97 lines
2.4 KiB
Nix
Executable file
97 lines
2.4 KiB
Nix
Executable file
{
|
|
lib,
|
|
persistExtraDirectories,
|
|
persistExtraFiles,
|
|
users ? {},
|
|
extraConfig ? {},
|
|
...
|
|
}: {
|
|
boot.initrd.postDeviceCommands = lib.mkAfter ''
|
|
# Prepare temporary folder
|
|
mkdir /btrfs_tmp
|
|
|
|
# Open encrypted partition
|
|
# cryptsetup luksOpen /dev/sda3 crypted
|
|
|
|
# Mount unencrypted partition in temp folder
|
|
mount /dev/mapper/crypted /btrfs_tmp
|
|
|
|
# Check if root subvolume exists in partition
|
|
if [[ -e /btrfs_tmp/root ]]; then
|
|
# If a folder for old roots doesnt exist we create one
|
|
mkdir -p /btrfs_tmp/old_roots
|
|
# Get timestamp for naming roots
|
|
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
|
|
# Move old root into folder
|
|
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
|
|
fi
|
|
|
|
delete_subvolume_recursively() {
|
|
IFS=$'\n'
|
|
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
|
|
delete_subvolume_recursively "btrfs_tmp/$i"
|
|
done
|
|
btrfs subvolume delete "$1"
|
|
}
|
|
|
|
# Delete old roots older than 30 days
|
|
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
|
|
delete_subvolume_recursively "$i"
|
|
done
|
|
|
|
# Create new root
|
|
btrfs subvolume create /btrfs_tmp/root
|
|
umount /btrfs_tmp
|
|
'';
|
|
|
|
# Dont nuke all the files. We wanna keep something
|
|
fileSystems."/persist".neededForBoot = true;
|
|
environment.persistence."/persist/system" = {
|
|
hideMounts = true;
|
|
directories =
|
|
[
|
|
"/etc/nixos"
|
|
"/var/log"
|
|
"/var/lib/bluetooth"
|
|
"/var/lib/nixos"
|
|
"/var/lib/systemd/coredump"
|
|
"/etc/NetworkManager/system-connections"
|
|
{
|
|
directory = "/var/lib/colord";
|
|
user = "colord";
|
|
group = "colord";
|
|
mode = "u=rwx, g=rx, o=";
|
|
}
|
|
]
|
|
++ (
|
|
if (persistExtraDirectories == null)
|
|
then []
|
|
else persistExtraDirectories
|
|
);
|
|
|
|
files =
|
|
[
|
|
"/etc/machine-id"
|
|
"/etc/ssh/ssh_host_rsa_key"
|
|
"/etc/ssh/ssh_host_ed25519_key"
|
|
"/etc/ssh/ssh_host_rsa_key.pub"
|
|
"/etc/ssh/ssh_host_ed25519_key.pub"
|
|
]
|
|
++ (
|
|
if (persistExtraFiles == null)
|
|
then []
|
|
else persistExtraFiles
|
|
);
|
|
|
|
inherit users;
|
|
};
|
|
|
|
# environment.etc = {
|
|
# "group".source = "/persist/system/etc/group";
|
|
# "passwd".source = "/persist/system/etc/passwd";
|
|
# "shadow".source = "/persist/system/etc/shadow";
|
|
# };
|
|
|
|
programs.fuse.userAllowOther = true;
|
|
}
|