Kabbone/nixos-config
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add persistence to gid/uid services of microvm and set vsock.cid

Browse Source
This commit is contained in:
Kabbone
2026-04-25 17:38:42 +02:00
parent f7035e0daf
commit f50a5caee5
11 changed files with 322 additions and 318 deletions
Download Patch File Download Diff File Expand all files Collapse all files

55
hosts/default.nix
View File

@@ -16,7 +16,9 @@
{ lib, inputs, nixpkgs, nixpkgs-unstable, nixos-hardware, home-manager, home-manager-unstable, agenix, jovian-nixos, microvm, impermanence, lanzaboote, ... }:
let
user = "kabbone";
# Default user — desktop hosts share this; server hosts may override per-host
# by passing a different `user` value in their own specialArgs block.
defaultUser = "kabbone";
location = builtins.getEnv "HOME" + "/.setup";
system = "x86_64-linux";
@@ -42,8 +44,9 @@ let
# Helper: returns [hm-module, config-attrset] for the modules list.
# hm - the home-manager flake input to use (stable or unstable)
# user - the username whose home-manager config to build
# hmImports - list of home.nix paths for this host
mkHM = hm: hmImports: [
mkHM = hm: user: hmImports: [
hm.nixosModules.home-manager
{
home-manager.useGlobalPkgs = true;
@@ -57,7 +60,7 @@ in
{
hades = lib.nixosSystem { # Desktop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix microvm nixpkgs lanzaboote; };
specialArgs = { inherit inputs location nixos-hardware agenix microvm nixpkgs lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
@@ -68,12 +71,12 @@ in
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-gpu-amd
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home.nix ./desktop/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home.nix ./desktop/home.nix ]);
};
lifebook = lib.nixosSystem { # Laptop profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix lanzaboote; };
specialArgs = { inherit inputs location nixos-hardware agenix lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
lanzaboote.nixosModules.lanzaboote
@@ -81,93 +84,93 @@ in
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home.nix ./lifebook/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home.nix ./lifebook/home.nix ]);
};
steamdeck = nixpkgs-unstable.lib.nixosSystem { # steamdeck profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix jovian-nixos lanzaboote; };
specialArgs = { inherit inputs location nixos-hardware agenix jovian-nixos lanzaboote; user = defaultUser; };
modules = [
agenix.nixosModules.default
jovian-nixos.nixosModules.default
lanzaboote.nixosModules.lanzaboote
./steamdeck
./configuration_common.nix
] ++ (mkHM home-manager-unstable [ ./home.nix ./steamdeck/home.nix ]);
] ++ (mkHM home-manager-unstable defaultUser [ ./home.nix ./steamdeck/home.nix ]);
};
kabtop = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix impermanence; };
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtop
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-amd
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./kabtop/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtop/home.nix ]);
};
nasbak = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
modules = [
agenix.nixosModules.default
./nasbackup
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./nasbackup/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./nasbackup/home.nix ]);
};
jupiter = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix; };
specialArgs = { inherit inputs location nixos-hardware agenix; user = defaultUser; };
modules = [
agenix.nixosModules.default
./jupiter
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./jupiter/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./jupiter/home.nix ]);
};
kabtopci = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix impermanence; };
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kabtopci
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./kabtopci/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kabtopci/home.nix ]);
};
kubemaster-1 = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix impermanence; };
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./kubemaster-1
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-cpu-intel
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./kubemaster-1/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./kubemaster-1/home.nix ]);
};
dmz = lib.nixosSystem { # Server profile
inherit system;
specialArgs = { inherit inputs user location nixos-hardware agenix impermanence; };
specialArgs = { inherit inputs location nixos-hardware agenix impermanence; user = defaultUser; };
modules = [
agenix.nixosModules.default
microvm.nixosModules.host
./dmz
./configuration_server.nix
./configuration_common.nix
nixos-hardware.nixosModules.common-pc-ssd
] ++ (mkHM home-manager [ ./home_server.nix ./dmz/home.nix ]);
] ++ (mkHM home-manager defaultUser [ ./home_server.nix ./dmz/home.nix ]);
};
# vm = lib.nixosSystem { # VM profile

53
hosts/dmz/default.nix
View File

@@ -1,59 +1,40 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# DMZ — demilitarised zone server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/dmz); # Server Services
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/dmz);
boot = { # Boot options
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
timeout = 1; # Grub auto select time
};
};
programs = {
zsh.enable = true;
};
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
avahi = {
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
}

63
hosts/jupiter/default.nix
View File

@@ -1,43 +1,19 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# Jupiter — NAS server configuration
#
{ config, pkgs, inputs, user, ... }:
{
imports = # For now, if applying to other ssystem, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#(import ../../modules/wm/virtualisation) ++ # Docker
(import ../../modules/services/nas) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/nas);
boot = { # Boot options
kernelPackages = pkgs.linuxPackages_latest;
# ── Server module options ───────────────────────────────────────────────
# No virtualisation on the NAS
loader = { # EFI Boot
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
};
};
# ── Host-specific settings ──────────────────────────────────────────────
# Example: host-specific overlay — only jupiter gets these packages in its pkgs.
# nixpkgs.overlays = [
@@ -46,15 +22,18 @@
# firefox = inputs.nixpkgs-unstable.legacyPackages.${prev.system}.firefox;
# })
# ];
#
# environment = {
# systemPackages = with pkgs; [
# corosync-qdevice
# ];
# };
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = {
systemd-boot.enable = true;
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = {
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = false;
@@ -65,16 +44,14 @@
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
avahi = {
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
}

88
hosts/kabtop/default.nix
View File

@@ -1,45 +1,33 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# Kabtop — server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # kvm module options
(import ../../modules/services/server); # Server Services
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/server);
boot = { # Boot options
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
myServer.fail2ban.enable = true;
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
grub = {
enable = true;
device = "/dev/sda";
};
timeout = 1; # Grub auto select time
timeout = 1;
};
};
environment = {
etc = {
environment.etc = {
"fail2ban/filter.d/open-webui.conf" = {
source = ../../modules/services/server/fail2ban/filter/open-webui.conf;
mode = "0444";
@@ -53,10 +41,8 @@
mode = "0444";
};
};
};
programs = {
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = true;
@@ -65,47 +51,5 @@
};
};
services = {
#auto-cpufreq.enable = true;
qemuGuest.enable = true;
#avahi = { # Needed to find wireless printer
# enable = true;
# nssmdns = true;
# publish = { # Needed for detecting the scanner
# enable = true;
# addresses = true;
# userServices = true;
# };
#};
fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings = {
findtime = "15m";
};
jails = {
open-webui = ''
enabled = true
filter = open-webui
backend = systemd
action = iptables-allports
'';
gitea = ''
enabled = true
filter = gitea
backend = systemd
action = iptables-allports
'';
nextcloud = ''
backend = auto
enabled = true
filter = nextcloud
logpath = /var/lib/nextcloud/data/nextcloud.log
action = iptables-allports
'';
};
};
};
services.qemuGuest.enable = true;
}

43
hosts/kabtopci/default.nix
View File

@@ -1,45 +1,28 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# Kabtopci — CI server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-amd.nix)] ++ # Docker
(import ../../modules/services/kabtopci); # Server Services
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/kabtopci);
boot = { # Boot options
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "amd";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
grub = {
enable = true;
device = "/dev/vda";
};
timeout = 1; # Grub auto select time
timeout = 1;
};
};
programs = {
zsh.enable = true;
};
}

55
hosts/kubemaster-1/default.nix
View File

@@ -1,58 +1,37 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# Kubemaster-1 — Kubernetes master server configuration
#
{ config, pkgs, user, agenix, impermanence, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
[(import ../../modules/wm/virtualisation/kvm-intel.nix)] ++ # Docker
(import ../../modules/services/kubemaster); # Server Services
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/kubemaster);
boot = { # Boot options
# ── Server module options ───────────────────────────────────────────────
myServer.virtualisation.enable = true;
myServer.virtualisation.cpu = "intel";
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = {
zsh.enable = true;
};
services = {
avahi = { # Needed to find wireless printer
services.avahi = {
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
}

50
hosts/nasbackup/default.nix
View File

@@ -1,46 +1,30 @@
#
# Specific system configuration settings for desktop
#
# flake.nix
# ├─ ./hosts
# │ └─ ./laptop
# │ ├─ default.nix *
# │ └─ hardware-configuration.nix
# └─ ./modules
# ├─ ./desktop
# │ └─ ./hyprland
# │ └─ hyprland.nix
# ├─ ./modules
# │ └─ ./programs
# │ └─ waybar.nix
# └─ ./hardware
# └─ default.nix
# Nasbak — NAS backup server configuration
#
{ config, pkgs, user, ... }:
{
imports = # For now, if applying to other system, swap files
[(import ./hardware-configuration.nix)] ++ # Current system hardware config @ /etc/nixos/hardware-configuration.nix
#[(import ../../modules/wm/virtualisation/docker.nix)] ++ # Docker
(import ../../modules/services/nasbackup) ++ # Server Services
(import ../../modules/hardware); # Hardware devices
imports = [
./hardware-configuration.nix
../../modules/server
] ++ (import ../../modules/services/nasbackup);
boot = { # Boot options
# ── Server module options ───────────────────────────────────────────────
# No virtualisation on the backup NAS
# ── Host-specific settings ──────────────────────────────────────────────
boot = {
kernelPackages = pkgs.linuxPackages_latest;
loader = { # EFI Boot
loader = {
systemd-boot.enable = true;
efi = {
canTouchEfiVariables = true;
efiSysMountPoint = "/boot";
};
timeout = 1; # Grub auto select time
efi.canTouchEfiVariables = true;
efi.efiSysMountPoint = "/boot";
timeout = 1;
};
};
programs = {
zsh.enable = true;
ssh.startAgent = false;
gnupg.agent = {
enable = false;
@@ -51,16 +35,14 @@
services = {
qemuGuest.enable = true;
avahi = { # Needed to find wireless printer
avahi = {
enable = true;
nssmdns4 = true;
publish = { # Needed for detecting the scanner
publish = {
enable = true;
addresses = true;
userServices = true;
};
};
};
}

151
modules/server/default.nix Normal file
View File

@@ -0,0 +1,151 @@
#
# Server module — import this instead of configuration_server.nix + manual virtualisation imports.
#
# Usage in hosts/<hostname>/default.nix:
#
# imports = [
# ./hardware-configuration.nix
# ../../modules/server
# ];
#
# myServer.virtualisation.enable = true;
# myServer.virtualisation.cpu = "amd"; # amd | intel | none (default)
#
# myServer.sshPort = 2220; # default
# myServer.fail2ban.enable = true;
#
# myServer.extraSystemPackages = with pkgs; [ some-tool ];
#
{ config, lib, pkgs, user, ... }:
let
cfg = config.myServer;
in
{
# ── Options ──────────────────────────────────────────────────────────────
options.myServer = with lib; {
uid = mkOption {
type = types.int;
default = 3000;
description = "UID for the server user.";
};
sshPort = mkOption {
type = types.port;
default = 2220;
description = "Port openssh listens on.";
};
sudoRequiresPassword = mkOption {
type = types.bool;
default = true;
description = "Whether wheel users must enter a password for sudo.";
};
autoUpgrade.enable = mkOption {
type = types.bool;
default = true;
description = "Enable automatic NixOS upgrades (inherits flake URL from configuration_common.nix).";
};
virtualisation = {
enable = mkEnableOption "container/VM stack (podman with docker-compat, KVM tuning)";
cpu = mkOption {
type = types.enum [ "amd" "intel" "none" ];
default = "none";
description = "CPU type selects KVM kernel parameters when virtualisation is enabled.";
};
};
extraGroups = mkOption {
type = types.listOf types.str;
default = [];
description = "Additional groups for the server user beyond the defaults.";
};
extraSystemPackages = mkOption {
type = types.listOf types.package;
default = [];
description = "Additional system packages specific to this host.";
};
fail2ban = {
enable = mkEnableOption "fail2ban intrusion prevention";
};
};
# ── Configuration ────────────────────────────────────────────────────────
config = lib.mkMerge [
# ── Base server config ────────────────────────────────────────────────
{
users.users.${user} = {
isNormalUser = true;
uid = cfg.uid;
extraGroups = [ "wheel" "networkmanager" "kvm" "libvirtd" ] ++ cfg.extraGroups;
};
security.sudo.wheelNeedsPassword = cfg.sudoRequiresPassword;
environment.systemPackages = with pkgs; [
ffmpeg
smartmontools
htop
] ++ cfg.extraSystemPackages;
services.openssh = {
ports = [ cfg.sshPort ];
openFirewall = true;
};
nix.extraOptions = ''
keep-outputs = true
keep-derivations = true
'';
system.autoUpgrade.enable = cfg.autoUpgrade.enable;
}
# ── Virtualisation (podman/docker-compat) ─────────────────────────────
(lib.mkIf cfg.virtualisation.enable {
virtualisation.podman = {
enable = true;
autoPrune.enable = true;
dockerCompat = true;
};
users.groups.docker.members = [ user ];
})
# ── KVM AMD ─────────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "amd") {
boot.extraModprobeConfig = ''
options kvm_amd nested=0 avic=1 npt=1
'';
})
# ── KVM Intel ───────────────────────────────────────────────────────
(lib.mkIf (cfg.virtualisation.enable && cfg.virtualisation.cpu == "intel") {
boot.extraModprobeConfig = ''
options kvm_intel nested=1
options kvm_intel emulate_invalid_guest_state=0
options kvm ignore_nsrs=1
'';
})
# ── Fail2ban ──────────────────────────────────────────────────────────
(lib.mkIf cfg.fail2ban.enable {
services.fail2ban = {
enable = true;
maxretry = 5;
jails.DEFAULT.settings.findtime = "15m";
};
})
];
}

2
modules/services/dmz/microvm.nix
View File

@@ -84,6 +84,7 @@ in
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/private"
];
@@ -95,6 +96,7 @@ in
microvm = {
hypervisor = "cloud-hypervisor";
vsock.cid = 3;
vcpu = 4;
mem = 4096;
interfaces = [

1
modules/services/kabtopci/microvm.nix
View File

@@ -84,6 +84,7 @@ in
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/private"
];

1
modules/services/server/microvm.nix
View File

@@ -84,6 +84,7 @@ in
persistence."/persist" = {
directories = [
"/var/log"
"/var/lib/nixos"
"/var/lib/private"
];