From 458d03208dc1a2ae0da6b711380bdc0c8eb978d6 Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Thu, 25 Jul 2024 19:52:10 -0700
Subject: c-pc: move keys to encrypted persist

---
 hosts/c-pc/hardware.nix | 17 +++++++++--------
 hosts/c-pc/home.nix     | 12 +++++++++---
 2 files changed, 18 insertions(+), 11 deletions(-)

(limited to 'hosts/c-pc')

diff --git a/hosts/c-pc/hardware.nix b/hosts/c-pc/hardware.nix
index 660ac7a..3b4a417 100644
--- a/hosts/c-pc/hardware.nix
+++ b/hosts/c-pc/hardware.nix
@@ -40,16 +40,17 @@
   };
 
   fileSystems = {
-    "/"        = { fsType = "zfs"; device = "zpool/root"; };
-    "/nix"     = { fsType = "zfs"; device = "zpool/nix";  };
-    "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; };
+    "/"               = { fsType = "zfs"; device = "zpool/root"; };
+    "/nix"            = { fsType = "zfs"; device = "zpool/nix";  };
+    "/home"           = { fsType = "zfs"; device = "zpool/home"; };
+    "/persist"        = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/persist/secure" = { fsType = "zfs"; device = "zpool/secure/persist"; neededForBoot = true; };
+    "/secrets"        = { fsType = "zfs"; device = "zpool/secure/secrets"; neededForBoot = true; };
 
-    "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
+    "/boot"           = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
 
-    "/mnt/4tb" = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
-    "/mnt/ssd" = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; };
+    "/mnt/4tb"        = { fsType = "ext4"; device = "/dev/disk/by-label/4tb"; };
+    "/mnt/ssd"        = { fsType = "ext4"; device = "/dev/disk/by-label/ssd-256"; };
   };
 
   swapDevices = [ ];
diff --git a/hosts/c-pc/home.nix b/hosts/c-pc/home.nix
index c2efb51..28a5e12 100644
--- a/hosts/c-pc/home.nix
+++ b/hosts/c-pc/home.nix
@@ -26,9 +26,6 @@
       "Persist"
 
       "code"
-
-      ".gnupg"
-      ".ssh"
       
       ".local/bin"
       ".local/share/applications"
@@ -74,6 +71,15 @@
     ];
   };
 
+  home.persistence."/persist/secure/home" = {
+    allowOther = true;
+
+    directories = [
+      ".gnupg"
+      ".ssh"
+    ];
+  };
+
   programs = {
     feh.enable = true;
     btop.enable = true;
-- 
cgit v1.2.3