nyancat/flake
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

nixos: setup home on tmpfs

Browse source
This commit is contained in:
Guanran Wang 2023-12-10 23:42:07 +08:00
parent 35302e5753
commit 491f672b14
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
2 changed files with 36 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
nixos/flake-modules/disko.nix
View file

@ -28,30 +28,25 @@
}; };
}; };
"luks" = { "luks" = {
#size = "100%";
end = "-16G"; end = "-16G";
content = { content = {
type = "luks"; type = "luks";
name = "crypted"; name = "crypted";
extraOpenArgs = ["--allow-discards"]; extraOpenArgs = ["--allow-discards"];
# if you want to use the key for interactive login be sure there is no trailing newline
# for example use `echo -n "password" > /tmp/secret.key`
passwordFile = "/tmp/secret.key"; # Interactive passwordFile = "/tmp/secret.key"; # Interactive
#settings.keyFile = "/tmp/secret.key";
#additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
content = { content = {
type = "btrfs"; type = "btrfs";
extraArgs = ["-f"]; extraArgs = ["-f"];
mountpoint = "/btrfs"; mountpoint = "/btrfs";
subvolumes = { subvolumes = {
"/@home" = {
mountpoint = "/home";
mountOptions = ["compress=zstd" "noatime"];
};
"/@nix" = { "/@nix" = {
mountpoint = "/nix"; mountpoint = "/nix";
mountOptions = ["compress=zstd" "noatime"]; mountOptions = ["compress=zstd" "noatime"];
}; };
"/@persist" = {
mountpoint = "/persist";
mountOptions = ["compress=zstd" "noatime"];
};
}; };
}; };
}; };

39
nixos/flake-modules/impermanence.nix
View file

@ -11,24 +11,49 @@
### sops-nix ### sops-nix
sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];
# this folder is where the files will be stored (don't put it in tmpfs) fileSystems."/persist".neededForBoot = true;
environment.persistence."/nix/persist/system" = { environment.persistence."/persist" = {
hideMounts = true;
directories = [ directories = [
# bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
"/var/log" "/var/log"
"/var/lib" "/var/lib"
#"/etc/NetworkManager/system-connections"
"/etc/clash-meta" # clash-meta "/etc/clash-meta" # clash-meta
"/etc/secureboot" # sbctl, lanzaboote, etc "/etc/secureboot" # sbctl, lanzaboote
]; ];
files = [ files = [
# NOTE: if you persist /var/log directory, you should persist /etc/machine-id as well
# otherwise it will affect disk usage of log service
"/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub" "/etc/ssh/ssh_host_rsa_key.pub"
]; ];
users.guanranwang = {
directories = [
"Desktop"
"Documents"
"Downloads"
"Music"
"Pictures"
#"Public"
#"Templates"
"Videos"
".cache"
".local/share" # ".local/bin" is managed through home-manager
".local/state"
".ssh"
".librewolf"
".config/chromium"
".config/fcitx5"
".config/Mumble"
".config/nvim" # not managed with git because my configuration is trash and i do not want other people to see it
];
files = [
".config/sops/age/keys.txt"
".config/KDE/neochat.conf"
".config/neochatrc"
];
};
}; };
} }