(impermanence): Initial try.

6 files changed, 194 insertions, 18 deletions

diff --git a/disko.nix b/disko.nix
new file mode 100644
index 0000000..f8d74a1
--- /dev/null
+++ b/disko.nix
@@ -0,0 +1,81 @@
+{
+  device ? throw "Set this to your disk device, e.g. /dev/sda",
+  ...
+}: {
+  disko.devices = {
+    disk.main = {
+      inherit device;
+      type = "disk";
+      content = {
+        type = "gpt";
+        partitions = {
+          boot = {
+            name = "boot";
+            size = "1M";
+            type = "EF02";
+          };
+          esp = {
+            name = "ESP";
+            size = "500M";
+            type = "EF00";
+            content = {
+              type = "filesystem";
+              format = "vfat";
+              mountpoint = "/boot";
+            };
+          };
+          swap = {
+            size = "4G";
+            content = {
+              type = "swap";
+              resumeDevice = true;
+            };
+          };
+          root = {
+            name = "root";
+            size = "100%";
+            content = {
+              type = "lvm_pv";
+              vg = "root_vg";
+            };
+          };
+        };
+      };
+    };
+    lvm_vg = {
+      root_vg = {
+        type = "lvm_vg";
+        lvs = {
+          root = {
+            size = "100%FREE";
+            content = {
+              type = "btrfs";
+              extraArgs = ["-f"];
+
+              subvolumes = {
+                "/root" = {
+                  mountpoint = "/";
+                };
+
+                "/persist" = {
+                  mountOptions = ["subvol=persist" "noatime"];
+                  mountpoint = "/persist";
+                };
+
+                "/nix" = {
+                  mountOptions = ["subvol=nix" "noatime"];
+                  mountpoint = "/nix";
+                };
+
+                "/home" = {
+                  mountOptions = ["subvol=home" "noatime"];
+                  mountpoint = "/home";
+                };
+              };
+            };
+          };
+        };
+      };
+    };
+  };
+}
diff --git a/disko.sh b/disko.sh
new file mode 100755
index 0000000..7c1296b
--- /dev/null
+++ b/disko.sh
@@ -0,0 +1,6 @@
+#!/usr/bin/env bash
+
+sudo nix \
+  --experimental-features "nix-command flakes" \
+  run github:nix-community/disko -- --mode disko ./disko.nix \
+  --arg device "/dev/nvme0n1"
diff --git a/flake.lock b/flake.lock
index add44de..9ff5bf6 100644
--- a/flake.lock
+++ b/flake.lock
@@ -1,5 +1,25 @@
 {
   "nodes": {
+    "disko": {
+      "inputs": {
+        "nixpkgs": [
+          "nixpkgs"
+        ]
+      },
+      "locked": {
+        "lastModified": 1728334376,
+        "narHash": "sha256-CTKEKPzD/j8FK6H4DO3EjyixZd3HHvgAgfnCwpGFP5c=",
+        "owner": "nix-community",
+        "repo": "disko",
+        "rev": "d39ee334984fcdae6244f5a8e6ab857479cbaefe",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "disko",
+        "type": "github"
+      }
+    },
     "home-manager": {
       "inputs": {
         "nixpkgs": [
@@ -20,6 +40,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1727649413,
+        "narHash": "sha256-FA53of86DjFdeQzRDVtvgWF9o52rWK70VHGx0Y8fElQ=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "d0b38e550039a72aff896ee65b0918e975e6d48e",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "nixpkgs": {
       "locked": {
         "lastModified": 1728241625,
@@ -38,7 +73,9 @@
     },
     "root": {
       "inputs": {
+        "disko": "disko",
         "home-manager": "home-manager",
+        "impermanence": "impermanence",
         "nixpkgs": "nixpkgs"
       }
     }
diff --git a/flake.nix b/flake.nix
index 2c2e496..27bd53d 100644
--- a/flake.nix
+++ b/flake.nix
@@ -10,6 +10,17 @@
       url = "github:nix-community/home-manager";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+
+    # Disko
+    disko = {
+      url = "github:nix-community/disko";
+      inputs.nixpkgs.follows = "nixpkgs";
+    };
+
+    # Impermanence
+    impermanence = {
+      url = "github:nix-community/impermanence";
+    };
   };
 
   outputs = { self, nixpkgs, ... }@inputs: {
@@ -20,8 +31,13 @@
         system = "x86_64-linux";
         specialArgs = { inherit inputs; };
         modules = [
+          inputs.disko.nixosModules.default
+          (import ./disko.nix { device = "/dev/vda"; })
+
           ./machines/x/configuration.nix
+
           inputs.home-manager.nixosModules.default
+          inputs.impermanence.nixosModules.impermanence
         ];
       };
 
diff --git a/machines/x/configuration.nix b/machines/x/configuration.nix
index ed69181..82db98f 100644
--- a/machines/x/configuration.nix
+++ b/machines/x/configuration.nix
@@ -24,11 +24,35 @@
     "remapcapslock.nix"
 
     "wm_utils.nix"
-    # "qtile"
   ]);
 
-  boot.loader.systemd-boot.enable = true;
-  boot.loader.efi.canTouchEfiVariables = true;
+  boot.loader.grub.enable = true;
+  boot.loader.grub.efiSupport = true;
+
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount /dev/root_vg/root /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+            delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    umount /btrfs_tmp
+  '';
 
   boot.extraModprobeConfig = "options kvm_amd nested=1";
 
@@ -39,12 +63,37 @@
 
   networking.hostName = "x";
 
-  home-manager.users.compromyse = import ./home.nix;
-
   environment.variables = {
     XCURSOR_SIZE = "16";
   };
 
+  fileSystems."/persist".neededForBoot = true;
+  environment.persistence."/persist/system" = {
+    hideMounts = true;
+    directories = [
+      "/etc/nixos"
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      { directory = "/var/lib/colord"; user = "colord"; group = "colord"; mode = "u=rwx,g=rx,o="; }
+    ];
+    files = [
+      "/etc/machine-id"
+      "/etc/shadow"
+      { file = "/var/keys/secret_file"; parentDirectory = { mode = "u=rwx,g=,o="; }; }
+    ];
+  };
+
+  programs.fuse.userAllowOther = true;
+  home-manager = {
+    extraSpecialArgs = {inherit inputs;};
+    users = {
+      "compromyse" = import ./home.nix;
+    };
+  };
+
   networking.extraHosts =
   ''
     127.0.0.1 download.labsmartlis.local
diff --git a/machines/x/hardware-configuration.nix b/machines/x/hardware-configuration.nix
index 964bbb2..7d34b69 100644
--- a/machines/x/hardware-configuration.nix
+++ b/machines/x/hardware-configuration.nix
@@ -13,19 +13,6 @@
   boot.kernelModules = [ "kvm-amd" ];
   boot.extraModulePackages = [ ];
 
-  fileSystems."/" =
-    { device = "/dev/disk/by-uuid/fb695c14-0255-4deb-a816-e74fa8c42c4b";
-      fsType = "ext4";
-    };
-
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/19BE-DB3C";
-      fsType = "vfat";
-      options = [ "fmask=0077" "dmask=0077" ];
-    };
-
-  swapDevices = [ ];
-
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
   # still possible to use this option, but it's recommended to use it in conjunction