bernardo/Nomarchy
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: implement 'Erase Your Darlings' (Impermanence) root wipe

Browse Source 
- Add @persist subvolume to BTRFS layout
- Implement automatic root-blank snapshotting during installation
- Add initrd rollback script to wipe root on every boot
- Configure persistence for core system state (NM, Bluetooth, SSH, NixOS config)
This commit is contained in:
Bernardo Magri
2026-04-03 21:06:59 +01:00
parent 1b4535aa0a
commit 14d7a89a84
2 changed files with 13 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
installer/disko-btrfs-luks.nix
View File

@@ -34,6 +34,10 @@
mountpoint = "/"; mountpoint = "/";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = [ "compress=zstd" "noatime" ];
}; };
"@persist" = {
mountpoint = "/persist";
mountOptions = [ "compress=zstd" "noatime" ];
};
"@home" = { "@home" = {
mountpoint = "/home"; mountpoint = "/home";
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = [ "compress=zstd" "noatime" ];
@@ -47,6 +51,12 @@
mountOptions = [ "compress=zstd" "noatime" ]; mountOptions = [ "compress=zstd" "noatime" ];
}; };
}; };
postCreateHook = ''
MNTPOINT=$(mktemp -d)
mount -t btrfs /dev/mapper/crypted $MNTPOINT
btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank
umount $MNTPOINT
'';
}; };
}; };
}; };

3
modules/system/impermanence.nix
View File

@@ -47,8 +47,11 @@ in
"/var/log" "/var/log"
"/var/lib/nixos" "/var/lib/nixos"
"/var/lib/systemd/coredump" "/var/lib/systemd/coredump"
"/var/lib/systemd/timesync"
"/var/lib/bluetooth" "/var/lib/bluetooth"
"/etc/NetworkManager/system-connections" "/etc/NetworkManager/system-connections"
"/etc/nixos"
"/etc/ssh"
]; ];
files = [ files = [
"/etc/machine-id" "/etc/machine-id"