From 13a43a63928569f2eaf36b4401079e97452de57e Mon Sep 17 00:00:00 2001
From: Vincent Ambo <mail@tazj.in>
Date: Sun, 21 Mar 2021 04:21:16 +0200
Subject: feat(tazjin/tverskoy): Configure ephemeral home bind-mounts

Uses the impermanence module to configure the bind-mounts for the few
applications that are allowed to persist stuff between boots.

For now this setup uses ZFS rollbacks to get /home back into a clean
state, where the `tazjin-clean` snapshot is a partition with only the
`/home/tazjin` folder and the correct partitions on it.

This gives me enough scratch space to e.g. download stuff larger than
my RAM without accumulating state.

Change-Id: I7cdb2276f087ea62201690cb8b36ae074203f87c
Reviewed-on: https://cl.tvl.fyi/c/depot/+/2623
Tested-by: BuildkiteCI
Reviewed-by: tazjin <mail@tazj.in>
---
 users/tazjin/nixos/tverskoy/default.nix | 45 ++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

(limited to 'users/tazjin/nixos/tverskoy/default.nix')

diff --git a/users/tazjin/nixos/tverskoy/default.nix b/users/tazjin/nixos/tverskoy/default.nix
index 3c4b9dae11..395ff6bdbe 100644
--- a/users/tazjin/nixos/tverskoy/default.nix
+++ b/users/tazjin/nixos/tverskoy/default.nix
@@ -19,11 +19,18 @@ config: let
 in lib.fix(self: {
   imports = [
     "${depot.third_party.impermanence}/nixos.nix"
+    "${nixpkgs.home-manager.src}/nixos"
   ];
 
   boot = {
     initrd.availableKernelModules = [ "nvme" "ehci_pci" "xhci_pci" "usb_storage" "sd_mod" "rtsx_pci_sdmmc" ];
     initrd.kernelModules = [ ];
+
+    # Restore /home to the blank snapshot, erasing all ephemeral data.
+    initrd.postDeviceCommands = lib.mkAfter ''
+      zfs rollback -r zpool/ephemeral/home@tazjin-clean
+    '';
+
     kernelModules = [ "kvm-amd" ];
     extraModulePackages = [ ];
     kernelPackages = nixpkgs.linuxPackages_latest;
@@ -156,6 +163,7 @@ in lib.fix(self: {
 
   users.users.tazjin = {
     isNormalUser = true;
+    createHome = true;
     extraGroups = [ "wheel" "networkmanager" ];
     uid = 1000;
     shell = nixpkgs.fish;
@@ -164,6 +172,9 @@ in lib.fix(self: {
 
   programs = {
     light.enable = true;
+
+    # Required by impermanence
+    fuse.userAllowOther = true;
   };
 
   environment.systemPackages =
@@ -216,5 +227,37 @@ in lib.fix(self: {
       xsecurelock
     ]);
 
-  system.stateVersion = "20.09";
+    home-manager.useGlobalPkgs = true;
+    home-manager.users.tazjin = { config, lib, ... }: {
+      imports = [ "${depot.third_party.impermanence}/home-manager.nix" ];
+
+      home.persistence."/persist/tazjin/home" = {
+        allowOther = true;
+
+        directories = [
+          ".config/google-chrome"
+          ".config/quassel-irc.org"
+          ".config/spotify"
+          ".gnupg"
+          ".local/share/direnv"
+          ".local/share/fish/"
+          ".password-store"
+          ".ssh"
+          ".telega"
+          "mail"
+        ];
+
+        files = [
+          ".notmuch-config"
+        ];
+      };
+
+      programs.git = {
+        enable = true;
+        userName = "Vincent Ambo";
+        userEmail = "mail@tazj.in";
+      };
+    };
+
+    system.stateVersion = "20.09";
 })
-- 
cgit 1.4.1