migrate the nix post to the nix site · ladas552.me/Blog@d588f71

ladas552.me / Blog

fork atom

My Blog, build with Norgolith blog.ladas552.me

blog

fork atom

migrate the nix post to the nix site

Ladas552 3 months ago d588f712 1eaf782b

+1 -156

2 changed files

expand all

unified split

content

posts

Impermanence.norg

public

rss.xml

-155

content/posts/Impermanence.norg

··· 1 - @document.meta 2 - title: Impermanence on NixOS with ZFS and tmpfs 3 - description: Guide for my impermanence setup 4 - authors: [ 5 - ladas552 6 - ] 7 - categories: [ 8 - Nix 9 - ] 10 - created: 2025-09-27 11 - draft: true 12 - layout: post 13 - version: 1.1.1 14 - @end 15 - * Impermanence 16 - ** What is Impermanence 17 - It wipes your `/root` on reboot and your startup is a blank canvas, but you can persist mounts and bind mount directories from it in your normal root to save stuff like cache and tokens. So you wipe all the junk and save actually useful stuff. 18 - 19 - For example you can install full KDE Plasma session, run it, and if you get bored. Just disable it and no KDE junk left. 20 - 21 - *Important to note*: That impermanence of my setup uses tmpfs, so it writes `/root` to RAM, so nothing actually gets erased on the Disk. Meaning no continuous I/O rewrites wearing out your Drive. But the state isn't saved between reboots, as with anything on RAM 22 - 23 - Also when I refer to `/root`, it's actually the whole `/`, not just root user directory. 24 - *** Why did you set it up 25 - I was bored. I don't find benefits of impermanence so crucial to completely overhaul how your system behaves and I don't trust myself to maintain it. 26 - 27 - But there are some benefits to it: 28 - - I only backup important files, no cache, no states, only files and media; 29 - - I always know what's on my system because it's declared in the config; 30 - - It opens up possibilities to experiment more with my system, because if I could setup impermanence and not loose all my files, I am unstoppable; 31 - *** What's the meaning of writing this page? 32 - It's not that hard to setup impermanence, but to requires reading a lot of stuff, and if you don't use ZFS or BTRFS even full reinstall for rearranging partitions. I have read several articles, watched videos, and stole code from many GitHub repos. 33 - 34 - Plus most guides just go to the wipe stage right away, without saying how to persist, or how it practically works for the user to not loose their files. I will try to compete in these aspects. 35 - 36 - *** What is your current setup? 37 - I got ZFS with tmpfs, with 2 persistence datasets. /cache and /persist. 38 - 39 - `/cache` is for rust targets, everything in `~/.cache`, .local states, etc. 40 - 41 - `/persist` is for Media, browser profiles, Projects, etc. This is the only datasets that get's backed up by `sanoid`. 42 - 43 - tmpfs is erased on reboot, so `/` and everything below it, including `/home` is gone, unless put into `/cache` or `/persist` datasets. 44 - tmpfs is on RAM, so it can overload if exceeds certain size, to prevent that I got several more zfs datasets, that aren't persisted, meaning they don't have connection to files in other datasets, but aren't erased by default. 45 - 46 - `/nix` for /nix/store. I am not about to redownload all of my system on every reboot, and it also stores the generations. All the files that aren't persisted, but appear on my system are symlinked from `/nix`. That includes config files and services. 47 - 48 - `/tmp` for /tmp. yeah, anyways it's to not overload tmpfs when downloading something on browser. with `boot.tmp.cleanOnBoot = true;` it is cleared on boot anyways. 49 - 50 - ** What we need? 51 - *** Partitions 52 - A new way to manage your system. NixOS. 53 - 54 - Tho you probably already use NixOS if you are reading this, if you don't then get out while you can. 55 - 56 - On a more serious note, you need ZFS setup, with 2 particular datasets. 57 - @code nix 58 - fileSystems = { 59 - "/nix" = { 60 - device = "zroot/nix"; 61 - fsType = "zfs"; 62 - }; 63 - "/tmp" = { 64 - device = "zroot/tmp"; 65 - fsType = "zfs"; 66 - }; 67 - }; 68 - @end 69 - 70 - If you don't have them, but have ZFS installed, just create them using commands 71 - @code sh 72 - sudo zfs create -o mountpoint=legacy zroot/tmp 73 - sudo zfs create -o mountpoint=legacy zroot/nix 74 - @end 75 - 76 - This will insure that you won't delete your `/nix/store` and it stays intact between reboots. And for this particular setup the `tmp` dataset will be used so out `tmpfs` *root* will insure that it won't randomly overload. 77 - 78 - This is a starting point, unless you have *ZFS setup* on your *NixOS* with separate datasets like that, you can kiss this Guide goodbye. 79 - 80 - *** Impermanence module 81 - The [Impermanence module]{https://github.com/nix-community/impermanence} is a NixOS flake that creates `mount binds`. I still don't understand how they work, but it isn't a big idea here. The main purpose of it is to just put stuff in special `/persist` dataset, and still be able to access it from `/root` and `/home`. 82 - 83 - Basically you define certain directories names in it, and it creates them, then binds them to specific relevant locations, like `".config/nvim"` will be located in `~/.config/nvim`. And if you put your Neovim config there, neovim will still follow the config, but it will be located on different dataset, and won't be wiped on boot. 84 - 85 - Neat right? Not really, because if directory already exists, Impermanence will override that old directory with new empty one. *Don't panic*. Data isn't lost, it was just reallocated, you can delete the directory from impermanence module and it will comeback. 86 - 87 - That's the main reason why most people reinstall their OS if they want to use Impermanence, because it's a pain in the glands to move the files from directories before persisting it and moving things back. There are projects that circumvent that, but I didn't use them. For example: [Persist-retro]{https://github.com/Geometer1729/persist-retro}. 88 - 89 - Also to persist an individual file, you need to move the file, and manually copy it to persist directory. 90 - 91 - **** You forgot to tell installation instructions 92 - It's nix so here is just a snippet of code. Works for flakes. 93 - @code nix 94 - #flake.nix 95 - { 96 - inputs.impermanence.url = "github:nix-community/impermanence"; 97 - } 98 - @end 99 - And then just import the module, like: 100 - @code nix 101 - imports = [ 102 - inputs.impermanence.nixosModules.impermanence 103 - ]; 104 - @end 105 - *** Immutable users 106 - As we delete everything in `/root`, it means passwords for users, and most importantly `root` user will be deleted. 107 - 108 - So just make them immutable. You can store the password file in sops, or just provide raw path from `/persist` directory. 109 - 110 - @code nix 111 - # setup immutable users for impermanence 112 - 113 - # silence warning about setting multiple user password options 114 - # https://github.com/NixOS/nixpkgs/pull/287506#issuecomment-1950958990 115 - # Stolen from Iynaix https://github.com/iynaix/dotfiles/blob/4880969e7797451f4adc3475cf33f33cc3ceb86e/nixos/users.nix#L18-L24 116 - options = { 117 - warnings = lib.mkOption { 118 - apply = lib.filter ( 119 - w: !(lib.hasInfix "If multiple of these password options are set at the same time" w) 120 - ); 121 - }; 122 - }; 123 - 124 - config = { 125 - users.mutableUsers = false; 126 - users.users.ladas552 = { 127 - isNormalUser = true; 128 - description = "Ladas552"; 129 - extraGroups = [ 130 - "networkmanager" 131 - "wheel" 132 - ]; 133 - initialPassword = "pass"; 134 - hashedPasswordFile = config.sops.secrets."mystuff/host_pwd".path; 135 - }; 136 - nix.settings.trusted-users = [ "ladas552" ]; 137 - 138 - users.users.root = { 139 - initialPassword = "pass"; 140 - hashedPasswordFile = config.sops.secrets."mystuff/host_pwd".path; 141 - }; 142 - 143 - 144 - }; 145 - 146 - @end 147 - 148 - Other features for immutable users: 149 - - Can use `--no-root-password` flag in `nixos-install` command. Meaning you don't ever have to monitor it, it will install password automatically. 150 - - Can't use `passwd <user>` command. So if you mess up your password path the first time, you have to reboot to previous generation to set it correctly. 151 - 152 - *** When do we start deleting stuff? 153 - Not so fast bakaru, we first need to save our stuff. 154 - 155 - So you need to create persist directories

+1 -1

public/rss.xml

··· 6 6 <description>Latest posts</description> 7 7 <generator>Norgolith</generator> 8 8 <language>en-us</language> 9 - <lastBuildDate>Thu, 04 Dec 2025 07:39:23 +0000</lastBuildDate> 9 + <lastBuildDate>Fri, 05 Dec 2025 09:20:25 +0000</lastBuildDate> 10 10 <ttl>60</ttl> 11 11 <atom:link href="https://ladas552.me/rss.xml" rel="self" type="application/rss+xml" /> 12 12