From 4023960dc0580a024d652d72f807fb0eec7fd7a2 Mon Sep 17 00:00:00 2001
From: Colin <colin@uninsane.org>
Date: Fri, 23 Feb 2024 16:40:31 +0000
Subject: [PATCH] README: MANUAL MIGRATION: move "plaintext" store to
 /nix/persist/plaintext

to migrate the data:
```sh
$ sudo mkdir /nix/persist/plaintext
$ sudo mv /nix/persist/{etc,home,var} /nix/persist/plaintext
$ sudo ln -s plaintext/etc /nix/persist/etc  #< temporarily; if deploying over ssh
$ switch
$ reboot
$ sudo rm /nix/persist/etc  #< if you did the symlink earlier
```
---
 modules/persist/stores/plaintext.nix |  7 ++++---
 modules/ssh.nix                      | 12 +++++++-----
 2 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/modules/persist/stores/plaintext.nix b/modules/persist/stores/plaintext.nix
index 7eeab53a..c54bce71 100644
--- a/modules/persist/stores/plaintext.nix
+++ b/modules/persist/stores/plaintext.nix
@@ -1,17 +1,18 @@
-{ config, lib, ... }:
+{ config, lib, sane-lib, ... }:
 
 let
   # TODO: parameterize!
   persist-base = "/nix/persist";
   origin = config.sane.persist.stores."plaintext".origin;
-  backing = persist-base;  #< TODO: scope this!
+  backing = sane-lib.path.concat [ persist-base "plaintext" ];
 in {
   sane.persist.stores."plaintext" = {
     origin = lib.mkDefault "/mnt/persist/plaintext";
   };
 
-  # TODO: scope this!
   sane.fs = lib.mkIf config.sane.persist.enable {
     "${origin}".mount.bind = backing;
+    # let sane.fs know that the underlying device is an ordinary folder
+    "${backing}".dir = {};
   };
 }
diff --git a/modules/ssh.nix b/modules/ssh.nix
index 4e6e3c74..f24bbf5c 100644
--- a/modules/ssh.nix
+++ b/modules/ssh.nix
@@ -65,11 +65,13 @@ in
   };
 
   config = {
-    # persist the host key
-    # prefer specifying it via environment.etc since although it is generated per-host,
-    # it's made to be immutable after generation. hence, a `persist`-style mount wouldn't be as great.
-    environment.etc."ssh/host_keys".source = "/nix/persist/etc/ssh/host_keys";
-    # sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
+    # persist the host key.
+    sane.persist.sys.byStore.plaintext = [ "/etc/ssh/host_keys" ];
+    # N.B.: use the plaintext `backing` dir instead of proper persistence, because this needs to be available
+    # during activation time (see /etc/machine-id and setupSecretsForUsers activation script).
+    environment.etc."ssh/host_keys".source = let
+      plaintextBacking = config.sane.fs."${config.sane.persist.stores.plaintext.origin}".mount.bind;
+    in "${plaintextBacking}/etc/ssh/host_keys";
 
     # let openssh find our host keys
     services.openssh.hostKeys = [