move "private" store to /mnt/persist/private instead of ~/private

this will allow me to add all of ~ to a sandbox without giving all of ~/private

hosts/common/persist.nix

@@ -1,8 +1,8 @@
 { ... }:
 
 {
-  sane.persist.stores.private.origin = "/home/colin/private";
+  sane.persist.stores.private.origin = "/mnt/persist/private";
-  # store /home/colin/a/b in /home/private/a/b instead of /home/private/home/colin/a/b
+  # store /home/colin/a/b in /mnt/persist/private/a/b instead of /mnt/persist/private/home/colin/a/b
   sane.persist.stores.private.prefix = "/home/colin";
 
   sane.persist.sys.byStore.plaintext = [

hosts/common/users/colin.nix

@@ -41,8 +41,8 @@
     # - <https://github.com/lourkeur/distro/blob/11173454c6bb50f7ccab28cc2c757dca21446d1d/nixos/profiles/users/louis-full.nix>
     # - <https://github.com/dnr/sample-nix-code/blob/03494480c1fae550c033aa54fd96aeb3827761c5/nixos/laptop.nix>
     pamMount = let
-      hasPrivate = config.fileSystems ? "/home/colin/private";
+      hasPrivate = config.fileSystems ? "/mnt/persist/private";
-      priv = config.fileSystems."/home/colin/private";
+      priv = config.fileSystems."/mnt/persist/private";
     in lib.mkIf hasPrivate {
       fstype = priv.fsType;
       path = priv.device;
@@ -139,6 +139,7 @@
 
     # fs.".cargo".symlink.target = "/tmp/colin-cargo";
 
+    fs."private".symlink.target = "/mnt/persist/private";
     # convenience
     fs."knowledge".symlink.target = "private/knowledge";
     fs."nixos".symlink.target = "dev/nixos";

modules/persist/stores/private.nix

@@ -4,7 +4,8 @@ let
   # TODO: parameterize!
   persist-base = "/nix/persist";
   private-dir = config.sane.persist.stores."private".origin;
-  private-backing-dir = sane-lib.path.concat [ persist-base private-dir ];
+  # TODO: remove the `prefix` part of this (will require data migration)
+  private-backing-dir = sane-lib.path.concat [ persist-base config.sane.persist.stores."private".prefix "private" ];
 in
 lib.mkIf config.sane.persist.enable
 {