From 52c3fa477285d04f019bb57c35c31e0b7f53cc47 Mon Sep 17 00:00:00 2001
From: Guanran Wang <guanran928@outlook.com>
Date: Sun, 20 Oct 2024 14:45:52 +0800
Subject: [PATCH] dust: use immutable /etc

---
 home/default.nix       |  3 ++-
 hosts/dust/default.nix | 22 ++++++++++++++++++----
 2 files changed, 20 insertions(+), 5 deletions(-)

diff --git a/home/default.nix b/home/default.nix
index a1f4767..b1712fd 100644
--- a/home/default.nix
+++ b/home/default.nix
@@ -18,11 +18,12 @@
 
   programs = {
     jq.enable = true;
+    man.generateCaches = false;
+    mangohud.enable = true;
     obs-studio.enable = true;
     ripgrep.enable = true;
     skim.enable = true;
     zoxide.enable = true;
-    mangohud.enable = true;
   };
 
   services = {
diff --git a/hosts/dust/default.nix b/hosts/dust/default.nix
index 2ad99fd..4db7b2e 100644
--- a/hosts/dust/default.nix
+++ b/hosts/dust/default.nix
@@ -44,6 +44,8 @@
     }
   );
 
+  boot.kernelPackages = lib.mkForce pkgs.linuxPackages_testing;
+
   nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
 
   networking.hostName = "dust";
@@ -51,11 +53,23 @@
   system.stateVersion = "24.05";
 
   # TODO: move to 'core' profile
-  system.etc.overlay.enable = true;
   services.userborn.enable = true;
-
-  # TODO: this is currently broken
-  # system.etc.overlay.mutable = false;
+  system.etc.overlay.enable = true;
+  system.etc.overlay.mutable = false;
+  # HACK: for impermanence
+  environment.etc =
+    lib.genAttrs
+      [
+        "ssh/ssh_host_rsa_key"
+        "ssh/ssh_host_rsa_key.pub"
+        "ssh/ssh_host_ed25519_key"
+        "ssh/ssh_host_ed25519_key.pub"
+        "secureboot/placeholder"
+      ]
+      (_n: {
+        source = pkgs.emptyFile;
+        mode = "0644";
+      });
 
   users.users."guanranwang" = {
     isNormalUser = true;