- a/profiles/nixos/vm.nix +++ b/profiles/nixos/vm.nix @@ -23,6 +23,14 @@ in enable = true; profile = "vm"; }; + impermanence = { + enable = true; + directories = [ "/var/lib/nixos" ]; + resetScript = '' + # Revert to the blank state for the root directory + zfs rollback -r tank/root@blank + ''; + }; ssh.enable = true; }; From 85c962fd6d8de7db03bdbb863f962d2af1f7e2c0 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 17:04:58 +0200 Subject: [PATCH 08/10] Updated REAME.md --- README.md | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 8879e7f..1f6aef3 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,10 @@ My NixOS configuration. -## Usage +## Installation -Clone the repository to some directory. And build with `sudo nixos-rebuild switch --flake /directory/containing/flake.nix/`. \ No newline at end of file +For disk configuration we use disko, this means that installing the system from the configuration is just a single command: + +``` +sudo nix --experimental-features "nix-command flakes" run "github:nix-community/disko/latest#disko-install" -- --flake git+https://git.bulthuis.dev/Jan/dotfiles# --disk main /dev/sda +``` \ No newline at end of file From 81c37abadd8835853e8ef89eb810c4c082658187 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 17:05:15 +0200 Subject: [PATCH 09/10] Fixed impermanence not mounting persist --- modules/home/utilities/impermanence.nix | 3 ++- modules/nixos/impermanence.nix | 4 ++++ 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/modules/home/utilities/impermanence.nix b/modules/home/utilities/impermanence.nix index a7bb2a7..336549a 100644 --- a/modules/home/utilities/impermanence.nix +++ b/modules/home/utilities/impermanence.nix @@ -24,9 +24,10 @@ in }; config = mkIf cfg.enable { - home.persistence."/persist/home" = { + home.persistence."/persist/home/${config.home.username}" = { enable = true; hideMounts = true; + allowOther = true; directories = cfg.directories; files = cfg.files; }; diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix index b0ff42f..9983ae5 100644 --- a/modules/nixos/impermanence.nix +++ b/modules/nixos/impermanence.nix @@ -30,8 +30,12 @@ in }; config = mkIf cfg.enable { + fileSystems."/persist".neededForBoot = true; boot.initrd.postResumeCommands = mkAfter cfg.resetScript; + # For home-manager persistence + programs.fuse.userAllowOther = true; + environment.persistence."/persist/system" = { enable = true; hideMounts = true; From 68c241f31ac9b80b754daad1ec24f54db3eed33e Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Thu, 29 May 2025 18:32:08 +0200 Subject: [PATCH 10/10] Changed location of some persistence files --- profiles/nixos/base.nix | 8 ++++++++ profiles/nixos/vm.nix | 3 +-- 2 files changed, 9 insertions(+), 2 deletions(-) diff --git a/profiles/nixos/base.nix b/profiles/nixos/base.nix index 36955f6..dfc9b73 100644 --- a/profiles/nixos/base.nix +++ b/profiles/nixos/base.nix @@ -19,6 +19,14 @@ in modules = { bootloader.enable = mkDefault true; ssh.enable = mkDefault true; + + # Setup sensible default persistent data + impermanence.directories = [ + "/var/lib/nixos" + ]; + impermanence.files = [ + "/etc/shadow" + ]; }; # Localization diff --git a/profiles/nixos/vm.nix b/profiles/nixos/vm.nix index 341a139..b4fdd8e 100644 --- a/profiles/nixos/vm.nix +++ b/profiles/nixos/vm.nix @@ -25,7 +25,6 @@ in }; impermanence = { enable = true; - directories = [ "/var/lib/nixos" ]; resetScript = '' # Revert to the blank state for the root directory zfs rollback -r tank/root@blank @@ -39,7 +38,7 @@ in initialPassword = "local"; extraGroups = [ "wheel" ]; openssh.authorizedKeys.keys = [ - "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIKKxoQSxfYqf9ITN8Fhckk8WbY4dwtBAXOhC9jxihJvq jan@bulthuis.dev" + "ssh-ed25519 jan@bulthuis.dev" ]; };