From ea81fcf56e8e69191e7db58e81235248390a8bff Mon Sep 17 00:00:00 2001
From: Swarsel <leon.schwarzaeugl@gmail.com>
Date: Mon, 5 Aug 2024 01:46:18 +0200
Subject: [PATCH] feat: add fs-diff script for impermanence check

---
 SwarselSystems.org                 | 37 ++++++++++++++++++++++++++++++
 flake.nix                          |  2 +-
 pkgs/default.nix                   |  1 +
 pkgs/fs-diff/default.nix           |  6 +++++
 profiles/common/home/packages.nix  |  1 +
 profiles/common/home/zsh.nix       |  1 +
 profiles/common/nixos/packages.nix |  3 +++
 scripts/fs-diff.sh                 |  4 +---
 8 files changed, 51 insertions(+), 4 deletions(-)
 create mode 100644 pkgs/fs-diff/default.nix

diff --git a/SwarselSystems.org b/SwarselSystems.org
index 7aad883..8c5a345 100644
--- a/SwarselSystems.org
+++ b/SwarselSystems.org
@@ -4041,6 +4041,7 @@ As such, I also define three additional overlays:
     swarselcheck = callPackage ./swarselcheck { };
     waybarupdate = callPackage ./waybarupdate { };
     opacitytoggle = callPackage ./opacitytoggle { };
+    fs-diff = callPackage ./fs-diff { };
   }
 
 #+end_src
@@ -4418,6 +4419,40 @@ As such, I also define three additional overlays:
   }
 #+end_src
 
+**** fs-diff
+
+#+begin_src shell :tangle scripts/fs-diff.sh
+set -euo pipefail
+
+OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
+OLD_TRANSID=${OLD_TRANSID#transid marker was }
+
+sudo btrfs subvolume find-new "/mnt/root" "$OLD_TRANSID" |
+sed '$d' |
+cut -f17- -d' ' |
+sort |
+uniq |
+while read -r path; do
+  path="/$path"
+  if [ -L "$path" ]; then
+    : # The path is a symbolic link, so is probably handled by NixOS already
+  elif [ -d "$path" ]; then
+    : # The path is a directory, ignore
+  else
+    echo "$path"
+  fi
+done
+#+end_src
+
+#+begin_src nix :tangle pkgs/fs-diff/default.nix
+  { writeShellApplication, sway}:
+
+  writeShellApplication {
+    name = "fs-diff";
+    text = builtins.readFile ../../scripts/fs-diff.sh;
+  }
+#+end_src
+
 
 *** Overlays
 
@@ -6300,6 +6335,7 @@ Programming languages and default lsp's are defined here: [[#h:0e7e8bea-ec58-499
     swarselcheck
     waybarupdate
     opacitytoggle
+    fs-diff
 
     (pkgs.writeScriptBin "project" ''
       #! ${pkgs.bash}/bin/bash
@@ -6994,6 +7030,7 @@ Here we set some aliases (some of them should be shellApplications instead) as w
         cd = "z";
         cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
         nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
+        fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
       };
       autosuggestion.enable = true;
       enableCompletion = true;
diff --git a/flake.nix b/flake.nix
index 2e27113..4bb22ef 100644
--- a/flake.nix
+++ b/flake.nix
@@ -127,7 +127,7 @@
       # # NixOS modules that can only be used on NixOS systems
       nixModules = [
         inputs.stylix.nixosModules.stylix
-        # inputs.lanzaboote.nixosModules.lanzaboote
+        inputs.lanzaboote.nixosModules.lanzaboote
         inputs.disko.nixosModules.disko
         # inputs.impermanence.nixosModules.impermanence
         inputs.sops-nix.nixosModules.sops
diff --git a/pkgs/default.nix b/pkgs/default.nix
index 731054c..a273952 100644
--- a/pkgs/default.nix
+++ b/pkgs/default.nix
@@ -13,4 +13,5 @@ in
   swarselcheck = callPackage ./swarselcheck { };
   waybarupdate = callPackage ./waybarupdate { };
   opacitytoggle = callPackage ./opacitytoggle { };
+  fs-diff = callPackage ./fs-diff { };
 }
diff --git a/pkgs/fs-diff/default.nix b/pkgs/fs-diff/default.nix
new file mode 100644
index 0000000..b3386d0
--- /dev/null
+++ b/pkgs/fs-diff/default.nix
@@ -0,0 +1,6 @@
+{ writeShellApplication, sway }:
+
+writeShellApplication {
+  name = "fs-diff";
+  text = builtins.readFile ../../scripts/fs-diff.sh;
+}
diff --git a/profiles/common/home/packages.nix b/profiles/common/home/packages.nix
index 941bd06..0cd5913 100644
--- a/profiles/common/home/packages.nix
+++ b/profiles/common/home/packages.nix
@@ -158,6 +158,7 @@
     swarselcheck
     waybarupdate
     opacitytoggle
+    fs-diff
 
     (pkgs.writeScriptBin "project" ''
       #! ${pkgs.bash}/bin/bash
diff --git a/profiles/common/home/zsh.nix b/profiles/common/home/zsh.nix
index 841d9c8..9b1617c 100644
--- a/profiles/common/home/zsh.nix
+++ b/profiles/common/home/zsh.nix
@@ -17,6 +17,7 @@
       cd = "z";
       cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
       nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
+      fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";
     };
     autosuggestion.enable = true;
     enableCompletion = true;
diff --git a/profiles/common/nixos/packages.nix b/profiles/common/nixos/packages.nix
index 08dfe1c..4e4e98c 100644
--- a/profiles/common/nixos/packages.nix
+++ b/profiles/common/nixos/packages.nix
@@ -19,6 +19,9 @@
 
     # pinentry
 
+    # secure boot
+    sbctl
+
     nix-index
 
     # keyboards
diff --git a/scripts/fs-diff.sh b/scripts/fs-diff.sh
index bd581d0..dd197cd 100644
--- a/scripts/fs-diff.sh
+++ b/scripts/fs-diff.sh
@@ -1,5 +1,3 @@
-#!/usr/bin/env bash
-# fs-diff.sh
 set -euo pipefail
 
 OLD_TRANSID=$(sudo btrfs subvolume find-new /mnt/root-blank 9999999)
@@ -10,7 +8,7 @@ sed '$d' |
 cut -f17- -d' ' |
 sort |
 uniq |
-while read path; do
+while read -r path; do
   path="/$path"
   if [ -L "$path" ]; then
     : # The path is a symbolic link, so is probably handled by NixOS already