Flag /secrets as needed for boot

author: Caroline Larimore <caroline@larimo.re> 2024-07-23 23:47:21 -0700
committer: Caroline Larimore <caroline@larimo.re> 2024-07-23 23:47:21 -0700
commit: 7e10b8984ac0b6858dd4d7e77f8950a8e65a99ec (patch)
tree: e92a74f6a75888e561104249ad327a5d6a9c8184
parent: f36c64f008c8d822e42f325bfb9508844db552f4 (diff)
4 files changed, 10 insertions, 6 deletions
diff --git a/hosts/c-pc/configuration.nix b/hosts/c-pc/configuration.nix
index 367349c..fd25a36 100644
--- a/hosts/c-pc/configuration.nix
+++ b/hosts/c-pc/configuration.nix
@@ -10,7 +10,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
     directories = [
diff --git a/hosts/c-pc/hardware-configuration.nix b/hosts/c-pc/hardware-configuration.nix
index dee425a..0566e3d 100644
--- a/hosts/c-pc/hardware-configuration.nix
+++ b/hosts/c-pc/hardware-configuration.nix
@@ -9,6 +9,8 @@
     loader.grub = {
       enable = true;
 
+      useOSProber = true;
+
       zfsSupport = true;
       efiSupport = true;
       efiInstallAsRemovable = true;
@@ -24,6 +26,10 @@
       postDeviceCommands = lib.mkAfter ''
         zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
       '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
     };
 
     kernelModules = [ "kvm-amd" ];
@@ -35,8 +41,8 @@
   fileSystems = {
     "/"        = { fsType = "zfs"; device = "zpool/root"; };
     "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; neededForBoot = true; };
     "/nix"     = { fsType = "zfs"; device = "zpool/nix"; };
 
     "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
diff --git a/hosts/copenhagen/configuration.nix b/hosts/copenhagen/configuration.nix
index 3aaf862..f1b1438 100644
--- a/hosts/copenhagen/configuration.nix
+++ b/hosts/copenhagen/configuration.nix
@@ -9,7 +9,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
     directories = [
diff --git a/hosts/copenhagen/hardware-configuration.nix b/hosts/copenhagen/hardware-configuration.nix
index 63596c0..853c51d 100644
--- a/hosts/copenhagen/hardware-configuration.nix
+++ b/hosts/copenhagen/hardware-configuration.nix
@@ -35,8 +35,8 @@
   fileSystems = {
     "/"        = { fsType = "zfs"; device = "zpool/root"; };
     "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; neededForBoot = true; };
     "/nix"     = { fsType = "zfs"; device = "zpool/nix"; };
 
     "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/DF61-E3BD"; };
author	Caroline Larimore <caroline@larimo.re>	2024-07-23 23:47:21 -0700
committer	Caroline Larimore <caroline@larimo.re>	2024-07-23 23:47:21 -0700
commit	7e10b8984ac0b6858dd4d7e77f8950a8e65a99ec (patch)
tree	e92a74f6a75888e561104249ad327a5d6a9c8184
parent	f36c64f008c8d822e42f325bfb9508844db552f4 (diff)