test: trying to get microVMs to work

systems/ceres/config/filesystem.nix

@@ -76,6 +76,11 @@ in
     "/etc/ssh" = {
       neededForBoot = true;
     };
+
+    "/opt/secrets" = {
+      neededForBoot = true;
+    };
+
   }
   // (builtins.listToAttrs (
     builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
@@ -111,12 +116,17 @@ in
     directories = [
       "/var/cache"
       "/var/lib"
-      "/opt/secrets"
       {
         directory = "/etc/ssh";
         mode = "u=rwx,g=rx,o=rx";
         user = "root";
       }
+      {
+        directory = "/opt/secrets";
+        mode = "u=rwx,g=rx,o=rx";
+        user = "root";
+      }
+
     ];
     hideMounts = true;
     users.${user0} = {
@@ -142,3 +152,25 @@ in
 
   services.udisks2.enable = true;
 }
+
+# sudo mount /dev/disk/by-label/root /mnt
+# sudo btrfs subvolume create /mnt/persistent
+# sudo btrfs subvolume create /mnt/nix
+# sudo umount /mnt
+
+# sudo mount -o subvol=@ /dev/disk/by-label/root /mnt
+
+# sudo mount -o subvol=@nix /dev/disk/by-label/root /mnt/nix
+# sudo mount -o subvol=@persistent /dev/disk/by-label/root /mnt/persistent
+
+# sudo mount /dev/disk/by-label/BOOT /mnt/boot
+
+# sudo mount /dev/disk/by-label/storage /mnt/mnt/storage
+
+# sudo nixos-install --root /mnt
+
+# sudo nixos-enter --root /mnt
+# nixos-rebuild boot
+# exit
+
+# sudo reboot

systems/ceres/config/sops.nix

@@ -2,7 +2,7 @@
   sops = {
     secrets = {
       "network/server" = {
-        path = "/var/lib/secrets/server";
+        path = "/opt/secrets/server";
         owner = "root";
         mode = "600";
       };