From e9b8c54312b65b370860d50bf43f62f3e9a79839 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 17 Dec 2025 00:51:28 -0600 Subject: [PATCH 1/5] try preservation --- hosts/i001/flake.nix | 9 ++-- hosts/i001/hardware-mounts.nix | 4 ++ hosts/i001/preservation.nix | 77 ++++++++++++++++++++++++++++++++++ 3 files changed, 87 insertions(+), 3 deletions(-) create mode 100644 hosts/i001/preservation.nix diff --git a/hosts/i001/flake.nix b/hosts/i001/flake.nix index 11d664b1..320bd51d 100644 --- a/hosts/i001/flake.nix +++ b/hosts/i001/flake.nix @@ -10,7 +10,8 @@ ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim"; - impermanence.url = "github:nix-community/impermanence"; + # impermanence.url = "github:nix-community/impermanence"; + preservation.url = "github:nix-community/preservation"; }; outputs = @@ -34,7 +35,8 @@ inherit inputs; }; modules = [ - inputs.impermanence.nixosModules.impermanence + # inputs.impermanence.nixosModules.impermanence + inputs.preservation.nixosModules.preservation inputs.home-manager.nixosModules.default inputs.ros_neovim.nixosModules.default @@ -65,7 +67,8 @@ ./hardware-configuration.nix ./hardware-mounts.nix - ./impermanence.nix + # ./impermanence.nix + ./preservation.nix ( { config, diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix index 49e472b4..bef29a74 100644 --- a/hosts/i001/hardware-mounts.nix +++ b/hosts/i001/hardware-mounts.nix @@ -64,6 +64,8 @@ lib.mkMerge [ "X-mount.mkdir" "X-mount.subdir=@persist" ]; + # NOTE for impermanence + neededForBoot = true; }; } # SWAP (optional) @@ -139,10 +141,12 @@ lib.mkMerge [ wantedBy = [ # "initrd.target" "sysroot.mount" + "persist.mount" "initrd-root-fs.target" ]; before = [ "sysroot.mount" + "persist.mount" "initrd-root-fs.target" ]; diff --git a/hosts/i001/preservation.nix b/hosts/i001/preservation.nix new file mode 100644 index 00000000..ecfc5697 --- /dev/null +++ b/hosts/i001/preservation.nix @@ -0,0 +1,77 @@ +{ ... }: +{ + preservation = { + enable = true; + + # Preserve system-wide directories and files at /persist + preserveAt = { + "/persist" = { + hideMounts = true; + + # Directories to persist (bind-mount by default) + directories = [ + "/var/log" + "/var/lib/nixos" + "/var/lib/systemd/coredump" + "/var/lib/systemd/timers" + + "/etc/nixos" + "/etc/ssh" + + "/etc/NetworkManager/system-connections" + "/var/lib/bluetooth" + "/var/lib/NetworkManager" + "/var/lib/iwd" + "/var/lib/fail2ban" + ]; + + # Files to persist + files = [ + # Persist machine-id early (initrd) + { file = "/etc/machine-id"; inInitrd = true; } + + # SSH host keys: ensure correct handling with symlinks + { file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; } + { file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; } + ]; + + # Per-user persistence + users = { + luser = { + directories = [ + ".ssh" + ".gnupg" + + "projects" + ".config/nixos-config" + + ".config/atuin" + ".local/share/atuin" + + ".local/share/zoxide" + + # KDE + ".config/kdeconnect" + + # Chrome + ".config/google-chrome" + + # neovim ros_neovim + ".local/state/nvim_ringofstorms_helium" + ]; + files = [ ]; + }; + }; + }; + }; + }; + + # Configure intermediate system-wide directories that may need custom modes + # (Example: none required beyond defaults here.) + + # If you need custom ownership/modes for parent directories, use tmpfiles: + # systemd.tmpfiles.settings.preservation = { + # "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; }; + # "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; }; + # }; +} From a4eed4bbb846944917f2875c5310ea9e33ce3be1 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 17 Dec 2025 00:52:18 -0600 Subject: [PATCH 2/5] lock flake --- hosts/i001/flake.lock | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/hosts/i001/flake.lock b/hosts/i001/flake.lock index d5517342..7aebd50f 100644 --- a/hosts/i001/flake.lock +++ b/hosts/i001/flake.lock @@ -1024,12 +1024,28 @@ "type": "github" } }, + "preservation": { + "locked": { + "lastModified": 1757436102, + "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=", + "owner": "nix-community", + "repo": "preservation", + "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11", + "type": "github" + }, + "original": { + "owner": "nix-community", + "repo": "preservation", + "type": "github" + } + }, "root": { "inputs": { "common": "common", "de_plasma": "de_plasma", "home-manager": "home-manager_2", "nixpkgs": "nixpkgs_3", + "preservation": "preservation", "ros_neovim": "ros_neovim" } }, From 65294203a2b02ebe9a461508d08b1c694f49ba41 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 17 Dec 2025 00:52:45 -0600 Subject: [PATCH 3/5] remove needed for boot --- hosts/i001/hardware-mounts.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix index bef29a74..b687fe78 100644 --- a/hosts/i001/hardware-mounts.nix +++ b/hosts/i001/hardware-mounts.nix @@ -65,7 +65,7 @@ lib.mkMerge [ "X-mount.subdir=@persist" ]; # NOTE for impermanence - neededForBoot = true; + # neededForBoot = true; }; } # SWAP (optional) From 297bbc54ed799d9796ff8ca4f20f913f4594690f Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 17 Dec 2025 00:55:17 -0600 Subject: [PATCH 4/5] hide --- hosts/i001/preservation.nix | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/hosts/i001/preservation.nix b/hosts/i001/preservation.nix index ecfc5697..edc49635 100644 --- a/hosts/i001/preservation.nix +++ b/hosts/i001/preservation.nix @@ -6,7 +6,10 @@ # Preserve system-wide directories and files at /persist preserveAt = { "/persist" = { - hideMounts = true; + commonMountOptions = [ + "x-gvfs-hide" + "x-gdu.hide" + ]; # Directories to persist (bind-mount by default) directories = [ From a483dd37659bb730ff981b5947fc92b23f1b34e4 Mon Sep 17 00:00:00 2001 From: "RingOfStorms (Joshua Bell)" Date: Wed, 17 Dec 2025 01:07:24 -0600 Subject: [PATCH 5/5] fix some stuff --- hosts/i001/hardware-mounts.nix | 25 +++++++++---------------- hosts/i001/preservation.nix | 17 +++++++++++++++-- 2 files changed, 24 insertions(+), 18 deletions(-) diff --git a/hosts/i001/hardware-mounts.nix b/hosts/i001/hardware-mounts.nix index b687fe78..1d6bf6fd 100644 --- a/hosts/i001/hardware-mounts.nix +++ b/hosts/i001/hardware-mounts.nix @@ -139,14 +139,11 @@ lib.mkMerge [ # Make this part of the root-fs chain, not just initrd.target wantedBy = [ - # "initrd.target" "sysroot.mount" - "persist.mount" "initrd-root-fs.target" ]; before = [ "sysroot.mount" - "persist.mount" "initrd-root-fs.target" ]; @@ -229,7 +226,7 @@ lib.mkMerge [ # TODO rotate root } # Reset root for erase your darlings/impermanence/preservation - (lib.mkIf false { + (lib.mkIf true { boot.initrd.systemd.services.bcachefs-reset-root = { description = "Reset bcachefs root subvolume before pivot"; @@ -251,7 +248,6 @@ lib.mkMerge [ "unlock-bcachefs-custom.service" ]; wantedBy = [ - "initrd-root-fs.target" "sysroot.mount" "initrd.target" @@ -268,15 +264,11 @@ lib.mkMerge [ }; script = '' - # 1. Enable Debugging - set -x - - # 2. Define Cleanup Trap (Robust) cleanup() { - if [[ ! -e /primary_tmp/@root ]]; then - echo "Cleanup: Creating new @root" - bcachefs subvolume create /primary_tmp/@root - fi + # if [[ ! -e /primary_tmp/@root ]]; then + # echo "Cleanup: Creating new @root" + # bcachefs subvolume create /primary_tmp/@root + # fi echo "Cleanup: Unmounting /primary_tmp" umount /primary_tmp || true } @@ -288,7 +280,8 @@ lib.mkMerge [ echo "Mounting ${PRIMARY}..." if ! mount "${PRIMARY}" /primary_tmp; then echo "Mount failed. Cannot reset root." - exit 1 + # TODO change to exit 1 + exit 0 fi if [[ -e /primary_tmp/@root ]]; then @@ -300,8 +293,8 @@ lib.mkMerge [ echo "Snapshotting @root to .../$timestamp" bcachefs subvolume snapshot /primary_tmp/@root "/primary_tmp/@snapshots/old_roots/$timestamp" - echo "Deleting current @root" - bcachefs subvolume delete /primary_tmp/@root + # echo "Deleting current @root" + # bcachefs subvolume delete /primary_tmp/@root fi # Trap handles creating new root and unmount diff --git a/hosts/i001/preservation.nix b/hosts/i001/preservation.nix index edc49635..85a5efc2 100644 --- a/hosts/i001/preservation.nix +++ b/hosts/i001/preservation.nix @@ -30,8 +30,8 @@ # Files to persist files = [ - # Persist machine-id early (initrd) - { file = "/etc/machine-id"; inInitrd = true; } + # Persist machine-id early (initrd) via symlink for ConditionFirstBoot compatibility + { file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; } # SSH host keys: ensure correct handling with symlinks { file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; } @@ -72,6 +72,19 @@ # Configure intermediate system-wide directories that may need custom modes # (Example: none required beyond defaults here.) + # Let systemd-machine-id-commit write the transient ID to the persistent volume. + # This avoids activation failure when /etc/machine-id is a symlink. + systemd.services.systemd-machine-id-commit = { + unitConfig.ConditionPathIsMountPoint = [ + "" + "/persist/etc/machine-id" + ]; + serviceConfig.ExecStart = [ + "" + "systemd-machine-id-setup --commit --root /persist" + ]; + }; + # If you need custom ownership/modes for parent directories, use tmpfiles: # systemd.tmpfiles.settings.preservation = { # "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };