On Mon, Aug 14, 2023 at 04:41:52PM +0200, Nicolas Graves via Development of GNU Guix and the GNU System distribution. wrote: > > > - either not snapshotting the rootfs / at all, with the hypothesis that > > we get it back entirely from config files. Is that possible ? Is there > > information in / (I think of /etc in particular) that is saved, not > > temporary and not managed by guix system that would justify that we > > want to snapshot / at all? > > This would allow to simply care about only a few "user data" > > directories, and be sure to not miss anything when there's a need to > > restore the state. > > > > I can't find easily a case of successful use of the second > > configuration, but would be glad to find one, as well as some discussion > > about what would be a recommended way to secure the state beyond > > dotfiles. > > I've found some equivalent information on the NixOS side here : > https://nixos.wiki/wiki/Impermanence > > Some (rare) directories indeed seem that would better be saved because > their information is useful for the system, in the case of NixOS, it > seems to be "/etc/nixos", "/etc/NetworkManager" (for system > connections), "/var/log", "/var/lib". > > However, I have much more files that aren't linked in the store, > especially in the /etc directory (at least 20 files). > > Has anybody tried to do something like this on Guix?
I'm still not using most of the features of btrfs, just compression. Inside /etc/guix /etc/guix/acl is managed with the guix-service-type. IMO the signing keys should be rotated if you reload a machine (or at least properly securing them is more effort than is worthwhile), and /etc/guix/machines.scm isn't secret. I can't think of anything else in /etc I'd want besides /etc/guix/machines.scm. With that in mind, the only thing I could see snapshotting is /home, and living with the knowledge that I might have to adjust or remove some symlinks when rolling back. As far as what inside /home/<user> is worth backing up and what isn't, I suppose that depends on their use of guix-home or if they want to save space by not backing up ~/.cache or ~/.var or the like. -- Efraim Flashner <efr...@flashner.co.il> רנשלפ םירפא GPG key = A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted
signature.asc
Description: PGP signature
