From 43ce00703399eea337bceae14fcb2b9586868cb2 Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Sat, 5 Jul 2025 00:01:28 -0500
Subject: [PATCH] moved impermanence config for var lib private into
 impermanence module

---
 modules/nixos-modules/impermanence.nix | 12 ++++++++++++
 modules/nixos-modules/ollama.nix       |  4 ----
 2 files changed, 12 insertions(+), 4 deletions(-)

diff --git a/modules/nixos-modules/impermanence.nix b/modules/nixos-modules/impermanence.nix
index 2f38cd3..7735e97 100644
--- a/modules/nixos-modules/impermanence.nix
+++ b/modules/nixos-modules/impermanence.nix
@@ -25,6 +25,18 @@
           }
         ];
 
+        # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254
+        system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"];
+        system.activationScripts = {
+          "var-lib-private-permissions" = {
+            deps = ["specialfs"];
+            text = ''
+              mkdir -p /persist/system/root/var/lib/private
+              chmod 0700 /persist/system/root/var/lib/private
+            '';
+          };
+        };
+
         programs.fuse.userAllowOther = true;
 
         boot.initrd.postResumeCommands = lib.mkAfter ''
diff --git a/modules/nixos-modules/ollama.nix b/modules/nixos-modules/ollama.nix
index a29a9aa..99819bf 100644
--- a/modules/nixos-modules/ollama.nix
+++ b/modules/nixos-modules/ollama.nix
@@ -28,10 +28,6 @@
         };
       }))
       (lib.mkIf config.host.impermanence.enable {
-        # TODO: move this somewhere common
-        systemd.tmpfiles.rules = [
-          "d /var/lib/private 0700 root root"
-        ];
         environment.persistence."/persist/system/root" = {
           enable = true;
           hideMounts = true;