Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Here's a snippet of my nixos config that enables immutability . It mounts root on a tmpfs which is erased on reboot. tmpfs is kind of a ramfs but will page to swap in most cases. Add additional bind mounts as necessary.

https://en.wikipedia.org/wiki/Tmpfs

  fileSystems = 
    {
      "/" = {
        device = "none";
        fsType = "tmpfs";
        options = [ "defaults" "size=8G" "mode=755" ];
      };
      "/boot" = {
        device = v.bootDev;
        fsType = "vfat";
      };

      "/nix" = {
        device = "tank/nix";
        fsType = "zfs";
      };
      "/persist" = {
        device = "tank/persist";
        fsType = "zfs";
        options = [ "zfsutil" ];
      };
      "/home" = {
        device = "tank/home";
        fsType = "zfs";
        options = [ "zfsutil" ];
      };
      "/cache" = {
        device = "tank/cache";
        fsType = "zfs";
        options = [ "zfsutil" ];
      };

      "/etc/nixos" = {
        device = "/persist/nixos";
        fsType = "none";
        options = [ "bind" ];
      };
      "/var/lib/bluetooth" = {
        device = "/persist/bluetooth";
        fsType = "none";
        options = [ "bind" ];
      };


Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: