From 5edad8b9576958a8b0d39387484217089fcc9f92 Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Wed, 15 Oct 2025 19:59:31 -0300
Subject: [PATCH] ephemeral is now a nixosModule

---
 flake.nix                   |  1 +
 hosts/modules/ephemeral.nix | 37 +++++++++++++++++++
 hosts/modules/ephermal.nix  | 72 ------------------------------------
 modules/ephemeral.nix       | 74 +++++++++++++++++++++++++++++++++++++
 nixosConfigurations.nix     |  4 +-
 nixosModules.nix            |  7 ++++
 6 files changed, 121 insertions(+), 74 deletions(-)
 create mode 100644 hosts/modules/ephemeral.nix
 delete mode 100644 hosts/modules/ephermal.nix
 create mode 100644 modules/ephemeral.nix
 create mode 100644 nixosModules.nix

diff --git a/flake.nix b/flake.nix
index 0d826a1..693b17a 100644
--- a/flake.nix
+++ b/flake.nix
@@ -50,6 +50,7 @@
         ./devShells.nix
         ./homeConfigurations.nix
         ./nixosConfigurations.nix
+        ./nixosModules.nix
         ./overlays.nix
         ./packages.nix
       ];
diff --git a/hosts/modules/ephemeral.nix b/hosts/modules/ephemeral.nix
new file mode 100644
index 0000000..a759cf4
--- /dev/null
+++ b/hosts/modules/ephemeral.nix
@@ -0,0 +1,37 @@
+{ inputs, ... }:
+
+{
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+    inputs.self.nixosModules.ephemeral
+  ];
+
+  ephemeral = {
+    enable = true;
+    rootDevice = "/dev/mapper/cryptroot";
+    rootSubvolume = "@root";
+  };
+
+  environment.persistence.main = {
+    persistentStoragePath = "/persistent";
+    files = [
+      "/etc/machine-id"
+      "/etc/ssh/ssh_host_ed25519_key"
+      "/etc/ssh/ssh_host_ed25519_key.pub"
+      "/etc/ssh/ssh_host_rsa_key"
+      "/etc/ssh/ssh_host_rsa_key.pub"
+    ];
+    directories = [
+      "/etc/NetworkManager/system-connections"
+      "/etc/nixos"
+      "/var/lib/bluetooth"
+      "/var/lib/flatpak"
+      "/var/lib/lxd"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/var/lib/systemd/timers"
+      "/var/lib/tailscale"
+      "/var/log"
+    ];
+  };
+}
diff --git a/hosts/modules/ephermal.nix b/hosts/modules/ephermal.nix
deleted file mode 100644
index adaf5af..0000000
--- a/hosts/modules/ephermal.nix
+++ /dev/null
@@ -1,72 +0,0 @@
-{ inputs, ... }:
-
-{
-  imports = [ inputs.impermanence.nixosModules.impermanence ];
-
-  boot.initrd.systemd.services.recreate-root = {
-    description = "Rolling over and creating new filesystem root";
-    requires = [ "initrd-root-device.target" ];
-    after = [
-      "local-fs-pre.target"
-      "initrd-root-device.target"
-    ];
-    requiredBy = [ "initrd-root-fs.target" ];
-    before = [ "sysroot.mount" ];
-    unitConfig = {
-      AssertPathExists = "/etc/initrd-release";
-      DefaultDependencies = false;
-    };
-    serviceConfig = {
-      Type = "oneshot";
-      RemainAfterExit = true;
-    };
-    script = ''
-      mkdir /btrfs_tmp
-      mount /dev/mapper/cryptroot /btrfs_tmp
-
-      if [[ -e /btrfs_tmp/@root ]]; then
-        mkdir -p /btrfs_tmp/old_roots
-        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/@root)" "+%Y-%m-%-d_%H:%M:%S")
-        mv /btrfs_tmp/@root "/btrfs_tmp/old_roots/$timestamp"
-      fi
-
-      delete_subvolume_recursively() {
-        IFS=$'\n'
-        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
-           delete_subvolume_recursively "/btrfs_tmp/$i"
-        done
-        btrfs subvolume delete "$1"
-      }
-
-      for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
-        delete_subvolume_recursively "$i"
-      done
-
-      btrfs subvolume create /btrfs_tmp/@root
-      umount /btrfs_tmp
-    '';
-  };
-
-  environment.persistence.main = {
-    persistentStoragePath = "/persistent";
-    files = [
-      "/etc/machine-id"
-      "/etc/ssh/ssh_host_ed25519_key"
-      "/etc/ssh/ssh_host_ed25519_key.pub"
-      "/etc/ssh/ssh_host_rsa_key"
-      "/etc/ssh/ssh_host_rsa_key.pub"
-    ];
-    directories = [
-      "/etc/NetworkManager/system-connections"
-      "/etc/nixos"
-      "/var/lib/bluetooth"
-      "/var/lib/flatpak"
-      "/var/lib/lxd"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
-      "/var/lib/systemd/timers"
-      "/var/lib/tailscale"
-      "/var/log"
-    ];
-  };
-}
diff --git a/modules/ephemeral.nix b/modules/ephemeral.nix
new file mode 100644
index 0000000..be6fc6b
--- /dev/null
+++ b/modules/ephemeral.nix
@@ -0,0 +1,74 @@
+{ lib, config, ... }:
+
+let
+  cfg = config.ephemeral;
+in
+{
+  options.ephemeral = {
+    enable = lib.mkEnableOption "ephemeral root with automatic rollback";
+
+    rootDevice = lib.mkOption {
+      type = lib.types.str;
+      example = "/dev/mapper/cryptroot";
+      description = "Device path for the root btrfs filesystem";
+    };
+
+    rootSubvolume = lib.mkOption {
+      type = lib.types.str;
+      example = "@root";
+      description = "Name of the root btrfs subvolume";
+    };
+
+    oldRootRetentionDays = lib.mkOption {
+      type = lib.types.int;
+      default = 30;
+      description = "Number of days to keep old root snapshots before deletion";
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    boot.initrd.systemd.services.recreate-root = {
+      description = "Rolling over and creating new filesystem root";
+      requires = [ "initrd-root-device.target" ];
+      after = [
+        "local-fs-pre.target"
+        "initrd-root-device.target"
+      ];
+      requiredBy = [ "initrd-root-fs.target" ];
+      before = [ "sysroot.mount" ];
+      unitConfig = {
+        AssertPathExists = "/etc/initrd-release";
+        DefaultDependencies = false;
+      };
+      serviceConfig = {
+        Type = "oneshot";
+        RemainAfterExit = true;
+      };
+      script = ''
+        mkdir /btrfs_tmp
+        mount ${cfg.rootDevice} /btrfs_tmp
+
+        if [[ -e /btrfs_tmp/${cfg.rootSubvolume} ]]; then
+          mkdir -p /btrfs_tmp/old_roots
+          timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/${cfg.rootSubvolume})" "+%Y-%m-%-d_%H:%M:%S")
+          mv /btrfs_tmp/${cfg.rootSubvolume} "/btrfs_tmp/old_roots/$timestamp"
+        fi
+
+        delete_subvolume_recursively() {
+          IFS=$'\n'
+          for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+             delete_subvolume_recursively "/btrfs_tmp/$i"
+          done
+          btrfs subvolume delete "$1"
+        }
+
+        for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +${toString cfg.oldRootRetentionDays}); do
+          delete_subvolume_recursively "$i"
+        done
+
+        btrfs subvolume create /btrfs_tmp/${cfg.rootSubvolume}
+        umount /btrfs_tmp
+      '';
+    };
+  };
+}
diff --git a/nixosConfigurations.nix b/nixosConfigurations.nix
index 65a9e14..6c9cfb9 100644
--- a/nixosConfigurations.nix
+++ b/nixosConfigurations.nix
@@ -11,7 +11,7 @@ in
         "desktop"
         "bluetooth"
         "dev"
-        "ephermal"
+        "ephemeral"
         "fwupd"
         "gaming"
         "libvirtd"
@@ -26,7 +26,7 @@ in
         "desktop"
         "bluetooth"
         "dev"
-        "ephermal"
+        "ephemeral"
         "networkmanager"
         "podman"
       ];
diff --git a/nixosModules.nix b/nixosModules.nix
new file mode 100644
index 0000000..5fd416b
--- /dev/null
+++ b/nixosModules.nix
@@ -0,0 +1,7 @@
+{ ... }:
+
+{
+  flake.nixosModules = {
+    ephemeral = import ./modules/ephemeral.nix;
+  };
+}