nixos: setup home on tmpfs

2023-12-10 23:42:07 +08:00 · 2023-12-10 23:42:07 +08:00 · 491f672b14
commit 491f672b14
parent 35302e5753
2 changed files with 36 additions and 16 deletions
--- a/nixos/flake-modules/disko.nix
+++ b/nixos/flake-modules/disko.nix
@ -28,30 +28,25 @@
              };
            };
            "luks" = {
-              #size = "100%";
              end = "-16G";
              content = {
                type = "luks";
                name = "crypted";
                extraOpenArgs = ["--allow-discards"];
-                # if you want to use the key for interactive login be sure there is no trailing newline
-                # for example use `echo -n "password" > /tmp/secret.key`
                passwordFile = "/tmp/secret.key"; # Interactive
-                #settings.keyFile = "/tmp/secret.key";
-                #additionalKeyFiles = [ "/tmp/additionalSecret.key" ];
                content = {
                  type = "btrfs";
                  extraArgs = ["-f"];
                  mountpoint = "/btrfs";
                  subvolumes = {
-                    "/@home" = {
-                      mountpoint = "/home";
-                      mountOptions = ["compress=zstd" "noatime"];
-                    };
                    "/@nix" = {
                      mountpoint = "/nix";
                      mountOptions = ["compress=zstd" "noatime"];
                    };
+                    "/@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = ["compress=zstd" "noatime"];
+                    };
                  };
                };
              };
--- a/nixos/flake-modules/impermanence.nix
+++ b/nixos/flake-modules/impermanence.nix
@ -11,24 +11,49 @@
  ### sops-nix
  sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];

-  # this folder is where the files will be stored (don't put it in tmpfs)
-  environment.persistence."/nix/persist/system" = {
+  fileSystems."/persist".neededForBoot = true;
+  environment.persistence."/persist" = {
+    hideMounts = true;
    directories = [
-      # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
      "/var/log"
      "/var/lib"

-      #"/etc/NetworkManager/system-connections"
      "/etc/clash-meta" # clash-meta
-      "/etc/secureboot" # sbctl, lanzaboote, etc
+      "/etc/secureboot" # sbctl, lanzaboote
    ];
    files = [
-      # NOTE: if you persist /var/log directory, you should persist /etc/machine-id as well
-      # otherwise it will affect disk usage of log service
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
    ];
+    users.guanranwang = {
+      directories = [
+        "Desktop"
+        "Documents"
+        "Downloads"
+        "Music"
+        "Pictures"
+        #"Public"
+        #"Templates"
+        "Videos"
+
+        ".cache"
+        ".local/share" # ".local/bin" is managed through home-manager
+        ".local/state"
+        ".ssh"
+
+        ".librewolf"
+        ".config/chromium"
+        ".config/fcitx5"
+        ".config/Mumble"
+        ".config/nvim" # not managed with git because my configuration is trash and i do not want other people to see it
+      ];
+      files = [
+        ".config/sops/age/keys.txt"
+        ".config/KDE/neochat.conf"
+        ".config/neochatrc"
+      ];
+    };
  };
 }