65 lines
1.2 KiB
Nix
65 lines
1.2 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
pkgs,
|
|
username,
|
|
service_configs,
|
|
inputs,
|
|
...
|
|
}:
|
|
{
|
|
imports = [
|
|
inputs.impermanence.nixosModules.impermanence
|
|
];
|
|
|
|
environment.persistence."/persistent" = {
|
|
hideMounts = true;
|
|
directories = [
|
|
"/var/log"
|
|
"/var/lib/systemd/coredump"
|
|
"/var/lib/nixos"
|
|
|
|
"/var/lib/systemd/timers"
|
|
|
|
# ZFS cache directory - persisting the directory instead of the file
|
|
# avoids "device busy" errors when ZFS atomically updates the cache
|
|
"/etc/zfs"
|
|
];
|
|
|
|
files = [
|
|
# Machine ID
|
|
"/etc/machine-id"
|
|
];
|
|
|
|
users.${username} = {
|
|
files = [
|
|
".local/share/fish/fish_history"
|
|
];
|
|
};
|
|
|
|
users.root = {
|
|
files = [
|
|
".local/share/fish/fish_history"
|
|
];
|
|
};
|
|
};
|
|
|
|
# Store SSH host keys directly in /persistent to survive tmpfs root wipes.
|
|
# This is more reliable than bind mounts for service-generated files.
|
|
services.openssh.hostKeys = [
|
|
{
|
|
path = "/persistent/etc/ssh/ssh_host_ed25519_key";
|
|
type = "ed25519";
|
|
}
|
|
{
|
|
path = "/persistent/etc/ssh/ssh_host_rsa_key";
|
|
type = "rsa";
|
|
bits = 4096;
|
|
}
|
|
];
|
|
|
|
systemd.tmpfiles.rules = [
|
|
"d /etc 755 root"
|
|
];
|
|
}
|