From 120a41b1698e323249a4550678facb81ef16bfd1 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 23 Feb 2024 14:42:47 +0000
Subject: [PATCH] persistence: split /var/log persistence into dedicated
 "initrd" store

---
 hosts/common/persist.nix           |  4 +++-
 modules/persist/stores/default.nix |  1 +
 modules/persist/stores/initrd.nix  | 13 +++++++++++++
 3 files changed, 17 insertions(+), 1 deletion(-)
 create mode 100644 modules/persist/stores/initrd.nix

diff --git a/hosts/common/persist.nix b/hosts/common/persist.nix
index a463a4a9..959bb673 100644
--- a/hosts/common/persist.nix
+++ b/hosts/common/persist.nix
@@ -5,9 +5,11 @@
   # store /home/colin/a/b in /mnt/persist/private/a/b instead of /mnt/persist/private/home/colin/a/b
   sane.persist.stores.private.prefix = "/home/colin";
 
+  sane.persist.sys.byStore.initrd = [
+    "/var/log"
+  ];
   sane.persist.sys.byStore.plaintext = [
     # TODO: these should be private.. somehow
-    "/var/log"
     "/var/backup"  # for e.g. postgres dumps
   ];
   sane.persist.sys.byStore.cryptClearOnBoot = [
diff --git a/modules/persist/stores/default.nix b/modules/persist/stores/default.nix
index 75f3f1aa..d0f720df 100644
--- a/modules/persist/stores/default.nix
+++ b/modules/persist/stores/default.nix
@@ -3,6 +3,7 @@
 {
   imports = [
     ./crypt.nix
+    ./initrd.nix
     ./plaintext.nix
     ./private.nix
   ];
diff --git a/modules/persist/stores/initrd.nix b/modules/persist/stores/initrd.nix
new file mode 100644
index 00000000..f9ac806e
--- /dev/null
+++ b/modules/persist/stores/initrd.nix
@@ -0,0 +1,13 @@
+# certain paths -- notable /var/log -- need to be mounted in the initrd.
+# this presents a "gotcha", in that we can't run any of our "prepare $directory" scripts before mounting it.
+#
+# N.B.: if /var/log fails to mount, ssh in and manually create its backing dir, then reboot.
+# it's that simple.
+# it should get created automatically during (stage-2) boot/activation, though.
+{ config, lib, ... }:
+lib.mkIf config.sane.persist.enable {
+  sane.persist.stores."initrd" = {
+    origin = lib.mkDefault "/nix/persist/initrd";
+    defaultMethod = "bind";
+  };
+}