Skip to content

Commit

Permalink
Document erase-your-darlings module and options
Browse files Browse the repository at this point in the history
  • Loading branch information
barrucadu committed Oct 15, 2023
1 parent 67de8fe commit 98c5296
Show file tree
Hide file tree
Showing 2 changed files with 59 additions and 5 deletions.
10 changes: 10 additions & 0 deletions shared/erase-your-darlings/default.nix
Original file line number Diff line number Diff line change
@@ -1,3 +1,13 @@
# Wipe `/` on boot, inspired by ["erase your darlings"][].
#
# This module is responsible for configuring standard NixOS options and
# services, all of my modules have their own `erase-your-darlings.nix` file
# which makes any changes that they need.
#
# This requires a setting up ZFS in a specific way when first installing NixOS.
# See the [README](./index.html#optional-configure-wiping--on-boot).
#
# ["erase your darlings"]: https://grahamc.com/blog/erase-your-darlings/
{ config, lib, ... }:

with lib;
Expand Down
54 changes: 49 additions & 5 deletions shared/erase-your-darlings/options.nix
Original file line number Diff line number Diff line change
Expand Up @@ -4,10 +4,54 @@ with lib;

{
options.nixfiles.eraseYourDarlings = {
enable = mkOption { type = types.bool; default = false; };
barrucaduPasswordFile = mkOption { type = types.str; };
rootSnapshot = mkOption { type = types.str; default = "local/volatile/root@blank"; };
persistDir = mkOption { type = types.path; default = "/persist"; };
machineId = mkOption { type = types.str; };
enable = mkOption {
type = types.bool;
default = false;
description = mdDoc ''
Enable the `erase-your-darlings` module.
'';
};

barrucaduPasswordFile = mkOption {
type = types.str;
description = mdDoc ''
Path to a file containing the hashed password for `barrucadu`. This
file must be available in early boot.
If using [sops-nix](https://github.com/Mic92/sops-nix) set the
`neededForUsers` option on the secret.
'';
};

rootSnapshot = mkOption {
type = types.str;
default = "local/volatile/root@blank";
description = mdDoc ''
ZFS snapshot to roll back to on boot.
'';
};

persistDir = mkOption {
type = types.path;
default = "/persist";
description = mdDoc ''
Persistent directory which will not be erased. This must be on a
different ZFS dataset that will not be wiped when rolling back to the
`rootSnapshot`.
This module moves various files from `/` to here.
'';
};

machineId = mkOption {
type = types.str;
example = "64b1b10f3bef4616a7faf5edf1ef3ca5";
description = mdDoc ''
An arbitrary 32-character hexadecimal string, used to identify the host.
This is needed for journalctl logs from previous boots to be accessible.
See [the systemd documentation](https://www.freedesktop.org/software/systemd/man/machine-id.html).
'';
};
};
}

0 comments on commit 98c5296

Please sign in to comment.