flake/README.md

# Installation

```sh
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/$(hostname)/disk-config.nix
sudo mkdir /tmp/mnt
sudo mount /dev/mapper/crypted /tmp/mnt
sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank
sudo umount /tmp/mnt
sudo nixos-generate-config --no-filesystems --root /mnt
cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configuration.nix
rbw config set email admin@muon.host
rbw config set base_url https://vault.muon.host
rbw login
sudo mkdir -p /mnt/var/lib/sops-nix
sudo chown muon:users /mnt/var/lib/sops-nix -R
rbw get sops > /mnt/var/lib/sops-nix/key.txt
sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
sudo mkdir -p /mnt/persist/{etc,var/lib/systemd}
sudo cp -r {/mnt,/mnt/persist}/etc/nixos
sudo cp -r {/mnt,/mnt/persist}/var/lib/nixos
sudo cp -r {/mnt,/mnt/persist}/var/lib/sops-nix
sudo cp -r {/mnt,/mnt/persist}/var/lib/systemd/coredump
sudo cp {/mnt,/mnt/persist}/etc/machine-id
```

# Impermanence

## Erasure

```nix
  boot.initrd.postResumeCommands = lib.mkAfter ''
    mkdir /btrfs_tmp
    mount /dev/mapper/crypted /btrfs_tmp
    if [[ -e /btrfs_tmp/root ]]; then
        mkdir -p /btrfs_tmp/old_roots
        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
    fi

    delete_subvolume_recursively() {
        IFS=$'\n'
        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
            delete_subvolume_recursively "/btrfs_tmp/$i"
        done
        btrfs subvolume delete "$1"
    }

    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
        delete_subvolume_recursively "$i"
    done

    btrfs subvolume create /btrfs_tmp/root
    umount /btrfs_tmp
  '';
```