From 07d91c84a3ace1902d4fcbdab73e1277e374f7cd Mon Sep 17 00:00:00 2001
From: Michael Walker <mike@barrucadu.co.uk>
Date: Tue, 10 Dec 2024 22:15:02 +0000
Subject: [PATCH] [yuggoth] Fix /persist not being available for sops

Also update the documentation so I don't forget this the next time.
---
 docs/src/runbooks/set-up-a-new-host.md | 17 ++++++++++++++---
 hosts/yuggoth/hardware.nix             |  1 +
 2 files changed, 15 insertions(+), 3 deletions(-)

diff --git a/docs/src/runbooks/set-up-a-new-host.md b/docs/src/runbooks/set-up-a-new-host.md
index ba5fab28..c268198e 100644
--- a/docs/src/runbooks/set-up-a-new-host.md
+++ b/docs/src/runbooks/set-up-a-new-host.md
@@ -56,9 +56,9 @@ nix run .#secrets
 Copy the host SSH keys to `/etc/persist`:
 
 ```bash
-mkdir /persist/etc/ssh
-cp /etc/ssh/ssh_host_rsa_key /persist/etc/ssh/ssh_host_rsa_key
-cp /etc/ssh/ssh_host_ed25519_key /persist/etc/ssh/ssh_host_ed25519_key
+sudo mkdir /persist/etc/ssh
+sudo cp /etc/ssh/ssh_host_rsa_key /persist/etc/ssh/ssh_host_rsa_key
+sudo cp /etc/ssh/ssh_host_ed25519_key /persist/etc/ssh/ssh_host_ed25519_key
 ```
 
 Enable `nixfiles.eraseYourDarlings`:
@@ -69,6 +69,17 @@ nixfiles.eraseYourDarlings.barrucaduPasswordFile = config.sops.secrets."users/ba
 sops.secrets."users/barrucadu".neededForUsers = true;
 ```
 
+Make the `/persist` volume available in early boot:
+
+```nix
+fileSystems."/persist" =
+  {
+    device = "local/persistent/persist";
+    fsType = "zfs";
+    neededForBoot = true;
+  };
+```
+
 Then:
 
 1. Rebuild the system: `sudo nixos-rebuild boot --flake /persist/etc/nixos`
diff --git a/hosts/yuggoth/hardware.nix b/hosts/yuggoth/hardware.nix
index c11f0124..cb0f20be 100644
--- a/hosts/yuggoth/hardware.nix
+++ b/hosts/yuggoth/hardware.nix
@@ -35,6 +35,7 @@
     {
       device = "local/persistent/persist";
       fsType = "zfs";
+      neededForBoot = true;
     };
 
   fileSystems."/var/log" =