test: trying to get microVMs to work

modules/nixos/default.nix

@@ -49,8 +49,8 @@ in
           caddy
           # comfyui
           # filesorter
-          firefly-iii
-          forgejo
+          # firefly-iii
+          # forgejo
           # glance
           jellyfin
           # logrotate

modules/nixos/services/jellyfin/default.nix

@@ -70,11 +70,12 @@ in
           };
         };
 
-        # tmpfiles.rules = [
-        #   "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        #   "Z ${serviceCfg.varPaths.path1} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        #   "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-        # ];
+        tmpfiles.rules = [
+          "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "d ${serviceCfg.varPaths.path1} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          "Z ${serviceCfg.varPaths.path2} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+        ];
       };
 
       systemd.services.systemd-networkd.wantedBy = [ "multi-user.target" ];

modules/nixos/services/vaultwarden/default.nix

@@ -101,7 +101,7 @@ in
 
         tmpfiles.rules = [
           "Z ${serviceCfg.varPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
-          "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
+          # "Z ${serviceCfg.secretPaths.path0} 0755 ${serviceCfg.name} ${serviceCfg.name} -"
         ];
 
       };

systems/ceres/config/filesystem.nix

@@ -76,6 +76,11 @@ in
     "/etc/ssh" = {
       neededForBoot = true;
     };
+
+    "/opt/secrets" = {
+      neededForBoot = true;
+    };
+
   }
   // (builtins.listToAttrs (
     builtins.concatMap (drive: map (folder: sambaMounts drive folder) sambaFolders) sambaDrives
@@ -111,12 +116,17 @@ in
     directories = [
       "/var/cache"
       "/var/lib"
-      "/opt/secrets"
       {
         directory = "/etc/ssh";
         mode = "u=rwx,g=rx,o=rx";
         user = "root";
       }
+      {
+        directory = "/opt/secrets";
+        mode = "u=rwx,g=rx,o=rx";
+        user = "root";
+      }
+
     ];
     hideMounts = true;
     users.${user0} = {
@@ -142,3 +152,25 @@ in
 
   services.udisks2.enable = true;
 }
+
+# sudo mount /dev/disk/by-label/root /mnt
+# sudo btrfs subvolume create /mnt/persistent
+# sudo btrfs subvolume create /mnt/nix
+# sudo umount /mnt
+
+# sudo mount -o subvol=@ /dev/disk/by-label/root /mnt
+
+# sudo mount -o subvol=@nix /dev/disk/by-label/root /mnt/nix
+# sudo mount -o subvol=@persistent /dev/disk/by-label/root /mnt/persistent
+
+# sudo mount /dev/disk/by-label/BOOT /mnt/boot
+
+# sudo mount /dev/disk/by-label/storage /mnt/mnt/storage
+
+# sudo nixos-install --root /mnt
+
+# sudo nixos-enter --root /mnt
+# nixos-rebuild boot
+# exit
+
+# sudo reboot

systems/ceres/config/sops.nix

@@ -2,7 +2,7 @@
   sops = {
     secrets = {
       "network/server" = {
-        path = "/var/lib/secrets/server";
+        path = "/opt/secrets/server";
         owner = "root";
         mode = "600";
       };