# SPDX-FileCopyrightText: 2020 Luke Granger-Brown <depot@lukegb.com> # # SPDX-License-Identifier: Apache-2.0 { lib, config, ... }: let inherit (lib) mkOption types mkAfter mkIf mkDefault; robCfg = config.services.zfs.rollbackOnBoot; in { options.services.zfs.rollbackOnBoot = { enable = mkOption { type = types.bool; default = false; }; snapshot = mkOption { type = types.str; default = "zpool/local/root@blank"; }; keepPaths = mkOption { type = types.listOf types.str; default = [ ]; }; }; config = { boot.supportedFilesystems = [ "zfs" ]; boot.zfs.devNodes = "/dev/disk/by-partuuid"; services.zfs.autoScrub.enable = true; services.zfs.autoSnapshot = { enable = true; monthly = 1; }; systemd.tmpfiles.rules = mkAfter (builtins.map (x: "L ${x} - - - - /persist{x}") robCfg.keepPaths); boot.initrd.postDeviceCommands = mkIf robCfg.enable (mkAfter '' zfs rollback -r ${robCfg.snapshot} ''); my.vault.bindMountStateTo = mkIf robCfg.enable (mkDefault "/persist/var/lib/vault-agent"); }; }