3 files changed, 85 insertions, 102 deletions

diff --git a/common.nix b/common.nix
index 36f7483..e51ce81 100644
--- a/common.nix
+++ b/common.nix
@@ -38,15 +38,89 @@ in
   # we want to be able to do a memtest
   boot.loader.systemd-boot.memtest86.enable = true;
 
-  # use systemd early
-  boot.initrd.systemd.enable = true;
-
   # setup the console stuff early
   console.earlySetup = true;
 
   # swap to RAM
   zramSwap.enable = true;
 
+  # root file system from encrypted disk
+  fileSystems."/" =
+    { device = "/dev/mapper/crypt-system";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=root" "noatime" "nodiratime" ];
+    };
+
+  # nix store file system from encrypted disk
+  fileSystems."/nix" =
+    { device = "/dev/mapper/crypt-system";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=nix" "noatime" "nodiratime" ];
+    };
+
+  # data store file system from encrypted disk
+  fileSystems."/data" =
+    { device = "/dev/mapper/crypt-system";
+      fsType = "btrfs";
+      neededForBoot = true;
+      options = [ "subvol=data" "noatime" "nodiratime" ];
+    };
+
+  # bind mount to have homes
+  fileSystems."/home" =
+    { device = "/data/home";
+      fsType = "none";
+      neededForBoot = true;
+      options = [ "bind" ];
+      depends = [ "/data" ];
+    };
+
+  # bind mount to have root home
+  fileSystems."/root" =
+    { device = "/data/root";
+      fsType = "none";
+      neededForBoot = true;
+      options = [ "bind" ];
+      depends = [ "/data" ];
+    };
+
+  # bind mount to have NixOS configuration, different per host
+  fileSystems."/etc/nixos" =
+    { device = "/data/nixos/${config.networking.hostName}";
+      fsType = "none";
+      neededForBoot = true;
+      options = [ "bind" ];
+      depends = [ "/data" ];
+    };
+
+  # impermanence root setup
+  boot.initrd.postDeviceCommands = pkgs.lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount /dev/mapper/crypt-system /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+            delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    umount /btrfs_tmp
+  '';
+
   # keep some stuff persistent
   environment.persistence."/nix/persistent" = {
     directories = [
diff --git a/mini/hardware-configuration.nix b/mini/hardware-configuration.nix
index 6cef000..76fd0c0 100644
--- a/mini/hardware-configuration.nix
+++ b/mini/hardware-configuration.nix
@@ -13,60 +13,15 @@
    # system
   boot.initrd.luks.devices."crypt-system".device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2325E6E63746-part2";
 
-  # vms
-  boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/ata-CT2000MX500SSD1_2138E5D5061F";
-
-  fileSystems."/" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=root" "noatime" "nodiratime" ];
-    };
-
+  # efi partition
   fileSystems."/boot" =
     { device = "/dev/disk/by-id/nvme-CT4000P3PSSD8_2325E6E63746-part1";
       fsType = "vfat";
       neededForBoot = true;
     };
 
-  fileSystems."/nix" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=nix" "noatime" "nodiratime" ];
-    };
-
-  fileSystems."/data" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=data" "noatime" "nodiratime" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/data/home";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
-  fileSystems."/root" =
-    { device = "/data/root";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
-  fileSystems."/etc/nixos" =
-    { device = "/data/nixos/mini";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
+  # vms
+  boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/ata-CT2000MX500SSD1_2138E5D5061F";
   fileSystems."/home/cullmann/vms" =
     { device = "/dev/mapper/crypt-vms";
       fsType = "btrfs";
diff --git a/neko/hardware-configuration.nix b/neko/hardware-configuration.nix
index b1109ef..b26f648 100644
--- a/neko/hardware-configuration.nix
+++ b/neko/hardware-configuration.nix
@@ -13,63 +13,15 @@
    # system
   boot.initrd.luks.devices."crypt-system".device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part2";
 
-  # vms
-  boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05";
-
-  # projects
-  boot.initrd.luks.devices."crypt-projects".device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L";
-
-  fileSystems."/" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=root" "noatime" "nodiratime" ];
-    };
-
+  # efi partition
   fileSystems."/boot" =
     { device = "/dev/disk/by-id/nvme-Seagate_FireCuda_530_ZP4000GM30013_7VS01VBM-part1";
       fsType = "vfat";
       neededForBoot = true;
     };
 
-  fileSystems."/nix" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=nix" "noatime" "nodiratime" ];
-    };
-
-  fileSystems."/data" =
-    { device = "/dev/mapper/crypt-system";
-      fsType = "btrfs";
-      neededForBoot = true;
-      options = [ "subvol=data" "noatime" "nodiratime" ];
-    };
-
-  fileSystems."/home" =
-    { device = "/data/home";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
-  fileSystems."/root" =
-    { device = "/data/root";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
-  fileSystems."/etc/nixos" =
-    { device = "/data/nixos/neko";
-      fsType = "none";
-      neededForBoot = true;
-      options = [ "bind" ];
-      depends = [ "/data" ];
-    };
-
+  # vms
+  boot.initrd.luks.devices."crypt-vms".device = "/dev/disk/by-id/nvme-CT2000P5PSSD8_213330E4ED05";
   fileSystems."/home/cullmann/vms" =
     { device = "/dev/mapper/crypt-vms";
       fsType = "btrfs";
@@ -78,6 +30,8 @@
       depends = [ "/home" ];
     };
 
+  # projects
+  boot.initrd.luks.devices."crypt-projects".device = "/dev/disk/by-id/nvme-Samsung_SSD_980_PRO_2TB_S69ENF0R846614L";
   fileSystems."/home/cullmann/projects" =
     { device = "/dev/mapper/crypt-projects";
       fsType = "btrfs";