t

2025-07-15 17:08:36 -05:00
parent 0fcb6e07f7
commit 17d4e87056
9 changed files with 425 additions and 16 deletions
--- a/hosts/nuc/impermanence.nix
+++ b/hosts/nuc/impermanence.nix
@@ -0,0 +1,32 @@
+{ ... }:
+{
+  # Set up impernance configuration for things like bluetooth
+  # In this configuration with /etc and /var/log being persistent, only directories outside of that need to be done here. See hardware configuration for all mountpoints.
+
+  environment.persistence."/nix/persist/system" = {
+    hideMounts = true;
+    directories = [
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/tailscale"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+      "/etc/secureboot"
+      {
+        directory = "/var/lib/private";
+        mode = "u=rwx,g=rx,o=";
+      }
+      {
+        directory = "/var/lib/colord";
+        user = "colord";
+        group = "colord";
+        mode = "u=rwx,g=rx,o=";
+      }
+    ];
+  };
+
+  security.sudo.extraConfig = ''
+    # rollback results in sudo lectures after each reboot
+    Defaults lecture = never
+  '';
+}