diff options
author | Vincent Ambo <mail@tazj.in> | 2021-03-21T02·21+0200 |
---|---|---|
committer | tazjin <mail@tazj.in> | 2021-03-21T13·06+0000 |
commit | 13a43a63928569f2eaf36b4401079e97452de57e (patch) | |
tree | 5737e7320b9c7811ee94adcec44c86c3618e3e29 /users | |
parent | 2b42afa8005ebb7410ef05c0b3c79a28f335097e (diff) |
feat(tazjin/tverskoy): Configure ephemeral home bind-mounts r/2305
Uses the impermanence module to configure the bind-mounts for the few applications that are allowed to persist stuff between boots. For now this setup uses ZFS rollbacks to get /home back into a clean state, where the `tazjin-clean` snapshot is a partition with only the `/home/tazjin` folder and the correct partitions on it. This gives me enough scratch space to e.g. download stuff larger than my RAM without accumulating state. Change-Id: I7cdb2276f087ea62201690cb8b36ae074203f87c Reviewed-on: https://cl.tvl.fyi/c/depot/+/2623 Tested-by: BuildkiteCI Reviewed-by: tazjin <mail@tazj.in>
Diffstat (limited to 'users')
-rw-r--r-- | users/tazjin/nixos/tverskoy/default.nix | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/users/tazjin/nixos/tverskoy/default.nix b/users/tazjin/nixos/tverskoy/default.nix index 3c4b9dae1184..395ff6bdbea5 100644 --- a/users/tazjin/nixos/tverskoy/default.nix +++ b/users/tazjin/nixos/tverskoy/default.nix @@ -19,11 +19,18 @@ config: let in lib.fix(self: { imports = [ "${depot.third_party.impermanence}/nixos.nix" + "${nixpkgs.home-manager.src}/nixos" ]; boot = { initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ]; initrd.kernelModules = [ ]; + + # Restore /home to the blank snapshot, erasing all ephemeral data. + initrd.postDeviceCommands = lib.mkAfter '' + zfs rollback -r zpool/ephemeral/home@tazjin-clean + ''; + kernelModules = [ "kvm-amd" ]; extraModulePackages = [ ]; kernelPackages = nixpkgs.linuxPackages_latest; @@ -156,6 +163,7 @@ in lib.fix(self: { users.users.tazjin = { isNormalUser = true; + createHome = true; extraGroups = [ "wheel" "networkmanager" ]; uid = 1000; shell = nixpkgs.fish; @@ -164,6 +172,9 @@ in lib.fix(self: { programs = { light.enable = true; + + # Required by impermanence + fuse.userAllowOther = true; }; environment.systemPackages = @@ -216,5 +227,37 @@ in lib.fix(self: { xsecurelock ]); - system.stateVersion = "20.09"; + home-manager.useGlobalPkgs = true; + home-manager.users.tazjin = { config, lib, ... }: { + imports = [ "${depot.third_party.impermanence}/home-manager.nix" ]; + + home.persistence."/persist/tazjin/home" = { + allowOther = true; + + directories = [ + ".config/google-chrome" + ".config/quassel-irc.org" + ".config/spotify" + ".gnupg" + ".local/share/direnv" + ".local/share/fish/" + ".password-store" + ".ssh" + ".telega" + "mail" + ]; + + files = [ + ".notmuch-config" + ]; + }; + + programs.git = { + enable = true; + userName = "Vincent Ambo"; + userEmail = "mail@tazj.in"; + }; + }; + + system.stateVersion = "20.09"; }) |