Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

2025-12-17 11:15:26 -06:00 · 2025-12-17 11:15:26 -06:00 · 75b37cc9ec
commit 75b37cc9ec
parent 07c9dbb51c a483dd3765
4 changed files with 115 additions and 4 deletions
--- a/hosts/i001/flake.lock
+++ b/hosts/i001/flake.lock
@ -1024,12 +1024,28 @@
        "type": "github"
      }
    },
+    "preservation": {
+      "locked": {
+        "lastModified": 1757436102,
+        "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=",
+        "owner": "nix-community",
+        "repo": "preservation",
+        "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "preservation",
+        "type": "github"
+      }
+    },
    "root": {
      "inputs": {
        "common": "common",
        "de_plasma": "de_plasma",
        "home-manager": "home-manager_2",
        "nixpkgs": "nixpkgs_3",
+        "preservation": "preservation",
        "ros_neovim": "ros_neovim"
      }
    },
--- a/hosts/i001/flake.nix
+++ b/hosts/i001/flake.nix
@ -10,7 +10,8 @@

    ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";

-    impermanence.url = "github:nix-community/impermanence";
+    # impermanence.url = "github:nix-community/impermanence";
+    preservation.url = "github:nix-community/preservation";
  };

  outputs =
@ -34,7 +35,8 @@
              inherit inputs;
            };
            modules = [
-              inputs.impermanence.nixosModules.impermanence
+              # inputs.impermanence.nixosModules.impermanence
+              inputs.preservation.nixosModules.preservation
              inputs.home-manager.nixosModules.default

              inputs.ros_neovim.nixosModules.default
@ -65,7 +67,8 @@

              ./hardware-configuration.nix
              ./hardware-mounts.nix
-              ./impermanence.nix
+              # ./impermanence.nix
+              ./preservation.nix
              (
                {
                  config,
--- a/hosts/i001/hardware-mounts.nix
+++ b/hosts/i001/hardware-mounts.nix
@ -135,7 +135,6 @@ lib.mkMerge [

      # Make this part of the root-fs chain, not just initrd.target
      wantedBy = [
-        # "initrd.target"
        "sysroot.mount"
        "initrd-root-fs.target"
      ];
--- a/hosts/i001/preservation.nix
+++ b/hosts/i001/preservation.nix
@ -0,0 +1,93 @@
+{ ... }:
+{
+  preservation = {
+    enable = true;
+
+    # Preserve system-wide directories and files at /persist
+    preserveAt = {
+      "/persist" = {
+        commonMountOptions = [
+          "x-gvfs-hide"
+          "x-gdu.hide"
+        ];
+
+        # Directories to persist (bind-mount by default)
+        directories = [
+          "/var/log"
+          "/var/lib/nixos"
+          "/var/lib/systemd/coredump"
+          "/var/lib/systemd/timers"
+
+          "/etc/nixos"
+          "/etc/ssh"
+
+          "/etc/NetworkManager/system-connections"
+          "/var/lib/bluetooth"
+          "/var/lib/NetworkManager"
+          "/var/lib/iwd"
+          "/var/lib/fail2ban"
+        ];
+
+        # Files to persist
+        files = [
+          # Persist machine-id early (initrd) via symlink for ConditionFirstBoot compatibility
+          { file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; }
+
+          # SSH host keys: ensure correct handling with symlinks
+          { file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; }
+          { file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; }
+        ];
+
+        # Per-user persistence
+        users = {
+          luser = {
+            directories = [
+              ".ssh"
+              ".gnupg"
+
+              "projects"
+              ".config/nixos-config"
+
+              ".config/atuin"
+              ".local/share/atuin"
+
+              ".local/share/zoxide"
+
+              # KDE
+              ".config/kdeconnect"
+
+              # Chrome
+              ".config/google-chrome"
+
+              # neovim ros_neovim
+              ".local/state/nvim_ringofstorms_helium"
+            ];
+            files = [ ];
+          };
+        };
+      };
+    };
+  };
+
+  # Configure intermediate system-wide directories that may need custom modes
+  # (Example: none required beyond defaults here.)
+
+  # Let systemd-machine-id-commit write the transient ID to the persistent volume.
+  # This avoids activation failure when /etc/machine-id is a symlink.
+  systemd.services.systemd-machine-id-commit = {
+    unitConfig.ConditionPathIsMountPoint = [
+      ""
+      "/persist/etc/machine-id"
+    ];
+    serviceConfig.ExecStart = [
+      ""
+      "systemd-machine-id-setup --commit --root /persist"
+    ];
+  };
+
+  # If you need custom ownership/modes for parent directories, use tmpfiles:
+  # systemd.tmpfiles.settings.preservation = {
+  #   "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };
+  #   "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; };
+  # };
+}