mirror of
https://codeberg.org/muon/home.git
synced 2025-12-06 08:07:45 +00:00
53 lines
1.8 KiB
Markdown
53 lines
1.8 KiB
Markdown
# Installation
|
|
|
|
```sh
|
|
sudo nix --experimental-features "nix-command flakes" run github:nix-community/disko/latest -- --mode destroy,format,mount hosts/$(hostname)/disk-config.nix
|
|
sudo mkdir /tmp/mnt
|
|
sudo mount /dev/mapper/crypted /tmp/mnt
|
|
sudo btrfs subvolume snapshot -r /tmp/mnt/root /tmp/mnt/root-blank
|
|
sudo umount /tmp/mnt
|
|
sudo nixos-generate-config --no-filesystems --root /mnt
|
|
cp /mnt/etc/nixos/hardware-configuration.nix hosts/$(hostname)/hardware-configuration.nix
|
|
rbw config set email admin@muon.host
|
|
rbw config set base_url https://vault.muon.host
|
|
rbw login
|
|
sudo mkdir -p /mnt{,/persist}/var/lib/sops-nix
|
|
sudo chown muon:users /mnt/var/lib/sops-nix -R
|
|
sudo chown muon:users /mnt/persist/var/lib/sops-nix -R
|
|
rbw get sops > /mnt/var/lib/sops-nix/key.txt
|
|
sudo cp {/mnt,/mnt/persist}/var/lib/sops-nix/key.txt
|
|
sudo nixos-install --root /mnt --no-root-passwd --flake .#$(hostname)
|
|
sudo cp -r /mnt/var/lib/nixos/* /mnt/persist/var/lib/nixos/
|
|
sudo cp {/mnt,/mnt/persist}/etc/machine-id
|
|
```
|
|
|
|
# Impermanence
|
|
|
|
## Erasure
|
|
|
|
```nix
|
|
boot.initrd.postResumeCommands = lib.mkAfter ''
|
|
mkdir /btrfs_tmp
|
|
mount /dev/mapper/crypted /btrfs_tmp
|
|
if [[ -e /btrfs_tmp/root ]]; then
|
|
mkdir -p /btrfs_tmp/old_roots
|
|
timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
|
|
mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
|
|
fi
|
|
|
|
delete_subvolume_recursively() {
|
|
IFS=$'\n'
|
|
for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
|
|
delete_subvolume_recursively "/btrfs_tmp/$i"
|
|
done
|
|
btrfs subvolume delete "$1"
|
|
}
|
|
|
|
for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
|
|
delete_subvolume_recursively "$i"
|
|
done
|
|
|
|
btrfs subvolume create /btrfs_tmp/root
|
|
umount /btrfs_tmp
|
|
'';
|
|
```
|