52 lines
1.4 KiB
Nix
52 lines
1.4 KiB
Nix
{ config, lib, pkgs, modules, ... }:
|
|
|
|
with lib;
|
|
|
|
{
|
|
imports = [ modules.bindMounts ];
|
|
|
|
users.mutableUsers = false;
|
|
|
|
boot.initrd = mkIf (config.fileSystems."/".fsType == "zfs") {
|
|
network.ssh.hostKeys = mkIf config.hacc.encboot.enable
|
|
(mkForce [ /persist/ssh/encboot_host ]);
|
|
|
|
postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable)
|
|
(mkAfter ''
|
|
zfs rollback -r ${config.fileSystems."/".device}@blank
|
|
'');
|
|
|
|
systemd = mkIf config.boot.initrd.systemd.enable {
|
|
storePaths = [ pkgs.zfs ];
|
|
services.rollback = {
|
|
description = "Rollback ZFS datasets to a pristine state";
|
|
wantedBy = [ "initrd.target" ];
|
|
after = [ "zfs-import-${head (splitString "/" config.fileSystems."/".device)}.service" ];
|
|
before = [ "sysroot.mount" ];
|
|
path = [ pkgs.zfs ];
|
|
unitConfig.DefaultDependencies = "no";
|
|
serviceConfig.Type = "oneshot";
|
|
script = ''
|
|
zfs rollback -r ${config.fileSystems."/".device}@blank && echo "rollback complete"
|
|
'';
|
|
};
|
|
};
|
|
};
|
|
|
|
services.openssh = {
|
|
hostKeys = [
|
|
{
|
|
path = "/persist/ssh/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/persist/ssh/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.postgresql.dataDir =
|
|
"/persist/postgresql/${config.services.postgresql.package.psqlSchema}";
|
|
}
|