test: impermanence

2025-12-06 21:17:14 -06:00 · 2025-11-05 00:04:49 -06:00 · 2025-11-05 00:04:49 -06:00 · 270275e225
commit 270275e225
parent 4210004147
1 changed files with 26 additions and 31 deletions
--- a/systems/ceres/config/filesystem.nix
+++ b/systems/ceres/config/filesystem.nix
@ -12,35 +12,24 @@ in
    "/" = {
      device = "/dev/disk/by-label/root";
      fsType = "btrfs";
-      options = [
-        "subvol=@"
-        "compress=zstd"
-        "noatime"
-      ];
+      options = [ "subvol=root" ];
    };
-
    "/nix" = {
      device = "/dev/disk/by-label/root";
      fsType = "btrfs";
-      options = [
-        "subvol=@nix"
-      ];
+      options = [ "subvol=nix" ];
    };
-
    "/persistent" = {
      device = "/dev/disk/by-label/root";
      fsType = "btrfs";
      neededForBoot = true;
-      options = [
-        "subvol=@persistent"
-      ];
+      options = [ "subvol=persistent" ];
    };
-
    "/boot" = {
      device = "/dev/disk/by-label/BOOT";
      fsType = "vfat";
+      options = [ "umask=0077" ];
    };
-
    "/mnt/storage" = {
      device = "/dev/disk/by-label/storage";
      fsType = "ext4";
@ -49,12 +38,12 @@ in

  boot.initrd.postResumeCommands = lib.mkAfter ''
    mkdir -p /btrfs_tmp
-    mount -o subvol=/ /dev/disk/by-label/root /btrfs_tmp
+    mount -o subvolid=5 /dev/disk/by-label/root /btrfs_tmp

-    if [[ -e /btrfs_tmp/@ ]]; then
-        mkdir -p /btrfs_tmp/@old_roots
-        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@)" "+%Y-%m-%d_%H:%M:%S")
-        mv /btrfs_tmp/@ "/btrfs_tmp/@old_roots/$timestamp"
+    if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
    fi

    delete_subvolume_recursively() {
@ -65,29 +54,35 @@ in
        btrfs subvolume delete "$1"
    }

-    for i in $(find /btrfs_tmp/@old_roots/ -maxdepth 1 -mtime +30); do
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
        delete_subvolume_recursively "$i"
    done

-    btrfs subvolume create /btrfs_tmp/@
+    btrfs subvolume create /btrfs_tmp/root
    umount /btrfs_tmp
  '';

  environment.persistence."/persistent" = {
-    hideMounts = true;
    directories = [
-      "/var/log"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
      "/var/cache"
-      "/etc/ssh"
-    ];
-    files = [
-      "/etc/machine-id"
+      "/var/lib"
+      {
+        directory = "/etc/ssh";
+        mode = "u=rwx,g=rx,o=rx";
+        user = "root";
+      }
    ];
+    hideMounts = true;
    users.${user0} = {
      directories = [
-        ".ssh"
+        ".cache"
+        ".config"
+        ".local/share/direnv"
+        ".local/state/nix"
+        {
+          directory = ".ssh";
+          mode = "u=rwx,g=,o=";
+        }
      ];
    };
  };