From 333d4bcf563d8bc341460a5ff5e47c7fa36ddc4a Mon Sep 17 00:00:00 2001 From: Gregor Kleen Date: Sat, 29 May 2021 15:18:04 +0200 Subject: surtr: zfs snapshots --- flake.lock | 12 +++---- hosts/surtr/default.nix | 34 +++--------------- hosts/surtr/zfs.nix | 89 ++++++++++++++++++++++++++++++++++++++++++++++++ system-profiles/core.nix | 2 -- 4 files changed, 100 insertions(+), 37 deletions(-) create mode 100644 hosts/surtr/zfs.nix diff --git a/flake.lock b/flake.lock index bfbdd90f..5d04aafd 100644 --- a/flake.lock +++ b/flake.lock @@ -7,11 +7,11 @@ ] }, "locked": { - "lastModified": 1621719066, - "narHash": "sha256-TcpYTMKkZztb8YDHIlxM87t1e+Pzxzku28qBAT4ZsYY=", + "lastModified": 1622145920, + "narHash": "sha256-/tt6IApLuVcGP5auy4zjLzfm5+MBHYLS3Nauvv2U2EQ=", "owner": "nix-community", "repo": "home-manager", - "rev": "64607f58b75741470284c698f82f0199fcecdfa7", + "rev": "0e6c61a44092e98ba1d75b41f4f947843dc7814d", "type": "github" }, "original": { @@ -23,11 +23,11 @@ }, "nixpkgs": { "locked": { - "lastModified": 1621775472, - "narHash": "sha256-XNY2WlrufkBXTdaW7eOwmM4eukNIsb2ItKdjPwB7AAE=", + "lastModified": 1622290771, + "narHash": "sha256-VDIJJMEjpdhbU+z0+JnQx/puJaaPGywf/osCbOtEj4Y=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3f1b917deae4efd529c7d923013f36982c93d52b", + "rev": "dd51c8eb0e10dded8c8967c431757fceef9a3866", "type": "github" }, "original": { diff --git a/hosts/surtr/default.nix b/hosts/surtr/default.nix index ba304e22..8cbb51ef 100644 --- a/hosts/surtr/default.nix +++ b/hosts/surtr/default.nix @@ -1,7 +1,7 @@ { flake, pkgs, ... }: { imports = with flake.nixosModules.systemProfiles; [ - qemu-guest openssh rebuild-machines + qemu-guest openssh rebuild-machines ./zfs.nix ]; config = { @@ -24,7 +24,10 @@ tmpOnTmpfs = true; supportedFilesystems = [ "zfs" ]; - zfs.devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id + zfs = { + enableUnstable = true; + devNodes = "/dev"; # /dev/vda2 does not show up in /dev/disk/by-id + }; }; fileSystems = { @@ -37,33 +40,6 @@ { device = "/dev/disk/by-label/boot"; fsType = "vfat"; }; - - "/nix" = - { device = "surtr/local/nix"; - fsType = "zfs"; - }; - - "/root" = - { device = "surtr/safe/home-root"; - fsType = "zfs"; - neededForBoot = true; - }; - - "/var/lib/systemd" = - { device = "surtr/local/var-lib-systemd"; - fsType = "zfs"; - neededForBoot = true; - }; - - "/var/log" = - { device = "surtr/local/var-log"; - fsType = "zfs"; - }; - - "/home" = - { device = "surtr/safe/home"; - fsType = "zfs"; - }; }; networking = { diff --git a/hosts/surtr/zfs.nix b/hosts/surtr/zfs.nix new file mode 100644 index 00000000..72cc79e3 --- /dev/null +++ b/hosts/surtr/zfs.nix @@ -0,0 +1,89 @@ +{ pkgs, config, ... }: +let + snapshotNames = ["frequent" "hourly" "daily" "monthly" "yearly"]; + snapshotCount = { + frequent = 24; + hourly = 24; + daily = 30; + monthly = 12; + yearly = 5; + }; + snapshotTimerConfig = { + frequent = { OnCalendar = "*:0/5"; Persistent = true; }; + hourly = { OnCalendar = "hourly"; Persistent = true; }; + daily = { OnCalendar = "daily"; Persistent = true; }; + monthly = { OnCalendar = "monthly"; Persistent = true; }; + yearly = { OnCalendar = "yearly"; Persistent = true; }; + }; + snapshotDescr = { + frequent = "few minutes"; + hourly = "hour"; + daily = "day"; + monthly = "month"; + yearly = "year"; + }; + + zfs = config.boot.zfs.package; + + autosnapPackage = pkgs.zfstools.override { inherit zfs; }; +in { + config = { + fileSystems = { + "/nix" = + { device = "surtr/local/nix"; + fsType = "zfs"; + }; + + "/root" = + { device = "surtr/safe/home-root"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/lib/systemd" = + { device = "surtr/local/var-lib-systemd"; + fsType = "zfs"; + neededForBoot = true; + }; + + "/var/log" = + { device = "surtr/local/var-log"; + fsType = "zfs"; + }; + + "/home" = + { device = "surtr/safe/home"; + fsType = "zfs"; + }; + }; + + systemd.services = + let mkSnapService = snapName: { + name = "zfs-snapshot-${snapName}"; + value = { + description = "ZFS auto-snapshot every ${snapshotDescr.${snapName}}"; + after = [ "zfs-import.target" ]; + serviceConfig = { + Type = "oneshot"; + ExecStart = "${autosnapPackage}/bin/zfs-auto-snapshot -k -p -u ${snapName} ${toString snapshotCount.${snapName}}"; + }; + restartIfChanged = false; + + preStart = '' + ${zfs}/bin/zfs set com.sun:auto-snapshot=true surtr/safe + ''; + }; + }; + in builtins.listToAttrs (map mkSnapService snapshotNames); + + systemd.timers = + let mkSnapTimer = snapName: { + name = "zfs-snapshot-${snapName}"; + value = { + wantedBy = [ "timers.target" ]; + timerConfig = snapshotTimerConfig.${snapName}; + }; + }; + in builtins.listToAttrs (map mkSnapTimer snapshotNames); + }; +} diff --git a/system-profiles/core.nix b/system-profiles/core.nix index fd9245f8..49869e60 100644 --- a/system-profiles/core.nix +++ b/system-profiles/core.nix @@ -59,8 +59,6 @@ in { sops-nix.flake = flakeInputs.sops-nix; nixos.flake = flake; }; - - sandboxPaths = lib.mkDefault [ "/bin/sh=${pkgs.busybox-sandbox-shell}/bin/busybox" ]; # aeeee44 }; users.mutableUsers = false; -- cgit v1.2.3