Impermanence: Difference between revisions

(17 intermediate revisions by 9 users not shown)

Line 1:

Impermanence in NixOS is where your root directory gets wiped every reboot (such as by mounting a tmpfs to /). Such a setup is possible because NixOS only needs <code>/boot</code> and <code>/nix</code> in order to boot, ~~all other system files are simply links to files in <code>/nix</code>. <code>/boot</code>~~ and ~~<code>/nix</code> still need to be stored on a hard drive or SSD.~~

{{Outdated|reason=Examples are not using best practices, nor mentioning and flakes|scope=article}}

~~Example~~ <code>~~hardwareconfiguration~~.nix</code> ~~settings:~~

Impermanence in NixOS is where your root directory gets wiped every reboot (such as by mounting a tmpfs to /).

~~<syntaxhighlight lang~~=~~"nix">~~

fileSystems."/" =

Such a setup is possible because NixOS only needs <code>/boot</code> and <code>/nix</code> in order to boot, all other system files are simply links to files in <code>/nix</code>. <code>/boot</code> and <code>/nix</code> still need to be stored on a hard drive or SSD.{{warning|When setting up impermanence, make sure that you have declared password for your user to be able to log-in after the deployment as for example the nixos installer declares passwords imperatively.}}{{Info|The permissions and user/group ownership of your persisted directories overrides values configured in <code>config.users.*</code>, potentially including your home directories.}}

{ device = "none";

fsType = "tmpfs";

== Example ==

options = [ "size=3G" "mode=755" ]; # ~~mode=755 so~~ only root can write to those files

{{File|3={

};

fileSystems."/" = {

fileSystems."/home/username" =

device = "none";

{ device = "none";

fsType = "tmpfs";

fsType = "tmpfs"; # ~~Can~~ be stored on normal drive or on tmpfs as well

options = [

options = [ "size=4G" "mode=777" ];

"size=3G"

};

"mode=755" # only root can write to those files

fileSystems."/nix" = # can be LUKS encrypted

];

{ device = "/dev/disk/by-uuid/UUID";

};

fileSystems."/home/username" = {

device = "none";

fsType = "tmpfs"; # can be stored on normal drive or on tmpfs as well

options = [

"size=4G"

"mode=777"

];

};

fileSystems."/nix" = # can be LUKS encrypted

{

device = "/dev/disk/by-uuid/UUID";

fsType = "ext4";

};

fileSystems."/boot" =

fileSystems."/boot" = {

{ device = "/dev/disk/by-uuid/UUID";

device = "/dev/disk/by-uuid/UUID";

fsType = "vfat";

};

# Can mount any other partitions as well

</~~syntaxhighlight>~~

}|name=/etc/nixos/hardware-configuration.nix|lang=nix}}

~~=== Persisting ==~~=

== Persistence ==

Some files and folders should be persisted between reboots though (such as <code>/etc/nixos/</code>). This can be accomplished through bind mounts or by using the [https://github.com/nix-community/impermanence NixOS Impermanence module,] which will set up bind mounts and links as needed.

~~Put in <code>configuration.nix</code>:~~

=== Example ===

~~<syntaxhighlight lang~~=~~"nix">~~

{{File|3={ config, pkgs, ... }:

{ config, pkgs, ... }:

let

Line 39:

Line 47:

imports = [ "${impermanence}/nixos.nix" ];

~~# this folder is where the files will be stored (don't put it in tmpfs)~~

environment.persistence."/nix/persist/system" = {

hideMounts = true;

directories = [

~~"/etc/nixos" # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos~~

~~"/etc/NetworkManager"~~

"/var/log"

"/var/lib"

"/var/lib/bluetooth"

"/var/lib/nixos"

"/var/lib/systemd/coredump"

"/var/lib/systemd/timers"

"/etc/NetworkManager/system-connections"

{

directory = "/var/lib/colord";

user = "colord";

group = "colord";

mode = "u=rwx,g=rx,o=";

}

];

files = [

# "/etc/machine-id"

"/etc/machine-id"

"/etc/nix/id_rsa"

{

file = "/etc/nix/id_rsa";

parentDirectory = {

mode = "u=rwx,g=,o=";

};

}

];

};

}|name=/etc/nixos/configuration.nix|lang=nix}}

}

== Home Managing ==

~~</syntaxhighlight>~~

=== Home Managing ===

You can just make a home partition on a drive and mount it as normal, so everything in <code>/home</code> or <code>/home/username</code> will be persisted. If you want your home to be impermanent as well, then mount it on tmpfs the same way as root.

For persisting files in your home, you could simply use [https://github.com/nix-community/home-manager Home Manager] ~~like normal~~. However, then files are stored read-only in the Nix store. In order to persist files while still being writable, you can use the [https://github.com/nix-community/impermanence Home Manager Impermanence module]. It will fuse mount folders and link files from persistent storage into your home directory.

For persisting files in your home, you could simply use [https://github.com/nix-community/home-manager Home Manager] as usual. However, then files are stored read-only in the Nix store. In order to persist files while still being writable, you can use the [https://github.com/nix-community/impermanence Home Manager Impermanence module]. It will fuse mount folders and link files from persistent storage into your home directory.

~~{{Note|<code>/home/user</code> should be on a separate tmpfs, otherwise you'll get the error <code>fuse: mountpoint not empty</code>.}}~~

{{Warning|<code>/home/user</code> should be on a separate tmpfs, otherwise you'll get the error <code>fuse: mountpoint not empty</code>.}}

~~Put in <code>configuration.nix</code>:~~

=== Example ===

~~<syntaxhighlight lang~~=~~"nix">~~

{{File|3={ config, pkgs, ... }:

{ config, pkgs, ... }:

let

home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz";

home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz";

impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";

in

Line 78:

Line 93:

];

~~# might not be needed~~

programs.fuse.userAllowOther = true; # might not be needed

programs.fuse.userAllowOther = true;

# Home Manager config goes in here

Line 88:

Line 102:

programs = {

home-manager.enable = true;

~~git = {~~ # can use home-manager normally as well as with persistence

# can use home-manager normally as well as with persistence

git = {

enable = true;

userName = "Example";

userEmail = "Example@example.com";

};

Line 96:

Line 112:

home.persistence."/nix/dotfiles" = {

removePrefixDirectory = true; # for GNU Stow styled dotfile folders

allowOther = true;

directories = [

"Atom/.atom/atom-discord"

"Atom/.atom/packages"

"Clementine/.config/Clementine"

# fuse mounted from /nix/dotfiles/Firefox/.mozilla to /home/$USERNAME/.mozilla

"Firefox/.mozilla" # fuse mounted from /nix/dotfiles/Firefox/.mozilla to /home/$USERNAME/.mozilla

~~"Firefox/.mozilla"~~

];

files = [

Line 112:

Line 127:

};

# KDE Plasma has a lot of config files which are all put directly in `~/.config` instead of dedicated directories; for this reason, each needs to be linked individually

# ~~fricking~~ KDE Plasma has a ~~bazillion~~ files ~~and~~ each needs to be linked individually

# We can separate KDE Plasma from the other dotfiles above to avoid having to prefix each entries with `"Plasma/"`

# ~~because they're all just shoved into ~/.config and not into a single folder.~~

~~# It's~~ separate from the other dotfiles ~~so I can write ".config"~~

~~# instead of~~ "Plasma/~~.config~~"

home.persistence."/nix/dotfiles/Plasma" = {

removePrefixDirectory = false;

allowOther = true;

directories = [

".config/gtk-3.0" # fuse mounted to /~~home~~/~~$USERNAME~~/.config/gtk-3.0

".config/gtk-3.0" # fuse mounted from /nix/dotfiles/Plasma/.config/gtk-3.0

".config/gtk-4.0"

".config/gtk-4.0" # to /home/$USERNAME/.config/gtk-3.0

".config/KDE"

".config/kde.org"

Line 205:

Line 218:

home.stateVersion = "21.11";

};

}

}|name=/etc/nixos/configuration.nix|lang=nix}}

</~~syntaxhighlight>~~

== Troubleshooting ==

=== builder for '/nix/store/file-name.service.drv' failed to produce output path for output 'out' at '/nix/store/file-name.service' ===

This can happen if your NixOS version is later than your Home-Manager version (ex. NixOS 22.05 with Home-Manager 21.11) - see {{Issue|95|repo=nix-community/impermanence}}

== See Also ==

~~=== See Also ===~~

* https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/ - Examples of using the NixOS modules

[https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/ https://~~elis~~.nu/blog/2020/06~~/nixos~~-~~tmpfs~~-as-~~home/]~~ - ~~Examples~~ of ~~using the NixOS modules~~

* https://grahamc.com/blog/erase-your-darlings - Explaining why you might want to do this. Uses ZFS snapshots instead of tmpfs.

* https://web.archive.org/web/20241007130142/https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html - Encypted Btrfs Root with Opt-in State on NixOS. Uses Btrfs instead of tmpfs or ZFS.

[~~https~~:~~//grahamc.com/blog/erase-your-darlings https~~:~~//grahamc.com/blog/erase-your-darlings~~] ~~- Explaining why you might want to do this. Uses ZFS snapshots instead of tmpfs.~~

[[Category:Configuration]]

[[Category:NixOS]]

@@ Line 1: / Line 1: @@
-Impermanence in NixOS is where your root directory gets wiped every reboot (such as by mounting a tmpfs to /). Such a setup is possible because NixOS only needs <code>/boot</code> and <code>/nix</code> in order to boot, all other system files are simply links to files in <code>/nix</code>. <code>/boot</code> and <code>/nix</code> still need to be stored on a hard drive or SSD.
+{{Outdated|reason=Examples are not using best practices, nor mentioning and flakes|scope=article}}
-Example <code>hardwareconfiguration.nix</code> settings:
+Impermanence in NixOS is where your root directory gets wiped every reboot (such as by mounting a tmpfs to /).
-<syntaxhighlight lang="nix">
-   fileSystems."/" =
+Such a setup is possible because NixOS only needs <code>/boot</code> and <code>/nix</code> in order to boot, all other system files are simply links to files in <code>/nix</code>. <code>/boot</code> and <code>/nix</code> still need to be stored on a hard drive or SSD.{{warning|When setting up impermanence, make sure that you have declared password for your user to be able to log-in after the deployment as for example the nixos installer declares passwords imperatively.}}{{Info|The permissions and user/group ownership of your persisted directories overrides values configured in <code>config.users.*</code>, potentially including your home directories.}}
-     { device = "none";
-      fsType = "tmpfs";
+== Example ==
-      options = [ "size=3G" "mode=755" ]; # mode=755 so only root can write to those files
+{{File|3={
-     };
+   fileSystems."/" = {
-   fileSystems."/home/username" =
+     device = "none";
-     { device = "none";
+    fsType = "tmpfs";
-      fsType = "tmpfs";  # Can be stored on normal drive or on tmpfs as well
+    options = [
-      options = [ "size=4G" "mode=777" ];
+      "size=3G"
-    };
+      "mode=755" # only root can write to those files
-   fileSystems."/nix" =  # can be LUKS encrypted
+     ];
-     { device = "/dev/disk/by-uuid/UUID";
+  };
+   fileSystems."/home/username" = {
+     device = "none";
+    fsType = "tmpfs"; # can be stored on normal drive or on tmpfs as well
+    options = [
+      "size=4G"
+      "mode=777"
+    ];
+  };
+   fileSystems."/nix" = # can be LUKS encrypted
+     {
+      device = "/dev/disk/by-uuid/UUID";
        fsType = "ext4";
      };
-   fileSystems."/boot" =
+   fileSystems."/boot" = {
-     { device = "/dev/disk/by-uuid/UUID";
+     device = "/dev/disk/by-uuid/UUID";
-      fsType = "vfat";
+    fsType = "vfat";
-    };
+  };
    # Can mount any other partitions as well
-</syntaxhighlight>
+}|name=/etc/nixos/hardware-configuration.nix|lang=nix}}
-=== Persisting ===
+== Persistence ==
 Some files and folders should be persisted between reboots though (such as <code>/etc/nixos/</code>). This can be accomplished through bind mounts or by using the [https://github.com/nix-community/impermanence NixOS Impermanence module,] which will set up bind mounts and links as needed.
-Put in <code>configuration.nix</code>:
+=== Example ===
-<syntaxhighlight lang="nix">
+{{File|3={ config, pkgs, ... }:
-{ config, pkgs, ... }:
 let
@@ Line 39: / Line 47: @@
    imports = [ "${impermanence}/nixos.nix" ];
-  # this folder is where the files will be stored (don't put it in tmpfs)
+   environment.persistence."/nix/persist/system" = {
-   environment.persistence."/nix/persist/system" = {
+    hideMounts = true;
      directories = [
-      "/etc/nixos"    # bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
-      "/etc/NetworkManager"
        "/var/log"
-       "/var/lib"
+       "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/lib/systemd/timers"
+      "/etc/NetworkManager/system-connections"
+      {
+        directory = "/var/lib/colord";
+        user = "colord";
+        group = "colord";
+        mode = "u=rwx,g=rx,o=";
+      }
      ];
      files = [
-#      "/etc/machine-id"
+      "/etc/machine-id"
-       "/etc/nix/id_rsa"
+       {
+        file = "/etc/nix/id_rsa";
+        parentDirectory = {
+          mode = "u=rwx,g=,o=";
+        };
+      }
      ];
    };
+}|name=/etc/nixos/configuration.nix|lang=nix}}
-}
+== Home Managing ==
-</syntaxhighlight>
-=== Home Managing ===
 You can just make a home partition on a drive and mount it as normal, so everything in <code>/home</code> or <code>/home/username</code> will be persisted. If you want your home to be impermanent as well, then mount it on tmpfs the same way as root.
-For persisting files in your home, you could simply use [https://github.com/nix-community/home-manager Home Manager] like normal. However, then files are stored read-only in the Nix store. In order to persist files while still being writable, you can use the [https://github.com/nix-community/impermanence Home Manager Impermanence module]. It will fuse mount folders and link files from persistent storage into your home directory.
+For persisting files in your home, you could simply use [https://github.com/nix-community/home-manager Home Manager] as usual. However, then files are stored read-only in the Nix store. In order to persist files while still being writable, you can use the [https://github.com/nix-community/impermanence Home Manager Impermanence module]. It will fuse mount folders and link files from persistent storage into your home directory.
-{{Note|<code>/home/user</code> should be on a separate tmpfs, otherwise you'll get the error <code>fuse: mountpoint not empty</code>.}}
+{{Warning|<code>/home/user</code> should be on a separate tmpfs, otherwise you'll get the error <code>fuse: mountpoint not empty</code>.}}
-Put in <code>configuration.nix</code>:
+=== Example ===
-<syntaxhighlight lang="nix">
+{{File|3={ config, pkgs, ... }:
-{ config, pkgs, ... }:
 let
-   home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-21.11.tar.gz";
+   home-manager = builtins.fetchTarball "https://github.com/nix-community/home-manager/archive/release-22.05.tar.gz";
    impermanence = builtins.fetchTarball "https://github.com/nix-community/impermanence/archive/master.tar.gz";
 in
@@ Line 78: / Line 93: @@
    ];
-  # might not be needed
+   programs.fuse.userAllowOther = true; # might not be needed
-   programs.fuse.userAllowOther = true;
    # Home Manager config goes in here
@@ Line 88: / Line 102: @@
      programs = {
        home-manager.enable = true;
-       git = {   # can use home-manager normally as well as with persistence
+       # can use home-manager normally as well as with persistence
+      git = {
          enable = true;
-         userName  = "Example";
+         userName = "Example";
          userEmail = "Example@example.com";
        };
@@ Line 96: / Line 112: @@
      home.persistence."/nix/dotfiles" = {
-       removePrefixDirectory = true;   # for GNU Stow styled dotfile folders
+       removePrefixDirectory = true; # for GNU Stow styled dotfile folders
        allowOther = true;
        directories = [
          "Atom/.atom/atom-discord"
          "Atom/.atom/packages"
          "Clementine/.config/Clementine"
-         # fuse mounted from /nix/dotfiles/Firefox/.mozilla to /home/$USERNAME/.mozilla
+         "Firefox/.mozilla" # fuse mounted from /nix/dotfiles/Firefox/.mozilla to /home/$USERNAME/.mozilla
-        "Firefox/.mozilla"
        ];
        files = [
@@ Line 112: / Line 127: @@
      };
+     # KDE Plasma has a lot of config files which are all put directly in `~/.config` instead of dedicated directories; for this reason, each needs to be linked individually
-     # fricking KDE Plasma has a bazillion files and each needs to be linked individually
+     # We can separate KDE Plasma from the other dotfiles above to avoid having to prefix each entries with `"Plasma/"`
-     # because they're all just shoved into ~/.config and not into a single folder.
-    # It's separate from the other dotfiles so I can write ".config"
-    # instead of "Plasma/.config"
      home.persistence."/nix/dotfiles/Plasma" = {
        removePrefixDirectory = false;
        allowOther = true;
        directories = [
-         ".config/gtk-3.0"   # fuse mounted to /home/$USERNAME/.config/gtk-3.0
+         ".config/gtk-3.0" # fuse mounted from /nix/dotfiles/Plasma/.config/gtk-3.0
-         ".config/gtk-4.0"
+         ".config/gtk-4.0" # to /home/$USERNAME/.config/gtk-3.0
          ".config/KDE"
          ".config/kde.org"
@@ Line 205: / Line 218: @@
      home.stateVersion = "21.11";
    };
-}
+}|name=/etc/nixos/configuration.nix|lang=nix}}
-</syntaxhighlight>
+== Troubleshooting ==
+=== builder for '/nix/store/file-name.service.drv' failed to produce output path for output 'out' at '/nix/store/file-name.service' ===
+This can happen if your NixOS version is later than your Home-Manager version (ex. NixOS 22.05 with Home-Manager 21.11) - see {{Issue|95|repo=nix-community/impermanence}}
+== See Also ==
-=== See Also ===
+* https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/ - Examples of using the NixOS modules
-[https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/ https://elis.nu/blog/2020/06/nixos-tmpfs-as-home/] - Examples of using the NixOS modules
+* https://grahamc.com/blog/erase-your-darlings - Explaining why you might want to do this. Uses ZFS snapshots instead of tmpfs.
+* https://web.archive.org/web/20241007130142/https://mt-caret.github.io/blog/posts/2020-06-29-optin-state.html - Encypted Btrfs Root with Opt-in State on NixOS. Uses Btrfs instead of tmpfs or ZFS.
-[https://grahamc.com/blog/erase-your-darlings https://grahamc.com/blog/erase-your-darlings] - Explaining why you might want to do this. Uses ZFS snapshots instead of tmpfs.
+[[Category:Configuration]]
+[[Category:NixOS]]