From 14d7a89a847dae3d2b351e24dc3d0a7254bd0e9a Mon Sep 17 00:00:00 2001 From: Bernardo Magri Date: Fri, 3 Apr 2026 21:06:59 +0100 Subject: [PATCH] feat: implement 'Erase Your Darlings' (Impermanence) root wipe - Add @persist subvolume to BTRFS layout - Implement automatic root-blank snapshotting during installation - Add initrd rollback script to wipe root on every boot - Configure persistence for core system state (NM, Bluetooth, SSH, NixOS config) --- installer/disko-btrfs-luks.nix | 10 ++++++++++ modules/system/impermanence.nix | 3 +++ 2 files changed, 13 insertions(+) diff --git a/installer/disko-btrfs-luks.nix b/installer/disko-btrfs-luks.nix index b132839..8568680 100644 --- a/installer/disko-btrfs-luks.nix +++ b/installer/disko-btrfs-luks.nix @@ -34,6 +34,10 @@ mountpoint = "/"; mountOptions = [ "compress=zstd" "noatime" ]; }; + "@persist" = { + mountpoint = "/persist"; + mountOptions = [ "compress=zstd" "noatime" ]; + }; "@home" = { mountpoint = "/home"; mountOptions = [ "compress=zstd" "noatime" ]; @@ -47,6 +51,12 @@ mountOptions = [ "compress=zstd" "noatime" ]; }; }; + postCreateHook = '' + MNTPOINT=$(mktemp -d) + mount -t btrfs /dev/mapper/crypted $MNTPOINT + btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank + umount $MNTPOINT + ''; }; }; }; diff --git a/modules/system/impermanence.nix b/modules/system/impermanence.nix index 6026cca..d1f23a3 100644 --- a/modules/system/impermanence.nix +++ b/modules/system/impermanence.nix @@ -47,8 +47,11 @@ in "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" + "/var/lib/systemd/timesync" "/var/lib/bluetooth" "/etc/NetworkManager/system-connections" + "/etc/nixos" + "/etc/ssh" ]; files = [ "/etc/machine-id"