Ephemeral system with NixOS
Permalink | Author: Dan Dart | Published: 2021-03-20 13:01:00 UTC | Tags: delete ephemeral nixos system
Recently, I discovered the following reddit post and blog posts:
I thought I didn't need any kind of persistence tool, because btrfs is awesome. So I decided to give it a go myself.
In my case, I'm using btrfs so it's very easy to get going with.
I went through and decided I wanted to keep:
/nix (of course, I don't want to have to download everything all the time)/home (for now, I'll have a go at that one later)/var/lib (databases, docker, etc)/etc/ssh (host keys)/etc/NetworkManager (system connections, VPNs etc)
And I was content with the rest being recreated on boot, especially /tmp, because it vastly speeds up a lot of things!
Firstly I converted the directories I wanted to keep into subvolumes (in rescue mode or live/other OS):
mv /dir-to-keep /dir2
btrfs su c /dir-to-keep
cp -rpv --reflink=always /dir2/* /dir-to-keep/
rm -rf /dir2
--reflink=always makes a CoW copy in btrfs, so this is a much faster way to copy over data.
This worked for most of my directories, except for /nix, so I had to use --reflink=auto because I had a lot of hard links due to nix-store optimisation, so it'll CoW only that which it can.
Noteworthy is that to do /nix to avoid commands disappearing involves doing this (optionally from the running system):
btrfs su c /nix2
cp -rpv --reflink=auto /nix/* /nix2/ # Many hardlinks may be duplicated!
and then from a live or other system (because moving things in-use is dangerous and may not actually work):
mount /dev/XXX /mnt/root
rm -rf /mnt/root/nix
mv /mnt/root/nix2 /mnt/root/nix
Finally I'm able to have / as a tmpfs!
So I added the following to hardware-configuration.nix:
{
fileSystems."/" =
{
device = "tmpfs";
fsType = "tmpfs";
options = [
"size=2G"
];
};
fileSystems."/nix" =
{
device = "/dev/XXX";
fsType = "btrfs";
options = [
"subvol=/nix"
"noatime"
];
};
fileSystems."/etc/ssh" =
{
device = "/dev/XXX";
fsType = "btrfs";
options = [
"subvol=/etc/ssh"
"noatime"
];
};
fileSystems."/etc/NetworkManager" =
{
device = "/dev/XXX";
fsType = "btrfs";
options = [
"subvol=/etc/NetworkManager"
"noatime"
];
};
fileSystems."/var/lib" =
{
device = "/dev/XXX";
fsType = "btrfs";
options = [
"subvol=/var/lib"
"noatime"
];
};
fileSystems."/home" =
{
device = "/dev/XXX";
fsType = "btrfs";
options = [
"subvol=/home"
"noatime"
];
};
}
and making sure my passwords were immutable and persistent via the clauses in configuration.nix:
{
users.mutableUsers = false;
users.users.root.initialHashedPassword = "$6$8RZ1PPxKU6h$dNHnIWiq.h8s.7SpMW14FzK9bJwg1f6Mt.972/2Fij4zPrhR0X4m3JTNPtGAyeMKZk3I8x/Xro.vJolwVvwd9.";
users.users.dwd.initialHashedPassword = "$6$EDn9CboEV/$ESAQifZD0wiVkYf1MuyLqs.hP7mvelpoPnSGEI7CmwuUifi090PT6FQqHsdhlZSXSlqrT9EH.mIfUvxPCA5q.1";
}
(hey, they're hashed and SHA-512'd, do you want to try to crack them?)
Triggering a rebuild and a reboot (to actually apply / as tmpfs), and success! Hooray!
I can now delete everything from the root subvolume that I didn't make into a subvolume.
tree -x from the root subvolume now looks like:
$ tree -x
.
├── etc
│ ├── NetworkManager
│ └── ssh
├── home
├── nix
└── var
└── lib
so I can share these with another OS if I so wish.
I'm currently investigating doing the same to /home, so I'll keep you updated.
Till next time!
Comments
instagram takipci satin al (URL) said on 2021-04-04T09:56:26.92895773Z:Good info. Lucky me I came across your site by chance (stumbleupon). I have saved it for later!
ucuz takipi sat1n al (URL) said on 2021-03-25T21:58:47.004825757Z:Howdy would you mind sharing which blog platform you're using? I'm planning to start my own blog soon but I'm having a difficult time making a decision between BlogEngine/Wordpress/B2evolution and Drupal. The reason I ask is because your layout seems different then most blogs and I'm looking for something completely unique. P.S My apologies for being off-topic but I had to ask!
ucuz takipçi sat1n al (URL) said on 2021-03-22T14:14:24.783260217Z:Wonderful beat ! I would like to apprentice while you amend your site, how could i subscribe for a blog website? The account aided me a acceptable deal. I had been tiny bit acquainted of this your broadcast provided bright clear idea
instagram takipi sat1n al (URL) said on 2021-03-22T02:07:31.447217857Z:You ought to take part in a contest for one of the greatest sites on the net. I am going to highly recommend this site!
Ruthie Killeen (URL) said on 2021-03-21T17:42:01.247594849Z:I all the time used to study post in news papers but now as I am a user of net thus from now I am using net for posts, thanks to web.
ucuz takipci satin al (URL) said on 2021-03-21T11:31:46.637530455Z:I was wondering if you ever considered changing the layout of your blog? Its very well written; I love what youve got to say. But maybe you could a little more in the way of content so people could connect with it better. Youve got an awful lot of text for only having one or 2 images. Maybe you could space it out better?
Post a comment: