77 lines
2 KiB
Nix
77 lines
2 KiB
Nix
{ ... }:
|
|
{
|
|
preservation = {
|
|
enable = true;
|
|
|
|
# Preserve system-wide directories and files at /persist
|
|
preserveAt = {
|
|
"/persist" = {
|
|
hideMounts = true;
|
|
|
|
# Directories to persist (bind-mount by default)
|
|
directories = [
|
|
"/var/log"
|
|
"/var/lib/nixos"
|
|
"/var/lib/systemd/coredump"
|
|
"/var/lib/systemd/timers"
|
|
|
|
"/etc/nixos"
|
|
"/etc/ssh"
|
|
|
|
"/etc/NetworkManager/system-connections"
|
|
"/var/lib/bluetooth"
|
|
"/var/lib/NetworkManager"
|
|
"/var/lib/iwd"
|
|
"/var/lib/fail2ban"
|
|
];
|
|
|
|
# Files to persist
|
|
files = [
|
|
# Persist machine-id early (initrd)
|
|
{ file = "/etc/machine-id"; inInitrd = true; }
|
|
|
|
# SSH host keys: ensure correct handling with symlinks
|
|
{ file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; }
|
|
{ file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; }
|
|
];
|
|
|
|
# Per-user persistence
|
|
users = {
|
|
luser = {
|
|
directories = [
|
|
".ssh"
|
|
".gnupg"
|
|
|
|
"projects"
|
|
".config/nixos-config"
|
|
|
|
".config/atuin"
|
|
".local/share/atuin"
|
|
|
|
".local/share/zoxide"
|
|
|
|
# KDE
|
|
".config/kdeconnect"
|
|
|
|
# Chrome
|
|
".config/google-chrome"
|
|
|
|
# neovim ros_neovim
|
|
".local/state/nvim_ringofstorms_helium"
|
|
];
|
|
files = [ ];
|
|
};
|
|
};
|
|
};
|
|
};
|
|
};
|
|
|
|
# Configure intermediate system-wide directories that may need custom modes
|
|
# (Example: none required beyond defaults here.)
|
|
|
|
# If you need custom ownership/modes for parent directories, use tmpfiles:
|
|
# systemd.tmpfiles.settings.preservation = {
|
|
# "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };
|
|
# "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; };
|
|
# };
|
|
}
|