From 7e10b8984ac0b6858dd4d7e77f8950a8e65a99ec Mon Sep 17 00:00:00 2001
From: Caroline Larimore <caroline@larimo.re>
Date: Tue, 23 Jul 2024 23:47:21 -0700
Subject: Flag /secrets as needed for boot

---
 hosts/c-pc/configuration.nix                |  1 -
 hosts/c-pc/hardware-configuration.nix       | 10 ++++++++--
 hosts/copenhagen/configuration.nix          |  1 -
 hosts/copenhagen/hardware-configuration.nix |  4 ++--
 4 files changed, 10 insertions(+), 6 deletions(-)

(limited to 'hosts')

diff --git a/hosts/c-pc/configuration.nix b/hosts/c-pc/configuration.nix
index 367349c..fd25a36 100644
--- a/hosts/c-pc/configuration.nix
+++ b/hosts/c-pc/configuration.nix
@@ -10,7 +10,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
     directories = [
diff --git a/hosts/c-pc/hardware-configuration.nix b/hosts/c-pc/hardware-configuration.nix
index dee425a..0566e3d 100644
--- a/hosts/c-pc/hardware-configuration.nix
+++ b/hosts/c-pc/hardware-configuration.nix
@@ -9,6 +9,8 @@
     loader.grub = {
       enable = true;
 
+      useOSProber = true;
+
       zfsSupport = true;
       efiSupport = true;
       efiInstallAsRemovable = true;
@@ -24,6 +26,10 @@
       postDeviceCommands = lib.mkAfter ''
         zfs rollback -r zpool/root@blank && zfs rollback -r zpool/home@blank
       '';
+
+      postMountCommands = lib.mkAfter ''
+        chmod u=rw,g=,o= /secrets
+      '';
     };
 
     kernelModules = [ "kvm-amd" ];
@@ -35,8 +41,8 @@
   fileSystems = {
     "/"        = { fsType = "zfs"; device = "zpool/root"; };
     "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; neededForBoot = true; };
     "/nix"     = { fsType = "zfs"; device = "zpool/nix"; };
 
     "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/12CE-A600"; };
diff --git a/hosts/copenhagen/configuration.nix b/hosts/copenhagen/configuration.nix
index 3aaf862..f1b1438 100644
--- a/hosts/copenhagen/configuration.nix
+++ b/hosts/copenhagen/configuration.nix
@@ -9,7 +9,6 @@
 
   nix.settings.experimental-features = [ "nix-command" "flakes" ];
 
-  fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist/system" = {
     hideMounts = true;
     directories = [
diff --git a/hosts/copenhagen/hardware-configuration.nix b/hosts/copenhagen/hardware-configuration.nix
index 63596c0..853c51d 100644
--- a/hosts/copenhagen/hardware-configuration.nix
+++ b/hosts/copenhagen/hardware-configuration.nix
@@ -35,8 +35,8 @@
   fileSystems = {
     "/"        = { fsType = "zfs"; device = "zpool/root"; };
     "/home"    = { fsType = "zfs"; device = "zpool/home"; };
-    "/persist" = { fsType = "zfs"; device = "zpool/persist"; };
-    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; };
+    "/persist" = { fsType = "zfs"; device = "zpool/persist"; neededForBoot = true; };
+    "/secrets" = { fsType = "zfs"; device = "zpool/secrets"; neededForBoot = true; };
     "/nix"     = { fsType = "zfs"; device = "zpool/nix"; };
 
     "/boot"    = { fsType = "vfat"; device = "/dev/disk/by-uuid/DF61-E3BD"; };
-- 
cgit v1.2.3