Additional options for NixOS modules when used in combination with nix-community/impermanence.
For Home Manager options see rehno-lindeque/home-manager-impermanence.
{
environment.automaticPersistence.normal.path = "/persistence";
# Don't persist /etc/machine-id at all
environment.machineId.persistence = {};
# Include all network manager state at the normal persistence level
# (by default it would only retain /var/lib/NetworkManager/system-connections at the normal persistence level, losing wifi leases etc)
networking.networkmanager.persistence = {
normal.directories = [ "/var/lib/NetworkManager" ];
};
# The usual impermanence options still work as before
environment.persistence."/persistent" = {
hideMounts = true;
directories = [
"/var/log"
];
};
}I don't like to maintain software like this on my own. My hope is that nix-community would be willing to take ownership of this repo and help to establish best practices.
In order to make this set of defaults useful we need to have some basic guidelines. What exactly those guidelines should be is still unclear (help wanted!), but we likely want to:
- Give programs default access to files that are clearly owned by them
- Be explicit about access to files that are not clearly owned by a program
ncdu can be used to discover files that are not bind mounted.
ncdu -x /
# or
nix run nixpkgs#ncdu -- -x /auditd can be used to keep track of when a file is accessed.
strace can be used to monitor a specific process for the files it accesses.
- Impermanence project
- Impermanence wiki
- Elis Hirwin's blog:
- Graham Christensen's blog: