flake/nixos/flake-modules/impermanence.nix
2023-11-23 14:23:03 +08:00

34 lines
949 B
Nix

{
inputs,
lib,
...
}: {
imports = [
inputs.impermanence.nixosModules.impermanence
./sops-nix.nix
];
### sops-nix
sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];
# this folder is where the files will be stored (don't put it in tmpfs)
environment.persistence."/nix/persist/system" = {
directories = [
# bind mounted from /nix/persist/system/etc/nixos to /etc/nixos
"/var/log"
"/var/lib"
#"/etc/NetworkManager/system-connections"
"/etc/clash-meta" # clash-meta
"/etc/secureboot" # sbctl, lanzaboote, etc
];
files = [
# NOTE: if you persist /var/log directory, you should persist /etc/machine-id as well
# otherwise it will affect disk usage of log service
"/etc/ssh/ssh_host_ed25519_key"
"/etc/ssh/ssh_host_ed25519_key.pub"
"/etc/ssh/ssh_host_rsa_key"
"/etc/ssh/ssh_host_rsa_key.pub"
];
};
}