ringofstorms/dotfiles
ringofstorms/dotfiles
1
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update reboot sequence and refator

Browse source
This commit is contained in:
RingOfStorms (Joshua Bell) 2025-12-30 09:45:29 -06:00
parent 31f2ef23a0
commit a058d9ecb0
2 changed files with 83 additions and 74 deletions
Download patch file Download diff file Expand all files Collapse all files

147
hosts/juni/hardware-mounts.nix
View file

@ -11,9 +11,10 @@ let
SWAP = "/dev/disk/by-uuid/ad0311e2-7eb1-47af-bc4b-6311968cbccf"; SWAP = "/dev/disk/by-uuid/ad0311e2-7eb1-47af-bc4b-6311968cbccf";
USB_KEY = null;
IMPERMANENCE = true; IMPERMANENCE = true;
ENCRYPTED = true;
USB_KEY = null;
primaryDeviceUnit = "${utils.escapeSystemdPath PRIMARY}.device"; primaryDeviceUnit = "${utils.escapeSystemdPath PRIMARY}.device";
in in
@ -93,9 +94,9 @@ lib.mkMerge [
(lib.mapAttrs' (k: disableFs) bcacheBoots); (lib.mapAttrs' (k: disableFs) bcacheBoots);
} }
) )
{ (lib.mkIf IMPERMANENCE {
# Impermanence fix for working with custom unlock and reset with root bcache # Impermanence fix for working with custom unlock and reset with root bcache
boot.initrd.systemd.services.create-needed-for-boot-dirs = { boot.initrd.systemd.services.create-needed-for-boot-dirs = lib.mkIf ENCRYPTED {
after = [ after = [
"unlock-bcachefs-custom.service" "unlock-bcachefs-custom.service"
"bcachefs-reset-root.service" "bcachefs-reset-root.service"
@ -106,9 +107,81 @@ lib.mkMerge [
]; ];
serviceConfig.KeyringMode = "shared"; serviceConfig.KeyringMode = "shared";
}; };
boot.initrd.systemd.services.bcachefs-reset-root = {
description = "Reset bcachefs root subvolume before pivot";
after = [
"initrd-root-device.target"
"cryptsetup.target"
"unlock-bcachefs-custom.service"
];
requires = [
primaryDeviceUnit
"unlock-bcachefs-custom.service"
];
before = [
"sysroot.mount"
];
wantedBy = [
"initrd-root-fs.target"
"sysroot.mount"
"initrd.target"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
KeyringMode = "shared";
};
script = ''
cleanup() {
if [[ ! -e /primary_tmp/@root ]]; then
echo "Cleanup: Creating new @root"
bcachefs subvolume create /primary_tmp/@root
fi
echo "Cleanup: Unmounting /primary_tmp"
umount /primary_tmp || true
} }
trap cleanup EXIT
mkdir -p /primary_tmp
echo "Mounting ${PRIMARY}..."
if ! mount "${PRIMARY}" /primary_tmp; then
echo "Mount failed. Cannot reset root."
exit 1
fi
if [[ -e /primary_tmp/@root ]]; then
mkdir -p /primary_tmp/@snapshots/old_roots
# Use safe timestamp format (dashes instead of colons)
timestamp=$(date "+%Y-%m-%d_%H-%M-%S")
snap="/primary_tmp/@snapshots/old_roots/$timestamp"
echo "Snapshotting @root to $snap"
bcachefs subvolume snapshot /primary_tmp/@root "$snap"
echo "Deleting current @root"
bcachefs subvolume delete /primary_tmp/@root
fi
# Trap handles creating new root and unmount
'';
};
})
# If you mess up decruption password this reboots for retry instead of getting stuck
(lib.mkIf ENCRYPTED {
boot.kernelParams = [
"rd.shell=0"
"rd.emergency=reboot"
];
})
# Bcachefs auto decryption # Bcachefs auto decryption
(lib.mkIf (USB_KEY != null) { (lib.mkIf (ENCRYPTED && USB_KEY != null) {
boot.supportedFilesystems = [ boot.supportedFilesystems = [
"bcachefs" "bcachefs"
]; ];
@ -185,69 +258,5 @@ lib.mkMerge [
''; '';
}; };
}) })
(lib.mkIf IMPERMANENCE {
boot.initrd.systemd.services.bcachefs-reset-root = {
description = "Reset bcachefs root subvolume before pivot";
after = [
"initrd-root-device.target"
"cryptsetup.target"
"unlock-bcachefs-custom.service"
];
requires = [
primaryDeviceUnit
"unlock-bcachefs-custom.service"
];
before = [
"sysroot.mount"
];
wantedBy = [
"initrd-root-fs.target"
"sysroot.mount"
"initrd.target"
];
serviceConfig = {
Type = "oneshot";
RemainAfterExit = true;
KeyringMode = "shared";
};
script = ''
cleanup() {
if [[ ! -e /primary_tmp/@root ]]; then
echo "Cleanup: Creating new @root"
bcachefs subvolume create /primary_tmp/@root
fi
echo "Cleanup: Unmounting /primary_tmp"
umount /primary_tmp || true
}
trap cleanup EXIT
mkdir -p /primary_tmp
echo "Mounting ${PRIMARY}..."
if ! mount "${PRIMARY}" /primary_tmp; then
echo "Mount failed. Cannot reset root."
exit 1
fi
if [[ -e /primary_tmp/@root ]]; then
mkdir -p /primary_tmp/@snapshots/old_roots
# Use safe timestamp format (dashes instead of colons)
timestamp=$(date "+%Y-%m-%d_%H-%M-%S")
snap="/primary_tmp/@snapshots/old_roots/$timestamp"
echo "Snapshotting @root to $snap"
bcachefs subvolume snapshot /primary_tmp/@root "$snap"
echo "Deleting current @root"
bcachefs subvolume delete /primary_tmp/@root
fi
# Trap handles creating new root and unmount
'';
};
})
] ]

8
hosts/lio/flake.lock generated
View file

@ -64,11 +64,11 @@
"common": { "common": {
"locked": { "locked": {
"dir": "flakes/common", "dir": "flakes/common",
"lastModified": 1767105946, "lastModified": 1767108596,
"narHash": "sha256-IRgl+mna4n7jDyVw0hPSwE2VnbXj0wnuyDaUwmhE/YU=", "narHash": "sha256-G24jIpfoSg3e4yUtAJnJsA6Mw+INLd3g85JzLWj+1j8=",
"ref": "refs/heads/master", "ref": "refs/heads/master",
"rev": "f25a2e5dc61a7b10f7c26d491eed3a53a5b47854", "rev": "31f2ef23a0382b3149866ee3665a64843870d7a6",
"revCount": 1002, "revCount": 1007,
"type": "git", "type": "git",
"url": "https://git.joshuabell.xyz/ringofstorms/dotfiles" "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
}, },