zfs full pool encryption

configuration.nix

@@ -101,14 +101,10 @@
       mkdir -p ${config.boot.lanzaboote.pkiBundle}
       ${pkgs.gnutar}/bin/tar xf /etc/nixos/secrets/secureboot.tar -C ${config.boot.lanzaboote.pkiBundle}
     '';
-
-    "zfs-encryption-keys".text = ''
-      #!/bin/sh
-      rm -fr /etc/zfs-key
-      cp /etc/nixos/secrets/zfs-key /etc/zfs-key
-    '';
   };
 
+  boot.initrd.secrets."/etc/zfs-key" = /etc/nixos/secrets/zfs-key;
+
   environment.etc = {
     "issue".text = "";
   };
@@ -292,6 +288,9 @@
       "wheel"
       "video"
       "render"
+      "postgres"
+      "owntracks"
+      "immich"
     ];
     hashedPasswordFile = "/etc/nixos/secrets/hashedPass";
 
@@ -353,5 +352,5 @@
     "d ${config.services.postgresql.dataDir} 0700 postgres postgres"
   ];
 
-  system.stateVersion = "24.05";
+  system.stateVersion = "24.11";
 }