diff options
-rw-r--r-- | flake.lock | 12 | ||||
-rw-r--r-- | hosts/surtr/default.nix | 34 | ||||
-rw-r--r-- | hosts/surtr/zfs.nix | 89 | ||||
-rw-r--r-- | system-profiles/core.nix | 2 |
4 files changed, 100 insertions, 37 deletions
@@ -7,11 +7,11 @@ | |||
7 | ] | 7 | ] |
8 | }, | 8 | }, |
9 | "locked": { | 9 | "locked": { |
10 | "lastModified": 1621719066, | 10 | "lastModified": 1622145920, |
11 | "narHash": "sha256-TcpYTMKkZztb8YDHIlxM87t1e+Pzxzku28qBAT4ZsYY=", | 11 | "narHash": "sha256-/tt6IApLuVcGP5auy4zjLzfm5+MBHYLS3Nauvv2U2EQ=", |
12 | "owner": "nix-community", | 12 | "owner": "nix-community", |
13 | "repo": "home-manager", | 13 | "repo": "home-manager", |
14 | "rev": "64607f58b75741470284c698f82f0199fcecdfa7", | 14 | "rev": "0e6c61a44092e98ba1d75b41f4f947843dc7814d", |
15 | "type": "github" | 15 | "type": "github" |
16 | }, | 16 | }, |
17 | "original": { | 17 | "original": { |
@@ -23,11 +23,11 @@ | |||
23 | }, | 23 | }, |
24 | "nixpkgs": { | 24 | "nixpkgs": { |
25 | "locked": { | 25 | "locked": { |
26 | "lastModified": 1621775472, | 26 | "lastModified": 1622290771, |
27 | "narHash": "sha256-XNY2WlrufkBXTdaW7eOwmM4eukNIsb2ItKdjPwB7AAE=", | 27 | "narHash": "sha256-VDIJJMEjpdhbU+z0+JnQx/puJaaPGywf/osCbOtEj4Y=", |
28 | "owner": "NixOS", | 28 | "owner": "NixOS", |
29 | "repo": "nixpkgs", | 29 | "repo": "nixpkgs", |
30 | "rev": "3f1b917deae4efd529c7d923013f36982c93d52b", | 30 | "rev": "dd51c8eb0e10dded8c8967c431757fceef9a3866", |
31 | "type": "github" | 31 | "type": "github" |
32 | }, | 32 | }, |
33 | "original": { | 33 | "original": { |
diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index ba304e22..8cbb51ef 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix | |||
@@ -1,7 +1,7 @@ | |||
1 | { flake, pkgs, ... }: | 1 | { flake, pkgs, ... }: |
2 | { | 2 | { |
3 | imports = with flake.nixosModules.systemProfiles; [ | 3 | imports = with flake.nixosModules.systemProfiles; [ |
4 | qemu-guest openssh rebuild-machines | 4 | qemu-guest openssh rebuild-machines ./zfs.nix |
5 | ]; | 5 | ]; |
6 | 6 | ||
7 | config = { | 7 | config = { |
@@ -24,7 +24,10 @@ | |||
24 | tmpOnTmpfs = true; | 24 | tmpOnTmpfs = true; |
25 | 25 | ||
26 | supportedFilesystems = [ "zfs" ]; | 26 | supportedFilesystems = [ "zfs" ]; |
27 | zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id | 27 | zfs = { |
28 | enableUnstable = true; | ||
29 | devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id | ||
30 | }; | ||
28 | }; | 31 | }; |
29 | 32 | ||
30 | fileSystems = { | 33 | fileSystems = { |
@@ -37,33 +40,6 @@ | |||
37 | { device = "/dev/disk/by-label/boot"; | 40 | { device = "/dev/disk/by-label/boot"; |
38 | fsType = "vfat"; | 41 | fsType = "vfat"; |
39 | }; | 42 | }; |
40 | |||
41 | "/nix" = | ||
42 | { device = "surtr/local/nix"; | ||
43 | fsType = "zfs"; | ||
44 | }; | ||
45 | |||
46 | "/root" = | ||
47 | { device = "surtr/safe/home-root"; | ||
48 | fsType = "zfs"; | ||
49 | neededForBoot = true; | ||
50 | }; | ||
51 | |||
52 | "/var/lib/systemd" = | ||
53 | { device = "surtr/local/var-lib-systemd"; | ||
54 | fsType = "zfs"; | ||
55 | neededForBoot = true; | ||
56 | }; | ||
57 | |||
58 | "/var/log" = | ||
59 | { device = "surtr/local/var-log"; | ||
60 | fsType = "zfs"; | ||
61 | }; | ||
62 | |||
63 | "/home" = | ||
64 | { device = "surtr/safe/home"; | ||
65 | fsType = "zfs"; | ||
66 | }; | ||
67 | }; | 43 | }; |
68 | 44 | ||
69 | networking = { | 45 | networking = { |
diff --git a/hosts/surtr/zfs.nix b/hosts/surtr/zfs.nix new file mode 100644 index 00000000..72cc79e3 --- /dev/null +++ b/hosts/surtr/zfs.nix | |||
@@ -0,0 +1,89 @@ | |||
1 | { pkgs, config, ... }: | ||
2 | let | ||
3 | snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"]; | ||
4 | snapshotCount = { | ||
5 | frequent = 24; | ||
6 | hourly = 24; | ||
7 | daily = 30; | ||
8 | monthly = 12; | ||
9 | yearly = 5; | ||
10 | }; | ||
11 | snapshotTimerConfig = { | ||
12 | frequent = { OnCalendar = "*:0/5"; Persistent = true; }; | ||
13 | hourly = { OnCalendar = "hourly"; Persistent = true; }; | ||
14 | daily = { OnCalendar = "daily"; Persistent = true; }; | ||
15 | monthly = { OnCalendar = "monthly"; Persistent = true; }; | ||
16 | yearly = { OnCalendar = "yearly"; Persistent = true; }; | ||
17 | }; | ||
18 | snapshotDescr = { | ||
19 | frequent = "few minutes"; | ||
20 | hourly = "hour"; | ||
21 | daily = "day"; | ||
22 | monthly = "month"; | ||
23 | yearly = "year"; | ||
24 | }; | ||
25 | |||
26 | zfs = config.boot.zfs.package; | ||
27 | |||
28 | autosnapPackage = pkgs.zfstools.override { inherit zfs; }; | ||
29 | in { | ||
30 | config = { | ||
31 | fileSystems = { | ||
32 | "/nix" = | ||
33 | { device = "surtr/local/nix"; | ||
34 | fsType = "zfs"; | ||
35 | }; | ||
36 | |||
37 | "/root" = | ||
38 | { device = "surtr/safe/home-root"; | ||
39 | fsType = "zfs"; | ||
40 | neededForBoot = true; | ||
41 | }; | ||
42 | |||
43 | "/var/lib/systemd" = | ||
44 | { device = "surtr/local/var-lib-systemd"; | ||
45 | fsType = "zfs"; | ||
46 | neededForBoot = true; | ||
47 | }; | ||
48 | |||
49 | "/var/log" = | ||
50 | { device = "surtr/local/var-log"; | ||
51 | fsType = "zfs"; | ||
52 | }; | ||
53 | |||
54 | "/home" = | ||
55 | { device = "surtr/safe/home"; | ||
56 | fsType = "zfs"; | ||
57 | }; | ||
58 | }; | ||
59 | |||
60 | systemd.services = | ||
61 | let mkSnapService = snapName: { | ||
62 | name = "zfs-snapshot-${snapName}"; | ||
63 | value = { | ||
64 | description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}"; | ||
65 | after = [ "zfs-import.target" ]; | ||
66 | serviceConfig = { | ||
67 | Type = "oneshot"; | ||
68 | ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}"; | ||
69 | }; | ||
70 | restartIfChanged = false; | ||
71 | |||
72 | preStart = '' | ||
73 | ${zfs}/bin/zfs set com.sun:auto-snapshot=true surtr/safe | ||
74 | ''; | ||
75 | }; | ||
76 | }; | ||
77 | in builtins.listToAttrs (map mkSnapService snapshotNames); | ||
78 | |||
79 | systemd.timers = | ||
80 | let mkSnapTimer = snapName: { | ||
81 | name = "zfs-snapshot-${snapName}"; | ||
82 | value = { | ||
83 | wantedBy = [ "timers.target" ]; | ||
84 | timerConfig = snapshotTimerConfig.${snapName}; | ||
85 | }; | ||
86 | }; | ||
87 | in builtins.listToAttrs (map mkSnapTimer snapshotNames); | ||
88 | }; | ||
89 | } | ||
diff --git a/system-profiles/core.nix b/system-profiles/core.nix index fd9245f8..49869e60 100644 --- a/system-profiles/core.nix +++ b/system-profiles/core.nix | |||
@@ -59,8 +59,6 @@ in { | |||
59 | sops-nix.flake = flakeInputs.sops-nix; | 59 | sops-nix.flake = flakeInputs.sops-nix; |
60 | nixos.flake = flake; | 60 | nixos.flake = flake; |
61 | }; | 61 | }; |
62 | |||
63 | sandboxPaths = lib.mkDefault [ "/bin/sh=${pkgs.busybox-sandbox-shell}/bin/busybox" ]; # aeeee44 | ||
64 | }; | 62 | }; |
65 | 63 | ||
66 | users.mutableUsers = false; | 64 | users.mutableUsers = false; |