diff --git a/modules/system/fileSystems/default.nix b/modules/system/fileSystems/default.nix index 036927b4..3c952e84 100644 --- a/modules/system/fileSystems/default.nix +++ b/modules/system/fileSystems/default.nix @@ -241,6 +241,7 @@ inputs: { grep = "${inputs.pkgs.gnugrep}/bin/grep"; awk = "${inputs.pkgs.gawk}/bin/awk"; + chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr"; }; services.roll-rootfs = { @@ -260,6 +261,7 @@ inputs: btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true fi btrfs subvolume create /mnt${path}/current + chattr +C /mnt${path}/current echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp umount /mnt ''; diff --git a/modules/system/impermanence.nix b/modules/system/impermanence.nix index 7552b698..bcb8ed11 100644 --- a/modules/system/impermanence.nix +++ b/modules/system/impermanence.nix @@ -28,6 +28,7 @@ inputs: "/var/log" "/var/spool" "/var/backup" + { directory = "/var/lib/docker/volumes"; mode = "0710"; } ]; files = [ @@ -41,9 +42,14 @@ inputs: "${impermanence.root}" = { hideMounts = true; - directories = [ "/var/lib/systemd/linger" "/var/lib/systemd/coredump" ] - ++ (if inputs.config.services.xserver.displayManager.sddm.enable then - [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []); + directories = + [ + "/var/lib/systemd/linger" + "/var/lib/systemd/coredump" + { directory = "/var/lib/docker"; mode = "0710"; } + ] + ++ (if inputs.config.services.xserver.displayManager.sddm.enable then + [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []); } // (if builtins.elem "chn" inputs.config.nixos.users.users then {