c-pc: move keys to encrypted persist

author: Caroline Larimore <caroline@larimo.re> 2024-07-25 19:52:10 -0700
committer: Caroline Larimore <caroline@larimo.re> 2024-07-25 19:52:10 -0700
commit: 458d03208dc1a2ae0da6b711380bdc0c8eb978d6 (patch)
tree: 0d156f2d8ec213bcc59b84a7cbf1b78a1b977cd9
parent: 427bff7d59080b7053ce37a88bfb42e078a40fba (diff)
3 files changed, 19 insertions, 11 deletions
diff --git a/README.md b/README.md
index 300726f..52aace9 100644
--- a/README.md
+++ b/README.md
@@ -17,6 +17,7 @@ See [Hardware Configuration](hosts/c-pc/hardware-configuration.nix)
         - `persist` -> `/persist`
         - `secure` (encrypted)
             - `secrets` -> `/secrets`
+            - `persist` -> `/persist/secure`
         - `nix` -> `/nix`
 - 4tb HDD
     - `4tb` (ext4) -> `/mnt/4tb`
diff --git a/hosts/c-pc/hardware.nix b/hosts/c-pc/hardware.nix
index 660ac7a..3b4a417 100644
--- a/hosts/c-pc/hardware.nix
+++ b/hosts/c-pc/hardware.nix
@@ -40,16 +40,17 @@
   };
 
   fileSystems = {
-    "/"        = { fsType = "zfs"; device = "zpool/root"; };
-    "/nix"     = { fsType = "zfs"; device = "zpool/nix";  };
-    "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; };
+    "/"               = { fsType = "zfs"; device = "zpool/root"; };
+    "/nix"            = { fsType = "zfs"; device = "zpool/nix";  };
+    "/home"           = { fsType = "zfs"; device = "zpool/home"; };
+    "/persist"        = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/persist/secure" = { fsType = "zfs"; device = "zpool/secure/persist"; neededForBoot = true; };
+    "/secrets"        = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; };
 
-    "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
+    "/boot"           = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
 
-    "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
-    "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; };
+    "/mnt/4tb"        = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
+    "/mnt/ssd"        = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; };
   };
 
   swapDevices = [ ];
diff --git a/hosts/c-pc/home.nix b/hosts/c-pc/home.nix
index c2efb51..28a5e12 100644
--- a/hosts/c-pc/home.nix
+++ b/hosts/c-pc/home.nix
@@ -26,9 +26,6 @@
       "Persist"
 
       "code"
-
-      ".gnupg"
-      ".ssh"
       
       ".local/bin"
       ".local/share/applications"
@@ -74,6 +71,15 @@
     ];
   };
 
+  home.persistence."/persist/secure/home" = {
+    allowOther = true;
+
+    directories = [
+      ".gnupg"
+      ".ssh"
+    ];
+  };
+
   programs = {
     feh.enable = true;
     btop.enable = true;
author	Caroline Larimore <caroline@larimo.re>	2024-07-25 19:52:10 -0700
committer	Caroline Larimore <caroline@larimo.re>	2024-07-25 19:52:10 -0700
commit	458d03208dc1a2ae0da6b711380bdc0c8eb978d6 (patch)
tree	0d156f2d8ec213bcc59b84a7cbf1b78a1b977cd9
parent	427bff7d59080b7053ce37a88bfb42e078a40fba (diff)