Move towards impermanence on Prophet

hosts/prophet/filesystems/default.nix

@@ -4,32 +4,42 @@
     "/" = {
       device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
       fsType = "btrfs";
-      options = [ "subvol=@" ];
+      options = [ "subvol=root" ];
     };
-    "/home" = {
+    "/prev" = {
       device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
       fsType = "btrfs";
-      options = [ "subvol=@home" ];
+      options = [ "subvol=prev" ];
     };
     "/nix" = {
       device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
       fsType = "btrfs";
-      options = [ "subvol=@nix" ];
+      options = [ "subvol=nix" ];
+    };
+    "/boot" = {
+      device = "/dev/disk/by-uuid/7C94-8C9A";
+      fsType = "vfat";
+      options = [ "umask=0077" ];
+    };
+
+    # To be removed
+    "/home" = {
+      device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
+      fsType = "btrfs";
+      options = [ "subvol=@home" ];
     };
     "/var" = {
       device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
       fsType = "btrfs";
       options = [ "subvol=@var" ];
     };
-    "/.snapshots" = {
+
+    # Impermanence and subvols
+    "/persist" = {
       device = "/dev/disk/by-uuid/e50e186d-e5bc-40b0-9cd7-43b609cde3ea";
       fsType = "btrfs";
-      options = [ "subvol=@snapshots" ];
+      neededForBoot = true;
-    };
+      options = [ "subvol=persist" ];
-    "/boot" = {
-      device = "/dev/disk/by-uuid/7C94-8C9A";
-      fsType = "vfat";
-      options = [ "fmask=0022" "dmask=0022" ];
     };
     "/export/Bulk" = {
       device = "/dev/disk/by-uuid/ef465845-cc56-4db5-9260-8ae515eb025e";

modules/system/services/server/mailserver/roundcube/default.nix

@@ -1,12 +1,16 @@
-{ config, ... }: 
+{ config, lib, ... }: 
 {
-  services.roundcube = {
+  config = lib.mkIf config.system.mailserver.enable {
-    enable = config.system.mailserver.enable;
+    services.roundcube = {
-    hostName = "mail.nixfox.ca";
+      enable = true;
-    extraConfig = ''
+      hostName = "mail.nixfox.ca";
-      $config['smtp_server'] = "tls://mx.nixfox.ca";
+      extraConfig = ''
-      $config['smtp_user'] = "%u";
+        $config['smtp_server'] = "tls://mx.nixfox.ca";
-      $config['smtp_pass'] = "%p";
+        $config['smtp_user'] = "%u";
-    '';
+        $config['smtp_pass'] = "%p";
+      '';
+    };
+
+    environment.persistence."/persist".directories = [ "/var/lib/roundcube" ];
   };
 }

modules/system/services/server/mailserver/simplenix/default.nix

@@ -1,60 +1,69 @@
-{ config, pkgs, mailserver, ... }: 
+{ config, lib, pkgs, mailserver, ... }: 
 {
   imports = [
     ./nginx
     mailserver.nixosModule
   ];
 
-  mailserver = rec {
+  config = lib.mkIf config.system.mailserver.enable {
-    enable = config.system.mailserver.enable;
+    mailserver = {
-    domains = [
+      enable = true;
-      "nixfox.ca"
+      domains = [
-      "bloxelcom.net"
+        "nixfox.ca"
-      "freecorn1854.win"
+        "bloxelcom.net"
-      "lunamoonlight.xyz"
+        "freecorn1854.win"
-    ];
+        "lunamoonlight.xyz"
-    fqdn = "mx.nixfox.ca";
+      ];
-    certificateScheme = "acme-nginx";
+      fqdn = "mx.nixfox.ca";
-    localDnsResolver = false;
+      certificateScheme = "acme-nginx";
-    redis.port = 1515;
+      localDnsResolver = false;
+      redis.port = 1515;
 
-    # Passwords made with 'mkpasswd -sm bcrypt'
+      # Passwords made with 'mkpasswd -sm bcrypt'
-    loginAccounts = {
+      loginAccounts = {
-      "noreply@nixfox.ca" = {
+        "noreply@nixfox.ca" = {
-        hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
+          hashedPasswordFile = pkgs.writeText "noreply" config.secrets.noreplyMailHash;
-        sendOnly = true;
+          sendOnly = true;
-      };    
+        };    
 
-      "jimbo@nixfox.ca" = {
+        "jimbo@nixfox.ca" = {
-        hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
+          hashedPasswordFile = pkgs.writeText "jimbo" config.secrets.jimboMailHash;
-        aliases = [
+          aliases = [
-          "james@nixfox.ca"
+            "james@nixfox.ca"
-          "jimbo@bloxelcom.net"
+            "jimbo@bloxelcom.net"
 
-          "vice@nixfox.ca"
+            "vice@nixfox.ca"
-          "vice@bloxelcom.net"
+            "vice@bloxelcom.net"
-          "yara@nixfox.ca"
+            "yara@nixfox.ca"
 
-          "contact@nixfox.ca"
+            "contact@nixfox.ca"
-        ];
+          ];
-      };
+        };
 
-      "luna@lunamoonlight.xyz" = {
+        "luna@lunamoonlight.xyz" = {
-        hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
+          hashedPasswordFile = pkgs.writeText "luna" config.secrets.lunaMailHash;
-        aliases = [
+          aliases = [
-          "luna@bloxelcom.net"
+            "luna@bloxelcom.net"
-          "contact@bloxelcom.net"
+            "contact@bloxelcom.net"
-          "ibu@bloxelcom.net"
+            "ibu@bloxelcom.net"
-        ];
+          ];
-      };
+        };
 
-      "contact@freecorn1854.win" = {
+        "contact@freecorn1854.win" = {
-        hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
+          hashedPasswordFile = pkgs.writeText "corn" config.secrets.cornMailHash;
-        aliases = [ "freecorn@bloxelcom.net" ];
+          aliases = [ "freecorn@bloxelcom.net" ];
+        };
       };
     };
-  };
 
-  # Rspamd port from earlier to avoid overlap
+    # Rspamd port from earlier to avoid overlap
-  services.redis.servers.rspamd.port = 1515;
+    services.redis.servers.rspamd.port = config.mailserver.redis.port;
+
+    environment.persistence."/persist".directories = [
+      "/var/vmail"
+      "/var/lib/dovecot"
+      "/var/lib/postfix"
+      "/var/lib/redis-rspamd"
+    ];
+  };
 }

modules/system/services/server/minecraft/default.nix

@@ -1,4 +1,4 @@
-{ minecraft, config, lib, ... }:
+{ config, lib, minecraft, ... }:
 {
   imports = [
     minecraft.nixosModules.minecraft-servers