fix all the issues with persistence, and change GLaDOS to btrfs as an experiment

2026-02-15 17:06:15 +01:00 · 2026-02-15 17:06:15 +01:00 · 022ec828a8
commit 022ec828a8
parent e86ec419c2
6 changed files with 84 additions and 49 deletions
--- a/nixos/desktop/default.nix
+++ b/nixos/desktop/default.nix
@ -33,6 +33,8 @@
    KERNEL=="hidraw*", KERNELS=="*057e:*", MODE="0660", TAG+="uaccess"
    KERNEL=="hidraw*", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
    KERNEL=="hidraw*", KERNELS=="*2DC8:*", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", ATTRS{idProduct}=="6012", ATTRS{idVendor}=="2dc8", MODE="0660", TAG+="uaccess"
+    KERNEL=="hidraw*", KERNELS=="*2DC8:6012*", MODE="0660", TAG+="uaccess"
  '';

  environment.systemPackages = with pkgs;
@ -60,6 +62,7 @@
      pciutils
      podman
      podman-compose
+      python3Minimal
      sbctl
      tpm2-tools
      tpm2-tss
--- a/nixos/hosts/GLaDOS/configuration.nix
+++ b/nixos/hosts/GLaDOS/configuration.nix
@ -75,8 +75,36 @@
    #   };
    # };
  };
-
  boot = {
+    # Nuke root AND home subvolumes on every boot
+    initrd.systemd.services.wipe-my-fs = {
+      requires = ["dev-mapper-nvme_crypted.device"];
+      after = ["dev-mapper-nvme_crypted.device"];
+      wantedBy = ["initrd.target"];
+      script = ''
+        mkdir -p /btrfs_tmp
+          mount /dev/mapper/cryptroot /btrfs_tmp
+
+          delete_subvolume_recursively() {
+              IFS=$'\n'
+              for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+                  delete_subvolume_recursively "/btrfs_tmp/$i"
+              done
+              btrfs subvolume delete "$1"
+          }
+
+          # Nuke and recreate root
+          delete_subvolume_recursively /btrfs_tmp/root
+          btrfs subvolume create /btrfs_tmp/root
+
+          # Nuke and recreate home (wipes /home — but we restore via impermanence)
+          delete_subvolume_recursively /btrfs_tmp/home
+          btrfs subvolume create /btrfs_tmp/home
+
+          umount /btrfs_tmp
+      '';
+    };
+
    loader.systemd-boot.enable = false;
    initrd.systemd.enable = true;
    kernelPackages = pkgs.linuxPackages_latest;
@ -89,9 +117,6 @@
      pkiBundle = "/var/lib/sbctl";
    };
    extraModprobeConfig = ''
-      #fix for https://gitlab.freedesktop.org/drm/amd/-/issues/4141
-      amdgpu.runpm=0
-      amdgpu.dcdebugmask=0x10
    '';
  };

--- a/nixos/shared/preservation.nix
+++ b/nixos/shared/preservation.nix
@ -62,6 +62,7 @@
        {
          file = "/etc/machine-id";
          inInitrd = true;
+          how = "symlink";
        }
        {
          file = "/etc/ssh/ssh_host_rsa_key";
@ -155,20 +156,16 @@
      };
    };
  };
-
-  # Create some directories with custom permissions.
-  #
-  # In this configuration the path `/home/butz/.local` is not an immediate parent
-  # of any persisted file, so it would be created with the systemd-tmpfiles default
-  # ownership `root:root` and mode `0755`. This would mean that the user `butz`
-  # could not create other files or directories inside `/home/butz/.local`.
-  #
-  # Therefore systemd-tmpfiles is used to prepare such directories with
-  # appropriate permissions.
-  #
-  # Note that immediate parent directories of persisted files can also be
-  # configured with ownership and permissions from the `parent` settings if
-  # `configureParent = true` is set for the file.
+  systemd.services.systemd-machine-id-commit = {
+    unitConfig.ConditionPathIsMountPoint = [
+      ""
+      "/persistent/etc/machine-id"
+    ];
+    serviceConfig.ExecStart = [
+      ""
+      "systemd-machine-id-setup --commit --root /persistent"
+    ];
+  };
  systemd.tmpfiles.settings.preservation = {
    "/home/lillian/.config".d = {
      user = "lillian";