{ config, lib, pkgs, modules, ... }: with lib; { imports = [ modules.bindMounts ]; users.mutableUsers = false; boot.initrd = mkIf (config.fileSystems."/".fsType or "notzfs" == "zfs") { network.ssh.hostKeys = mkIf config.hacc.encboot.enable (mkForce [ /persist/ssh/encboot_host ]); postDeviceCommands = mkIf (!config.boot.initrd.systemd.enable) (mkAfter '' zfs rollback -r ${config.fileSystems."/".device}@blank ''); systemd = mkIf config.boot.initrd.systemd.enable { storePaths = [ pkgs.zfs ]; services.rollback = { description = "Rollback ZFS datasets to a pristine state"; wantedBy = [ "initrd.target" ]; after = [ "zfs-import-${head (splitString "/" config.fileSystems."/".device)}.service" ]; before = [ "sysroot.mount" ]; path = [ pkgs.zfs ]; unitConfig.DefaultDependencies = "no"; serviceConfig.Type = "oneshot"; script = '' zfs rollback -r ${config.fileSystems."/".device}@blank && echo "rollback complete" ''; }; }; }; services.openssh = { hostKeys = [ { path = "/persist/ssh/ssh_host_ed25519_key"; type = "ed25519"; } { path = "/persist/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; } ]; }; services.postgresql.dataDir = "/persist/postgresql/${config.services.postgresql.package.psqlSchema}"; }