feat: implement 'Erase Your Darlings' (Impermanence) root wipe

- Add @persist subvolume to BTRFS layout - Implement automatic root-blank snapshotting during installation - Add initrd rollback script to wipe root on every boot - Configure persistence for core system state (NM, Bluetooth, SSH, NixOS config)
2026-04-03 21:06:59 +01:00
parent 1b4535aa0a
commit 14d7a89a84
2 changed files with 13 additions and 0 deletions
--- a/installer/disko-btrfs-luks.nix
+++ b/installer/disko-btrfs-luks.nix
@@ -34,6 +34,10 @@
                      mountpoint = "/";
                      mountOptions = [ "compress=zstd" "noatime" ];
                    };
+                    "@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
                    "@home" = {
                      mountpoint = "/home";
                      mountOptions = [ "compress=zstd" "noatime" ];
@@ -47,6 +51,12 @@
                      mountOptions = [ "compress=zstd" "noatime" ];
                    };
                  };
+                  postCreateHook = ''
+                    MNTPOINT=$(mktemp -d)
+                    mount -t btrfs /dev/mapper/crypted $MNTPOINT
+                    btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank
+                    umount $MNTPOINT
+                  '';
                };
              };
            };