1 files changed, 29 insertions, 18 deletions

diff --git a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
index 4a3e51e..a057aa0 100644
--- a/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
+++ b/sys/boot/stack/luks-ext4-fscrypt-impermanence.nix
@@ -13,6 +13,11 @@ in {
     target = mkOption {
       type = types.str;
     };
+
+    persistInToplevel = mkOption {
+      type = types.bool;
+      default = true;
+    };
   };
 
   # - boot device
@@ -22,8 +27,9 @@ in {
   # - toplevel device
   #   - headerless luks
   #     - /toplevel (ext4)
-  #       - /toplevel/nix
-  #       - /toplevel/persist
+  #       - /toplevel/nix (if !cfg.persistInToplevel)
+  #       - /toplevel/persist (if cfg.persistInToplevel)
+  #         - /toplevel/persist/nix
   #       - /toplevel/boot-archive.pub
   #       - /toplevel/boot-keys
   #         - /toplevel/boot-keys/2000-01-01T00:00:00-06:00.key.age (encrypted for /toplevel/boot-archive.pub)
@@ -72,24 +78,29 @@ in {
       umount /mnt-toplevel
     '';
 
-    fileSystems = {
-      "/" = {
-        device = "none";
-        fsType = "ext4";
-        options = ["remount"];
-      };
-
-      "/nix" = {
-        device = "/persist/nix";
-        options = ["bind"];
-      };
+    fileSystems =
+      {
+        "/" = {
+          device = "none";
+          fsType = "ext4";
+          options = ["remount"];
+        };
 
-      "/persist" = {
-        device = "/toplevel/persist";
-        options = ["bind"];
-        neededForBoot = true;
+        "/nix" = {
+          device =
+            if cfg.persistInToplevel
+            then "/persist/nix"
+            else "/toplevel/nix";
+          options = ["bind"];
+        };
+      }
+      // optionalAttrs cfg.persistInToplevel {
+        "/persist" = {
+          device = "/toplevel/persist";
+          options = ["bind"];
+          neededForBoot = true;
+        };
       };
-    };
 
     local.boot = {
       fscrypt.enable = true;