diff --git a/ops/nixos/lib/zfs.nix b/ops/nixos/lib/zfs.nix index 64e2e05c85..631676dbf0 100644 --- a/ops/nixos/lib/zfs.nix +++ b/ops/nixos/lib/zfs.nix @@ -2,7 +2,7 @@ # # SPDX-License-Identifier: Apache-2.0 -{ lib, config, ... }: +{ lib, pkgs, config, ... }: let inherit (lib) mkOption types mkAfter mkIf mkDefault; robCfg = config.services.zfs.rollbackOnBoot; @@ -33,10 +33,14 @@ in }; systemd.tmpfiles.rules = mkAfter (builtins.map (x: "L ${x} - - - - /persist{x}") robCfg.keepPaths); - boot.initrd.postDeviceCommands = mkIf robCfg.enable - (mkAfter '' + boot.initrd.systemd.services.zfs-rollback = { + wantedBy = [ "initrd.target" ]; + path = [ pkgs.zfs ]; + script = '' zfs rollback -r ${robCfg.snapshot} - ''); + ''; + after = [ "zfs-import.target" ]; + }; my.vault.bindMountStateTo = mkIf robCfg.enable (mkDefault "/persist/var/lib/vault-agent"); }; diff --git a/third_party/default.nix b/third_party/default.nix index f27985a736..320207a965 100644 --- a/third_party/default.nix +++ b/third_party/default.nix @@ -50,6 +50,12 @@ let rev = "e0fe990b478a66178a58c69cf53daec0478ca6f9"; sha256 = "sha256:0qjyfmw5v7s6ynjns4a61vlyj9cghj7vbpgrp9147ngb1f8krz2c"; }; + poetry2nixSrc = nixpkgs.fetchFromGitHub { + owner = "nix-community"; + repo = "poetry2nix"; + rev = "ec4364021900f8e0d425d901b6e6ff03cf201efb"; + sha256 = "02q3jwj3m78bxh9fdg33khx8w3bcxgsci5qa8ps76vkyhihy20py"; + }; tvlDepot = import ./tvl { nixpkgsBisectPath = ./nixpkgs; inherit nixpkgsConfig; nixpkgsSystem = system; }; in @@ -90,4 +96,6 @@ rec { naersk = nixpkgs.callPackage naerskSrc {}; crate2nix = import "${crate2nixSrc}" { pkgs = ch.depot.pkgs; }; + + poetry2nix = import "${poetry2nixSrc}" { pkgs = ch.depot.pkgs; }; }