From affa3339693e2aeec65c548b3e24a33249385a08 Mon Sep 17 00:00:00 2001 From: Jan-Bulthuis Date: Wed, 11 Jun 2025 11:58:54 +0200 Subject: [PATCH] Moved to systemd for initrd, added integration for vmWithDisko --- hosts/vm-oddjob/configuration.nix | 2 +- modules/nixos/bootloader.nix | 3 +++ modules/nixos/disko.nix | 4 +++- modules/nixos/domain.nix | 2 +- modules/nixos/impermanence.nix | 18 ++++++++++++++++-- modules/nixos/secrets.nix | 1 + profiles/disko/vm.nix | 1 + 7 files changed, 26 insertions(+), 5 deletions(-) diff --git a/hosts/vm-oddjob/configuration.nix b/hosts/vm-oddjob/configuration.nix index 91f0aba..bf4c103 100644 --- a/hosts/vm-oddjob/configuration.nix +++ b/hosts/vm-oddjob/configuration.nix @@ -40,7 +40,7 @@ requiredBy = [ "mnt-nas.mount" ]; after = [ "network-online.target" ]; requires = [ "network-online.target" ]; - serviceConfig.type = "oneshot"; + serviceConfig.Type = "oneshot"; script = '' . ${config.sops.secrets."smb-credentials".path} echo $password | ${pkgs.krb5}/bin/kinit $username diff --git a/modules/nixos/bootloader.nix b/modules/nixos/bootloader.nix index bda885d..f569668 100644 --- a/modules/nixos/bootloader.nix +++ b/modules/nixos/bootloader.nix @@ -16,5 +16,8 @@ in systemd-boot.editor = false; efi.canTouchEfiVariables = true; }; + + # Initrd + boot.initrd.systemd.enable = true; }; } diff --git a/modules/nixos/disko.nix b/modules/nixos/disko.nix index dbdbc36..b435923 100644 --- a/modules/nixos/disko.nix +++ b/modules/nixos/disko.nix @@ -20,5 +20,7 @@ in }; }; - config = mkIf cfg.enable { disko.devices = profile.disko.devices; }; + config = mkIf cfg.enable { + disko.devices = profile.disko.devices; + }; } diff --git a/modules/nixos/domain.nix b/modules/nixos/domain.nix index 44b36ba..93c39e2 100644 --- a/modules/nixos/domain.nix +++ b/modules/nixos/domain.nix @@ -47,7 +47,7 @@ in "network-online.target" ]; serviceConfig = { - type = "oneshot"; + Type = "oneshot"; }; script = '' ADCLI_JOIN_USER=$(cat ${cfg.join.userFile}) diff --git a/modules/nixos/impermanence.nix b/modules/nixos/impermanence.nix index 9983ae5..edc4b56 100644 --- a/modules/nixos/impermanence.nix +++ b/modules/nixos/impermanence.nix @@ -24,18 +24,32 @@ in resetScript = mkOption { type = types.lines; description = '' - Script to run on boot that resets the root partition. + Script to run in order to reset the system to a clean state. ''; }; }; config = mkIf cfg.enable { + # Filesystem setup fileSystems."/persist".neededForBoot = true; - boot.initrd.postResumeCommands = mkAfter cfg.resetScript; + # boot.initrd.postResumeCommands = mkAfter cfg.resetScript; + # TODO: Reduce dependency on the root filesystem being ZFS? + boot.initrd.systemd.services.impermanence-rollback = { + description = "Rollback filesystem to clean state."; + wantedBy = [ "initrd.target" ]; + after = [ "zfs-import.target" ]; + before = [ "sysroot.mount" ]; + unitConfig.DefaultDependencies = "no"; + serviceConfig.Type = "oneshot"; + script = cfg.resetScript; + }; # For home-manager persistence programs.fuse.userAllowOther = true; + # For testing purposes with VM + virtualisation.vmVariantWithDisko.virtualisation.fileSystems."/persist".neededForBoot = true; + environment.persistence."/persist/system" = { enable = true; hideMounts = true; diff --git a/modules/nixos/secrets.nix b/modules/nixos/secrets.nix index ac695dd..ca0cb32 100644 --- a/modules/nixos/secrets.nix +++ b/modules/nixos/secrets.nix @@ -39,5 +39,6 @@ in ]; sops.secrets = cfg.secrets; modules.impermanence.directories = [ "/etc/sops" ]; + virtualisation.vmVariantWithDisko.sops.age.sshKeyPaths = [ "/tmp/shared/sops_ed25519_key" ]; }; } diff --git a/profiles/disko/vm.nix b/profiles/disko/vm.nix index 78baa49..2557897 100644 --- a/profiles/disko/vm.nix +++ b/profiles/disko/vm.nix @@ -4,6 +4,7 @@ main = { type = "disk"; device = "/dev/sda"; + imageSize = "32G"; # For test VMs content = { type = "gpt"; partitions = {