From 60461c7bfb291e811e74c6f38a4a1b22fd2e5592 Mon Sep 17 00:00:00 2001 From: NAHO <90870942+trueNAHO@users.noreply.github.com> Date: Sat, 10 Feb 2024 19:05:37 +0100 Subject: [PATCH] chore!: 2024-02-10 19:05:37 +0100 --- modules/impermanence/nixos/default.nix | 94 ++++++++++---------------- 1 file changed, 35 insertions(+), 59 deletions(-) diff --git a/modules/impermanence/nixos/default.nix b/modules/impermanence/nixos/default.nix index 48bd9d4..241edb9 100644 --- a/modules/impermanence/nixos/default.nix +++ b/modules/impermanence/nixos/default.nix @@ -49,67 +49,43 @@ lib.mkIf cfg.enable { modules.agenix.nixosModules.default.enable = true; - # References: + # Reference: # - # - # - https://guekka.github.io/nixos-server-1 # TODO: required? - # - https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html - boot.initrd = + # - https://github.com/nix-community/impermanence/blob/cd13c2917eaa68e4c49fea0ff9cada45440d7045/README.org?plain=1#L91-L157 + boot.initrd.postDeviceCommands = lib.mkIf - cfg.btrfsSnapshots.enable { - # supportedFilesystems = ["btrfs"]; # TODO: required? - - systemd.enable = true; - - systemd.services.impermanence = { - after = ["systemd-cryptsetup@enc.service"]; - before = ["sysroot.mount"]; - description = "Erase your Btrfs darlings"; - # path = [pkgs.btrfs]; TODO: access command names via 'pkgs.pname'. - - script = '' - set -e - - # TODO: remove - set +x - ls "${cfg.btrfsSnapshots.filesystemRoot}" >&2 - - mount_point="/btrfs_tmp" - - mount \ - --options subvol=/ \ - --types btrfs \ - "${cfg.btrfsSnapshots.filesystemRoot}" \ - "$mount_point" - - trap 'umount "$mount_point" && rmdir "$mount_point"' EXIT - - btrfs \ - subvolume \ - list \ - -o "$mount_point/${cfg.btrfsSnapshots.snapshot.root}" | - awk '{ print $NF }' | - while read -r subvolume; do - btrfs subvolume delete "$mount_point/$subvolume" - done - - btrfs \ - subvolume \ - delete \ - "$mount_point/${cfg.btrfsSnapshots.snapshot.root}" - - btrfs \ - subvolume \ - snapshot \ - "$mount_point/${cfg.btrfsSnapshots.snapshot.blankRoot}" \ - "$mount_point/${cfg.btrfsSnapshots.snapshot.root}" - ''; - - serviceConfig.Type = "oneshot"; - unitConfig.DefaultDependencies = "no"; - wantedBy = ["initrd.target"]; - }; - }; + cfg.btrfsSnapshots.enable + (lib.mkAfter '' + set -e + + # TODO: remove + set +x + + btrfs_subvolume_delete_recursive() { + btrfs subvolume list -o "$1" | + awk '{ print $NF }' | + while read -r subvolume; do + delete_subvolume_recursively "$mount_point/$subvolume" + done + + btrfs subvolume delete "$1" + } + + mount_point=/.erase_your_darlings + + mkdir --parent "$mount_point" + mount "${cfg.btrfsSnapshots.filesystemRoot}" "$mount_point" + + trap 'umount "$mount_point"; rmdir "$mount_point"' EXIT + + btrfs_subvolume_delete_recursive \ + "$mount_point/${cfg.btrfsSnapshots.snapshot.root}" + + btrfs \ + subvolume \ + create \ + "$mount_point/${cfg.btrfsSnapshots.snapshot.root}" + ''); environment.persistence.${cfg.path}.directories = [ "/etc/ssh"