Moved to systemd for initrd, added integration for vmWithDisko

2025-06-11 11:58:54 +02:00 · 2025-06-11 11:58:54 +02:00 · affa333969
commit affa333969
parent 3c20190709
7 changed files with 26 additions and 5 deletions
--- a/hosts/vm-oddjob/configuration.nix
+++ b/hosts/vm-oddjob/configuration.nix
@ -40,7 +40,7 @@
    requiredBy = [ "mnt-nas.mount" ];
    after = [ "network-online.target" ];
    requires = [ "network-online.target" ];
-    serviceConfig.type = "oneshot";
+    serviceConfig.Type = "oneshot";
    script = ''
      . ${config.sops.secrets."smb-credentials".path}
      echo $password | ${pkgs.krb5}/bin/kinit $username
--- a/modules/nixos/bootloader.nix
+++ b/modules/nixos/bootloader.nix
@ -16,5 +16,8 @@ in
      systemd-boot.editor = false;
      efi.canTouchEfiVariables = true;
    };
+
+    # Initrd
+    boot.initrd.systemd.enable = true;
  };
 }
--- a/modules/nixos/disko.nix
+++ b/modules/nixos/disko.nix
@ -20,5 +20,7 @@ in
    };
  };

-  config = mkIf cfg.enable { disko.devices = profile.disko.devices; };
+  config = mkIf cfg.enable {
+    disko.devices = profile.disko.devices;
+  };
 }
--- a/modules/nixos/domain.nix
+++ b/modules/nixos/domain.nix
@ -47,7 +47,7 @@ in
        "network-online.target"
      ];
      serviceConfig = {
-        type = "oneshot";
+        Type = "oneshot";
      };
      script = ''
        ADCLI_JOIN_USER=$(cat ${cfg.join.userFile})
--- a/modules/nixos/impermanence.nix
+++ b/modules/nixos/impermanence.nix
@ -24,18 +24,32 @@ in
    resetScript = mkOption {
      type = types.lines;
      description = ''
-        Script to run on boot that resets the root partition.
+        Script to run in order to reset the system to a clean state.
      '';
    };
  };

  config = mkIf cfg.enable {
+    # Filesystem setup
    fileSystems."/persist".neededForBoot = true;
-    boot.initrd.postResumeCommands = mkAfter cfg.resetScript;
+    # boot.initrd.postResumeCommands = mkAfter cfg.resetScript;
+    # TODO: Reduce dependency on the root filesystem being ZFS?
+    boot.initrd.systemd.services.impermanence-rollback = {
+      description = "Rollback filesystem to clean state.";
+      wantedBy = [ "initrd.target" ];
+      after = [ "zfs-import.target" ];
+      before = [ "sysroot.mount" ];
+      unitConfig.DefaultDependencies = "no";
+      serviceConfig.Type = "oneshot";
+      script = cfg.resetScript;
+    };

    # For home-manager persistence
    programs.fuse.userAllowOther = true;

+    # For testing purposes with VM
+    virtualisation.vmVariantWithDisko.virtualisation.fileSystems."/persist".neededForBoot = true;
+
    environment.persistence."/persist/system" = {
      enable = true;
      hideMounts = true;
--- a/modules/nixos/secrets.nix
+++ b/modules/nixos/secrets.nix
@ -39,5 +39,6 @@ in
    ];
    sops.secrets = cfg.secrets;
    modules.impermanence.directories = [ "/etc/sops" ];
+    virtualisation.vmVariantWithDisko.sops.age.sshKeyPaths = [ "/tmp/shared/sops_ed25519_key" ];
  };
 }
--- a/profiles/disko/vm.nix
+++ b/profiles/disko/vm.nix
@ -4,6 +4,7 @@
      main = {
        type = "disk";
        device = "/dev/sda";
+        imageSize = "32G"; # For test VMs
        content = {
          type = "gpt";
          partitions = {