surtr: zfs snapshots

author: Gregor Kleen <gkleen@yggdrasil.li> 2021-05-29 15:18:04 +0200
committer: Gregor Kleen <gkleen@yggdrasil.li> 2021-05-29 15:18:04 +0200
commit: 333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a (patch)
tree: 82f9c823b587c0c423192eeed026f172f52eb431
parent: 28e1cd3729bd39e34c5c0aabda3b5d53d4877133 (diff)
download: nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar
nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.gz
nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.bz2
nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.xz
nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.zip
4 files changed, 100 insertions, 37 deletions
diff --git a/flake.lock b/flake.lock
index bfbdd90f..5d04aafd 100644
--- a/flake.lock
+++ b/flake.lock
@@ -7,11 +7,11 @@
        ]
      },
      "locked": {
-        "lastModified": 1621719066,
+        "lastModified": 1622145920,
-        "narHash": "sha256-TcpYTMKkZztb8YDHIlxM87t1e+Pzxzku28qBAT4ZsYY=",
+        "narHash": "sha256-/tt6IApLuVcGP5auy4zjLzfm5+MBHYLS3Nauvv2U2EQ=",
        "owner": "nix-community",
        "repo": "home-manager",
-        "rev": "64607f58b75741470284c698f82f0199fcecdfa7",
+        "rev": "0e6c61a44092e98ba1d75b41f4f947843dc7814d",
        "type": "github"
      },
      "original": {
@@ -23,11 +23,11 @@
    },
    "nixpkgs": {
      "locked": {
-        "lastModified": 1621775472,
+        "lastModified": 1622290771,
-        "narHash": "sha256-XNY2WlrufkBXTdaW7eOwmM4eukNIsb2ItKdjPwB7AAE=",
+        "narHash": "sha256-VDIJJMEjpdhbU+z0+JnQx/puJaaPGywf/osCbOtEj4Y=",
        "owner": "NixOS",
        "repo": "nixpkgs",
-        "rev": "3f1b917deae4efd529c7d923013f36982c93d52b",
+        "rev": "dd51c8eb0e10dded8c8967c431757fceef9a3866",
        "type": "github"
      },
      "original": {
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix
index ba304e22..8cbb51ef 100644
--- a/hosts/surtr/default.nix
+++ b/hosts/surtr/default.nix
@@ -1,7 +1,7 @@
 { flake, pkgs, ... }:
 {
  imports = with flake.nixosModules.systemProfiles; [
-    qemu-guest openssh rebuild-machines
+    qemu-guest openssh rebuild-machines ./zfs.nix
  ];
  config = {
@@ -24,7 +24,10 @@
      tmpOnTmpfs = true;
      supportedFilesystems = [ "zfs" ];
-      zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
+      zfs = {
+        enableUnstable = true;
+        devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
+      };
    };
    fileSystems = {
@@ -37,33 +40,6 @@
        { device = "/dev/disk/by-label/boot";
          fsType = "vfat";
        };
-      "/nix" =
-        { device = "surtr/local/nix";
-          fsType = "zfs";
-        };
-      "/root" =
-        { device = "surtr/safe/home-root";
-          fsType = "zfs";
-          neededForBoot = true;
-        };
-      "/var/lib/systemd" =
-        { device = "surtr/local/var-lib-systemd";
-          fsType = "zfs";
-          neededForBoot = true;
-        };
-      "/var/log" =
-        { device = "surtr/local/var-log";
-          fsType = "zfs";
-        };
-      "/home" =
-        { device = "surtr/safe/home";
-          fsType = "zfs";
-        };
    };
    networking = {
diff --git a/hosts/surtr/zfs.nix b/hosts/surtr/zfs.nix
new file mode 100644
index 00000000..72cc79e3
--- /dev/null
+++ b/hosts/surtr/zfs.nix
@@ -0,0 +1,89 @@
+{ pkgs, config, ... }:
+let
+  snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
+  snapshotCount = {
+    frequent = 24;
+    hourly = 24;
+    daily = 30;
+    monthly = 12;
+    yearly = 5;
+  };
+  snapshotTimerConfig = {
+    frequent = { OnCalendar = "*:0/5"; Persistent = true; };
+    hourly = { OnCalendar = "hourly"; Persistent = true; };
+    daily = { OnCalendar = "daily"; Persistent = true; };
+    monthly = { OnCalendar = "monthly"; Persistent = true; };
+    yearly = { OnCalendar = "yearly"; Persistent = true; };
+  };
+  snapshotDescr = {
+    frequent = "few minutes";
+    hourly = "hour";
+    daily = "day";
+    monthly = "month";
+    yearly = "year";
+  };
+  zfs = config.boot.zfs.package;
+  autosnapPackage = pkgs.zfstools.override { inherit zfs; };
+in {
+  config = {
+    fileSystems = {
+      "/nix" =
+        { device = "surtr/local/nix";
+          fsType = "zfs";
+        };
+      "/root" =
+        { device = "surtr/safe/home-root";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/lib/systemd" =
+        { device = "surtr/local/var-lib-systemd";
+          fsType = "zfs";
+          neededForBoot = true;
+        };
+      "/var/log" =
+        { device = "surtr/local/var-log";
+          fsType = "zfs";
+        };
+      "/home" =
+        { device = "surtr/safe/home";
+          fsType = "zfs";
+        };
+    };
+    systemd.services =
+      let mkSnapService = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
+              after = [ "zfs-import.target" ];
+              serviceConfig = {
+                Type = "oneshot";
+                ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
+              };
+              restartIfChanged = false;
+              preStart = ''
+                ${zfs}/bin/zfs set com.sun:auto-snapshot=true surtr/safe
+              '';
+            };
+          };
+      in builtins.listToAttrs (map mkSnapService snapshotNames);
+    systemd.timers =
+      let mkSnapTimer = snapName: {
+            name = "zfs-snapshot-${snapName}";
+            value = {
+              wantedBy = [ "timers.target" ];
+              timerConfig = snapshotTimerConfig.${snapName};
+            };
+          };
+      in builtins.listToAttrs (map mkSnapTimer snapshotNames);
+  };
+}
diff --git a/system-profiles/core.nix b/system-profiles/core.nix
index fd9245f8..49869e60 100644
--- a/system-profiles/core.nix
+++ b/system-profiles/core.nix
@@ -59,8 +59,6 @@ in {
        sops-nix.flake = flakeInputs.sops-nix;
        nixos.flake = flake;
      };
-      sandboxPaths = lib.mkDefault [ "/bin/sh=${pkgs.busybox-sandbox-shell}/bin/busybox" ]; # aeeee44
    };
    users.mutableUsers = false;
author	Gregor Kleen <gkleen@yggdrasil.li>	2021-05-29 15:18:04 +0200
committer	Gregor Kleen <gkleen@yggdrasil.li>	2021-05-29 15:18:04 +0200
commit	333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a (patch)
tree	82f9c823b587c0c423192eeed026f172f52eb431
parent	28e1cd3729bd39e34c5c0aabda3b5d53d4877133 (diff)
download	nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.gz nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.bz2 nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.tar.xz nixos-333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a.zip

diff --git a/flake.lock b/flake.lock index bfbdd90f..5d04aafd 100644 --- a/flake.lock +++ b/flake.lock
@@ -7,11 +7,11 @@
7	]	7	]
8	},	8	},
9	"locked": {	9	"locked": {
10	"lastModified": 1621719066,	10	"lastModified": 1622145920,
11	"narHash": "sha256-TcpYTMKkZztb8YDHIlxM87t1e+Pzxzku28qBAT4ZsYY=",	11	"narHash": "sha256-/tt6IApLuVcGP5auy4zjLzfm5+MBHYLS3Nauvv2U2EQ=",
12	"owner": "nix-community",	12	"owner": "nix-community",
13	"repo": "home-manager",	13	"repo": "home-manager",
14	"rev": "64607f58b75741470284c698f82f0199fcecdfa7",	14	"rev": "0e6c61a44092e98ba1d75b41f4f947843dc7814d",
15	"type": "github"	15	"type": "github"
16	},	16	},
17	"original": {	17	"original": {
@@ -23,11 +23,11 @@
23	},	23	},
24	"nixpkgs": {	24	"nixpkgs": {
25	"locked": {	25	"locked": {
26	"lastModified": 1621775472,	26	"lastModified": 1622290771,
27	"narHash": "sha256-XNY2WlrufkBXTdaW7eOwmM4eukNIsb2ItKdjPwB7AAE=",	27	"narHash": "sha256-VDIJJMEjpdhbU+z0+JnQx/puJaaPGywf/osCbOtEj4Y=",
28	"owner": "NixOS",	28	"owner": "NixOS",
29	"repo": "nixpkgs",	29	"repo": "nixpkgs",
30	"rev": "3f1b917deae4efd529c7d923013f36982c93d52b",	30	"rev": "dd51c8eb0e10dded8c8967c431757fceef9a3866",
31	"type": "github"	31	"type": "github"
32	},	32	},
33	"original": {	33	"original": {


diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index ba304e22..8cbb51ef 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix
@@ -1,7 +1,7 @@
1	{ flake, pkgs, ... }:	1	{ flake, pkgs, ... }:
2	{	2	{
3	imports = with flake.nixosModules.systemProfiles; [	3	imports = with flake.nixosModules.systemProfiles; [
4	qemu-guest openssh rebuild-machines	4	qemu-guest openssh rebuild-machines ./zfs.nix
5	];	5	];
6		6
7	config = {	7	config = {
@@ -24,7 +24,10 @@
24	tmpOnTmpfs = true;	24	tmpOnTmpfs = true;
25		25
26	supportedFilesystems = [ "zfs" ];	26	supportedFilesystems = [ "zfs" ];
27	zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id	27	zfs = {
		28	enableUnstable = true;
		29	devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id
		30	};
28	};	31	};
29		32
30	fileSystems = {	33	fileSystems = {
@@ -37,33 +40,6 @@
37	{ device = "/dev/disk/by-label/boot";	40	{ device = "/dev/disk/by-label/boot";
38	fsType = "vfat";	41	fsType = "vfat";
39	};	42	};
40
41	"/nix" =
42	{ device = "surtr/local/nix";
43	fsType = "zfs";
44	};
45
46	"/root" =
47	{ device = "surtr/safe/home-root";
48	fsType = "zfs";
49	neededForBoot = true;
50	};
51
52	"/var/lib/systemd" =
53	{ device = "surtr/local/var-lib-systemd";
54	fsType = "zfs";
55	neededForBoot = true;
56	};
57
58	"/var/log" =
59	{ device = "surtr/local/var-log";
60	fsType = "zfs";
61	};
62
63	"/home" =
64	{ device = "surtr/safe/home";
65	fsType = "zfs";
66	};
67	};	43	};
68		44
69	networking = {	45	networking = {


diff --git a/hosts/surtr/zfs.nix b/hosts/surtr/zfs.nix new file mode 100644 index 00000000..72cc79e3 --- /dev/null +++ b/hosts/surtr/zfs.nix
@@ -0,0 +1,89 @@
		1	{ pkgs, config, ... }:
		2	let
		3	snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"];
		4	snapshotCount = {
		5	frequent = 24;
		6	hourly = 24;
		7	daily = 30;
		8	monthly = 12;
		9	yearly = 5;
		10	};
		11	snapshotTimerConfig = {
		12	frequent = { OnCalendar = "*:0/5"; Persistent = true; };
		13	hourly = { OnCalendar = "hourly"; Persistent = true; };
		14	daily = { OnCalendar = "daily"; Persistent = true; };
		15	monthly = { OnCalendar = "monthly"; Persistent = true; };
		16	yearly = { OnCalendar = "yearly"; Persistent = true; };
		17	};
		18	snapshotDescr = {
		19	frequent = "few minutes";
		20	hourly = "hour";
		21	daily = "day";
		22	monthly = "month";
		23	yearly = "year";
		24	};
		25
		26	zfs = config.boot.zfs.package;
		27
		28	autosnapPackage = pkgs.zfstools.override { inherit zfs; };
		29	in {
		30	config = {
		31	fileSystems = {
		32	"/nix" =
		33	{ device = "surtr/local/nix";
		34	fsType = "zfs";
		35	};
		36
		37	"/root" =
		38	{ device = "surtr/safe/home-root";
		39	fsType = "zfs";
		40	neededForBoot = true;
		41	};
		42
		43	"/var/lib/systemd" =
		44	{ device = "surtr/local/var-lib-systemd";
		45	fsType = "zfs";
		46	neededForBoot = true;
		47	};
		48
		49	"/var/log" =
		50	{ device = "surtr/local/var-log";
		51	fsType = "zfs";
		52	};
		53
		54	"/home" =
		55	{ device = "surtr/safe/home";
		56	fsType = "zfs";
		57	};
		58	};
		59
		60	systemd.services =
		61	let mkSnapService = snapName: {
		62	name = "zfs-snapshot-${snapName}";
		63	value = {
		64	description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}";
		65	after = [ "zfs-import.target" ];
		66	serviceConfig = {
		67	Type = "oneshot";
		68	ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}";
		69	};
		70	restartIfChanged = false;
		71
		72	preStart = ''
		73	${zfs}/bin/zfs set com.sun:auto-snapshot=true surtr/safe
		74	'';
		75	};
		76	};
		77	in builtins.listToAttrs (map mkSnapService snapshotNames);
		78
		79	systemd.timers =
		80	let mkSnapTimer = snapName: {
		81	name = "zfs-snapshot-${snapName}";
		82	value = {
		83	wantedBy = [ "timers.target" ];
		84	timerConfig = snapshotTimerConfig.${snapName};
		85	};
		86	};
		87	in builtins.listToAttrs (map mkSnapTimer snapshotNames);
		88	};
		89	}


diff --git a/system-profiles/core.nix b/system-profiles/core.nix index fd9245f8..49869e60 100644 --- a/system-profiles/core.nix +++ b/system-profiles/core.nix
@@ -59,8 +59,6 @@ in {
59	sops-nix.flake = flakeInputs.sops-nix;	59	sops-nix.flake = flakeInputs.sops-nix;
60	nixos.flake = flake;	60	nixos.flake = flake;
61	};	61	};
62
63	sandboxPaths = lib.mkDefault [ "/bin/sh=${pkgs.busybox-sandbox-shell}/bin/busybox" ]; # aeeee44
64	};	62	};
65		63
66	users.mutableUsers = false;	64	users.mutableUsers = false;