From 3914a29e0c2a83a66cbbea4903afa86bad78f059 Mon Sep 17 00:00:00 2001
From: Simon Gardling <titaniumtown@proton.me>
Date: Tue, 2 Dec 2025 00:56:44 -0500
Subject: [PATCH] persistent: streamline installation process with
 persistent.tar

---
 install.sh             |  35 ++++++++++++++++++++++++++++++++---
 secrets/persistent.tar | Bin 0 -> 4702 bytes
 2 files changed, 32 insertions(+), 3 deletions(-)
 create mode 100644 secrets/persistent.tar

diff --git a/install.sh b/install.sh
index 4ce0ac2..384f6c2 100755
--- a/install.sh
+++ b/install.sh
@@ -18,13 +18,15 @@ fi
 
 echo "Installing NixOS to $DISK using flake at $FLAKE_DIR"
 
-# Create temporary directory for secureboot keys
+# Create temporary directories
 mkdir -p /tmp/secureboot
+mkdir -p /tmp/persistent
 
 # Function to cleanup on exit
 cleanup() {
     echo "Cleaning up..."
     rm -rf /tmp/secureboot 2>/dev/null || true
+    rm -rf /tmp/persistent 2>/dev/null || true
 }
 trap cleanup EXIT
 
@@ -40,6 +42,15 @@ nix-shell -p age --run "age -d -i '$FLAKE_DIR/usb-secrets/usb-secrets-key' '$FLA
 
 echo "Secureboot keys extracted"
 
+# Extract persistent partition secrets
+echo "Extracting persistent partition contents..."
+if [[ -f "$FLAKE_DIR/secrets/persistent.tar" ]]; then
+    tar -xzf "$FLAKE_DIR/secrets/persistent.tar" -C /tmp/persistent
+    echo "Persistent partition contents extracted"
+else
+    echo "Warning: persistent.tar not found, skipping persistent secrets"
+fi
+
 # Check if disko-install is available
 if ! command -v disko-install >/dev/null 2>&1; then
     echo "Running disko-install via nix..."
@@ -50,10 +61,28 @@ fi
 
 echo "Running disko-install to partition, format, and install NixOS..."
 
+# Build the extra-files arguments
+EXTRA_FILES_ARGS=(
+    --extra-files /tmp/secureboot /etc/secureboot
+    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets-key" /mnt/usb-secrets/usb-secrets-key
+)
+
+# Add each top-level item from persistent separately to avoid nesting
+# cp -ar creates /dst/src when copying directories, so we need to copy each item
+#
+# Also disko-install actually copies the files from extra-files, so we are good here
+if [[ -d /tmp/persistent ]] && [[ -n "$(ls -A /tmp/persistent 2>/dev/null)" ]]; then
+    for item in /tmp/persistent/*; do
+        if [[ -e "$item" ]]; then
+            basename=$(basename "$item")
+            EXTRA_FILES_ARGS+=(--extra-files "$item" "/persistent/$basename")
+        fi
+    done
+fi
+
 # Run disko-install with secureboot keys available
 sudo $DISKO_INSTALL \
     --mode format \
     --flake "$FLAKE_DIR#muffin" \
     --disk main "$DISK" \
-    --extra-files /tmp/secureboot /etc/secureboot \
-    --extra-files "$FLAKE_DIR/usb-secrets/usb-secrets-key" /mnt/usb-secrets/usb-secrets-key
+    "${EXTRA_FILES_ARGS[@]}"
diff --git a/secrets/persistent.tar b/secrets/persistent.tar
new file mode 100644
index 0000000000000000000000000000000000000000..aa191e5b4d31c39e0840532b4a65adfd07546e3d
GIT binary patch
literal 4702
zcmZQ@_Y83kiVO&0;CD^w|L{OqHzV*{#EBU~v+tj&dZ?j#Lg7Y0)HKPvCmhTk81SE+
z=;Y70BRuJlzxHJFK4JUon|voa^n}^!YpE_+_=;`b&7#uX{nDrE*36pwdzHZJaMPKd
zfB(-7T75q+kYTgrD)SjVl6$3phZ}EyK1cXs9gF?_9#N0<BR)<^?Rvf%!CVt<<OEH<
z+I?s4Ps};Fn@f~$-xhnpK&jF_Q_X%I_^ICa*5^}*tZ2;awAKuDCiCO+uia$otz)-e
zz3iM-X?MD{AnL!%v*R1sv^~CX$U0w;bTRN{l0U^FE3#{Q*ty7UOHWkkDXl%sTP1bW
z?9|33-;y?5m>|}szsYz_`034QciDuWc!YmS=-*Z+!nt4l*}8?{N!vm*gOg`WPxvc)
zCgPNGt7e17&H~kkvpZ@`vQ8*|n=LE(Z_&K1ISKQXtm?9yY;+l4h_&sG(ondfsB_0=
zWwp0T+p?ts>HhD!@81j&**Mk1xZ%oj$vbS@j&InM|M^pa@b((R<twz!#XYWwE>$m#
zo!2;3qVNR!9*fDf??3!t<-5M@?ZjnQ=CqsL{d<cy$9%f@Qrni-x#uI=W7Upd{AYS*
zj?1IK{RJu0To|6%%B+YusN1ovy*%WYsT;$c%QqrT?Sn2n6#dF#G*wIW#P@H~cHIw8
zH7s7dAuWCNPsKkGvNhsdsaIwgFZyG#vApQ~hBx9fO!oxMFf*Rf@UQhxuKI!XWnX2b
z_Y0R9279hswNCh_$XstrRW{y6ZIw!fzi;)l{v~tnJ|?1Y?PtLLvkMk7D{NeGEWNG&
zh~&cmTSYEgq@UUNy?^cAoEM%qEp(J`Y19=>_<TKd`}WG`g;@^UPw)Nu@KxkWFV3ay
zF~-l0cd_SbY;51Q@~>9?%oTB`Jyr#6Nzo4Cyy)n9+n}udxQJ6mL~Lsm-*f4cC%<e-
zUH$e!zW(;ODE<jvJ5T>yw0Gu$GtS4%4)5idbZF0vzg<;trfgg{mCxQ~i};_`*;Yxc
zQQr$*+ev=bZ9H*L#&XuNyHn53&kNrnJlAsC@qe<-iyuBwoPSwgx%ttZgp+Hk*C|9s
zeRxp1!ejq&jY;idYlF?LJX6G~f3hy_epI>5(#gzzxh6YHmf`HT+RP11C)VBYxIg7c
z=9hHajWxzMdGBX^OKr^HXXm=h_h@VKWHBkDD*?@oMJbj{yvKV|6CTQ*4{9&@;#nYk
zc(X$2)!p_HXHR;psB4u=xv+qhr|11!{nPvH*7sZ#VB4=<aO=Z0{giJUPr4)DyjS~q
zL0)d_)un!~?y>ATl~Zvpd0Iut)iA@edrmnzBp69@Ox$+u{hB+M_RX5S=j`Q3-lN?-
zD`$F4um02<yz$a?*;^;BexFny(yG~hFPFXlt<vsrrjPS?N$RT#J>I^nB;0Yeghh-{
zZteZA5>IYw&tI*+Ghx%I*7tloELu;eRLOTUF*^7CU&eot<GRjf*{xgN|NO%;bG5)j
zR^dI{Tbk6@{p;Dp_xs6*7>)JvncBz0x1HX7;Om)v4;TOQKk0l}p)yuT;a}psjQY8a
z9Wh5(&V7@-lKaht-QibP2W$Mz8F6=#SeFTYntR?bwsfx6Zm~@98FTNpbMoagb=O|E
zd$4+4+QjPEy-PlKW^Al9PMd7$*7RLBKKX}*@vm)~wOf6wds;XCD7*UJIm)r>$E4?h
zsj-fm6|cFNc&BVX?BU*;x#20#viFr=Yu~wqt(D&S<8V+%oN3hiUCZ9xUg^~yd|E|c
zE#LO&!pg$g%C|k&$xq^5^p08nSDQiT*}osn=A|v%>XzF2p>D^y*|P7~-OgAZc0Bb(
zW?7W{MBm`BP4g01ZMmYX#b>kBdMy?1dL6-fzR6?C%cyY2&brd2;d{^j)%)=Keu`^i
z<-aeB^+ZHoKQLb!5Vdd9UDy5h_;lW}y2<{}JZd3r`s9MVN3Ge<^jw`j-3dnN8JSmv
zW-*<-D;NGn*8iW;@~I{l_N}n8ja7P3TM<$q>$mRV6wSZ<i`O>(fBA*?O10`Ok=*Rl
zX^(i<oxYmn*JG!s?e@T={D#uJ4F6L_L6@G?esX^N%{x!n^!D`1*dXn?dDoY_Z(E#j
z_O|5%i|x@|%MJ&#mRgFIIBolLy{=DyE&0Gtd+x;jrW+nN{*$~@&$w;2ONr*OYK_Ny
zq09eAwAU*<Rc2f>b<M7)AJ$$rtjcGezu58WjkdWtu1g;u&#F#;eSDo?(@S+OPjkU5
zU$Pc%{iM$0n-LRnwQ#PCz$)<u0}JzC5C8BUSoi(dZmT$xb!O+jl{=o!mwLVOPV!X=
z??qX+?&(at-Nc$Gnh~|^T&Lcng?gS_y-rA|<ea}7a$UXBRcTwiwC4Z(8N9lp`sx=s
zpU7RZoVI%Xzi%fZzbw^Mxxn<Te4pvm0trRI(~45Rg877IYb@*e8}WD9)_Biw$<Gf@
z>}uY!Q)PjHAM5=ahmSf0E@!*!I(@zCV-xXZ&)p2=QqNs-j{KnX_ovrw-f1G$<#RPl
zV)EwS<7D5^{IfZrIrFQ`>F4t~nEY4UOzqxK_xyCfRlK{|<{6P6el6a7zAL!b;z@`?
z&GLU-e5a~S)59MLc26<b(ec<d#w=%%MbH0d((4a)eS4CmkRkf%-@K-lv@89F_o6;L
zuU~kS|6W<NQG;I;U*Czx*?U|rUM-rIYiIS_<-3vf>d0?m?d>05Sp2&BNayE?-fgO{
zUmiX9*o|-QCUHe~w};^+Dn0Ud@))F&atuCyu-hf{x^lT~P*CWS$<L;^a;htp1@A6;
z(ZR%KEz3}{ddg=Z!B2($Wp|2I7N1&RH))cZz1`MyA<cc${oUkd{0kT4-Q9eO*|}wQ
zhtTchS?>=l<TlB9|8WM-NozmeCZ9L^o)q&(&fg<=KKv1r_VNic9_*|(jLLKrxU<rB
z#iyBzp3g0N>KWXWmu}{KCd7Q%!2{n9``PJt72DO^)>Bzg9$Ogx@WRj6Uuy;4%re%M
z_3v-lGU+6r?Zvx?)n?zGaZmdG@+piKEm2~}blevHTfR%9>l)96QzjoZ=KNRFvtTHi
z`DIdi`hqm+BW4@BpLjS#E>&(TxV&ukK7ov*R%d3Kv`_0O+A_O6W{<Cfkl}i}rpRZ`
zr3<niH5Jat{CAk)!PUE4IDTwqw0_WKb@|LTlY_7IEB4>#X?hm=_Uo3s*(Z!cyJa8A
zp7N}CQQp42A<_2JU)Ez%o^Fvl->UY?^9dy^Y_ho5xAo%52O8)1GF<4~z2j%Z7mM&K
z4L_Z_cYe9WsG}r%zN(;T2hX9s-=FQNX1rU!z?9#Y?f1ELmwx8kTvkoJvqwMWmiZ>F
zL|KuCQzl72mX-f|P=xokhT%lLlQT}tQJf#LyKdLlm<I2;EsF!EIBt1$=HSvx@;!3-
z(rmBJuPTu!`sttDP#nI@Xae8)hz(nICN5ccoFlpM@b^qzx1`mJmKto7)Hd09|I#AE
zRXh83m(>=}cdeS7p;L6-HD+64<K$%lVcGMt*6AgDKU<)$(!c7=1I0*@@2j^YOnxx0
znu(d)ms2wG<h{%sXHAd1&R4CUgB*SQS6q0kT{6jyT_f4zXlPfCzJg;blSaJ5%@u*k
zof{ujDak#b@MPh6j<;cY7v`F@_M|(frr8$c?rX95b8p2B6_@ji&gU=UI3*y=*lE8a
z#g94r-Gt{?cT_9At+>ImV%H7V;O?;Soi)dH?9_aF@{gD1^}5Mw%LHwwIB>aMP*y8c
zJ{M4$`r(!2t`!qLt$UgFXWP@{h8r=_PfD9ax3Bn6clO=fnJ;ZP?_K$noqsi2OZc;&
zEt{opq$=mcS<Vv^-^_}2*V**%5Yvq{&s6q?{@i(tdBUmIz|D(g%0BCsP0*jqTKcuH
zAV<i9@2uCpjQyYN4f*X~Mx6d{RAzbRU!jmdgXyJv=f5v$?(vikW81!j<87|B24fWm
z|KgPMK~h`Zd49b*apB|OpN$;RI*a6A)}(CsFSK^1l+1(U)}K6|96Kt!Iz@V)<O-8@
zt&<{u%w-VS-~Y0!hxc0>M`p|E<h>4(MqE=kldf9|>|qQ)67xG=@Mm4VOu@{E0|8mD
z1isz!7p-cjIvZa8QnK~S(y0pqf?6xqoc+JM((&N7I*q?iQ~po?Q7vR4?C{6>QLTAs
zu<DLmQOj4jBweZ6wZ&p*?IwZ#mYI9^Gas1NbVopO4zp;;!j$->cUl^lkEk5&)LQIt
zYHow04Aayl4kxy9{NT=B`sZd&T>Z)h%Uz4DTYhP?ZGXgATb|`OrTp=%U0RjLKhAG^
zaPOwezlUwxzaOd1?a^W^dw3&t^WMW}zn<-%R&SFhr?b~s{PeuA^6MGP-g0kO*SG30
zKN73?J4d{i|K0N3JDN9aFJE26uJ9tUVb0``<*R?!mMdzzvu@H8JpS=OU0-n#x5%Q*
z&7CuBwfz&NV&5Kp?a$P;?m@1%a8}vE+f!tpv3GgS?7l2kfAB~VSNJJW``uRq(pKK`
zcptFmzwR!_$){H)wqz_n?|*l9aO8Xo>r6Ythjq4m7HRrV6a~d!=sn)BGwB^m&55#m
zjZ1dS%IxShdofSo_|%EhuKkwap5I-QK5=zW;>%Q?f2-YZuIE;|YWiT!X2GqOZ|(3<
z|Lz=K!e4DSCo|NS<xS!Qt_NG}qiwS{=geGQ{xP6EZgS}H))iY;{}MkJ7aQ-Xw7D&{
zUoAKHbjrKnCI6Jn;*VcCIVs(reTP%)G0&9`C(UC>^w=34aQO1#cPGyz-uJ59S|rLo
zfkpAqeb&u_fr~6^dPT#ti$mOG-S>RZGud*L?Zb5KM=8!B?lTuoXx?-{N<q*?J8Hrq
zy_Qh*oNozHHy%8h<@){V6|2i#jlYj~fA8VrEV{l{X5lx-+4~rm2!uE;Gxjp;elGLi
zUiV$LrJGj9o=csq{+Hq1IpcjF_q{)DaB;@Z0-?*24|cCx^l(eG;o^651y*0`SjhgA
zO*{I%Qh*zuB2(hBXoI5v_m;*jSk<G#=v2InC#n2*+RO>jXWq^^Ss)`gcTJUm?cZxG
zyX!88{n?Oz&E;OsDc|Q^hXa>?opJv&%a12VC5`VabC#A$;uGOduXg%zKv({({A!&9
z!RnqrcBiYpd^zu<<;-zvgV9!Jy{EHYTi)t%nzLAV*~cR>PwPVE{r<$??9T7ICL+SE
zqii^>pl|89v@IU-a~qa=%w?YSaz|O-M3vWf)$=X=_*=~aERUC@ZJ$xh%_--VxS`=%
z58sKpS<m+Ff41<*26l<Q688V=EbLEvuH>El#p>CM3#(ph{CPVyp)TswBF5&OJ7(6-
zvCREBWnE^hO@5wrx$fzxU_O8AsYefn_Lgq8u=w2+`bH_jd|8CW^yJw5b$ex#%Ca`U
zy62Mly-_S{{UeQ48|9vJa)%Vk+}huHobS+`TuZBYf5f`<V^1nBNZVm~Z@cg-RnZ*w
zV>|yw|6iiNL9jiv+bpu`V$YrFvN7=r#?Q7(?>+d>WMOmC#@HWk9u{}r%Jh92cwUxm
z*@n0SjNe|_Mb-aYd{^LimfCy8$2;DBNo!5JBV@vPF>Q12f*-l&9;$8cwk_#i=`Xoy
z3R7g<wzfY<GQ$@=^>+Hl?|A0fzHLfJ;%;X8AANdvW<*)2VAPb_B;_5UiV5M1TUsuu
zMBNSkt2iS*LHux-#)4}cyAqz|Zl7|5X}+%6ipf^SqRmzZ?e6K;Bt;*LI6kQ^`4(S`
zrITN?>E{cVugu<JzQlQ+^CsoAlP0U)eQ?=gCFA~M?j6;YMe!c*W5s3(H#Qkm8u|3h
zIK#28D=GVA(L#-<0>@gt{hm&(v-ut|xvsfN=El#?Uo1Yy)*qZ5w)J4H?Ydh94RwyI
z{QOfn=KRaQyXeA9mI(IZy;u6UN=`3YQ|aroSw<w=C`3%vk$+QX{?DsHo#*(I-{y8M
zY~xR=-SNSxPbq)iw=_-_kB0X3dp~M#zxRK$!fEAZ!#uM|3pC<OpR*r1!})EOoa6o9
zxBP@Zo378$`VhzUTy0gW%O<8@JM`Ij^)1yZR{H42<t1_c<6dEZsF$sXHTlDFn}xcr
zC3~0xFRwD0y+Ux=+8utm@0zb(n7Gd^@MmXOb@Aj|oIN&ia;-N!+Jwqp-u}N_WpB%;
z*16B*on#-oKXxeKyL)NwmA{XIr)V<kN_*Rv@V#~|OyOytf6nIB0k64646K*A?^j<?
zK3o&H$K0y*bd`p2YwWY>LR*VpH%+e!JKUtE?OZi&x_{{+#^NX6l|CBOX1A?AY@yzH
zX3@pqGcrrHYqTdmvOiSVSnmETnWb-&@<#QHkXu#jO`R7jv+uen`?1nXKH8so<GtOA
zi$$FM-4{PTIN_Ad8{2Iba?4x`b6*{HKi_*{ar=tPuFfW#59iGKu<G<T<z~B6l{a(E
z@6@TUVL3l%s}GyGb;-(o3x517X!+zAAHO!}NV&e9qC4lF7`;Bb_{-r%?oAuA&Ir|R
Z*F7%(<@8NOZowxLYS(5Sby~={9RNNh9kc)d

literal 0
HcmV?d00001