-
Notifications
You must be signed in to change notification settings - Fork 0
/
impermanence.nix
65 lines (61 loc) · 1.63 KB
/
impermanence.nix
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
{
lib,
config,
...
}: let
inherit (lib) optionals;
in {
boot.initrd.postDeviceCommands = lib.mkAfter ''
mkdir /btrfs_tmp
mount /dev/disk/by-partlabel/disk-main-root /btrfs_tmp
if [[ -e /btrfs_tmp/rootfs ]]; then
mkdir -p /btrfs_tmp/old_roots
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/rootfs)" "+%Y-%m-%-d_%H:%M:%S")
mv /btrfs_tmp/rootfs "/btrfs_tmp/old_roots/$timestamp"
fi
delete_subvolume_recursively() {
IFS=$'\n'
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
delete_subvolume_recursively "/btrfs_tmp/$i"
done
btrfs subvolume delete "$1"
}
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
delete_subvolume_recursively "$i"
done
btrfs subvolume create /btrfs_tmp/rootfs
umount /btrfs_tmp
'';
environment.persistence."/persistent" = {
enable = true;
directories =
[
{
directory = "/root/.ssh";
mode = "0700";
}
"/var/lib/systemd/coredump"
"/etc/nixos"
"/var/lib/nixos"
{
directory = "/var/lib/postgresql";
user = "postgres";
group = "postgres";
}
"/var/log"
{
directory = "/var/lib/acme/";
user = "acme";
group = "nginx";
}
]
++ optionals config.netdata.enable ["/var/lib/netdata" "/var/cache/netdata"];
files = [
"/etc/machine-id"
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
}