diff --git a/config/basic/impermanence.nix b/config/basic/impermanence.nix index 72de0bb..db01e2d 100644 --- a/config/basic/impermanence.nix +++ b/config/basic/impermanence.nix @@ -5,7 +5,9 @@ ... }: let - onlyHost = lib.mkIf (!config.boot.isContainer); + onlyHost = lib.mkIf ( + !config.boot.isContainer && !(config ? microvm.guest && config.microvm.guest.enable) + ); prune = folder: pkgs.writers.writePython3Bin "impermanence-prune" { } '' diff --git a/config/basic/secrets.nix b/config/basic/secrets.nix index b7b7bcb..58cad35 100644 --- a/config/basic/secrets.nix +++ b/config/basic/secrets.nix @@ -1,3 +1,4 @@ +{ config, lib, ... }: { age.generators.argon2id = { @@ -17,5 +18,9 @@ | ${pkgs.libargon2}/bin/argon2 "$(${pkgs.openssl}/bin/openssl rand -base64 16)" -id -e \ || die "Failure while generating argon2id hash" ''; - + secrets.secretFiles = + let + local = config.node.secretsDir + "/secrets.nix.age"; + in + lib.optionalAttrs (config.node.name != null && lib.pathExists local) { inherit local; }; } diff --git a/config/basic/system.nix b/config/basic/system.nix index 7276665..25cb067 100644 --- a/config/basic/system.nix +++ b/config/basic/system.nix @@ -72,10 +72,4 @@ environment.ldso32 = null; powerManagement.cpuFreqGovernor = lib.mkDefault "powersave"; - - secrets.secretFiles = - let - local = config.node.secretsDir + "/secrets.nix.age"; - in - lib.optionalAttrs (config.node.name != null && lib.pathExists local) { inherit local; }; }