Flag /secrets as needed for boot

2 files changed, 8 insertions, 3 deletions

diff --git a/hosts/c-pc/configuration.nix b/hosts/c-pc/configuration.nix
index 367349c..fd25a36 100644
--- a/hosts/c-pc/configuration.nix
+++ b/hosts/c-pc/configuration.nix
@@ -10,7 +10,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
     directories = [
diff --git a/hosts/c-pc/hardware-configuration.nix b/hosts/c-pc/hardware-configuration.nix
index dee425a..0566e3d 100644
--- a/hosts/c-pc/hardware-configuration.nix
+++ b/hosts/c-pc/hardware-configuration.nix
@@ -9,6 +9,8 @@
     loader.grub = {
       enable = true;
 
+      useOSProber = true;
+
       zfsSupport = true;
       efiSupport = true;
       efiInstallAsRemovable = true;
@@ -24,6 +26,10 @@
       postDeviceCommands = lib.mkAfter ''
         zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
       '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
     };
 
     kernelModules = [ "kvm-amd" ];
@@ -35,8 +41,8 @@
   fileSystems = {
     "/"        = { fsType = "zfs"; device = "zpool/root"; };
     "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; neededForBoot = true; };
     "/nix"     = { fsType = "zfs"; device = "zpool/nix"; };
 
     "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };