From a78668714550be31663509fbf2373f28e01c48fc Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Wed, 22 Apr 2026 19:53:19 -0300
Subject: [PATCH] pocket-id: add impermanence persistence and fix
 environmentFile format

---
 aspects/hosts/_trantor/pocket-id.nix |  13 +++++++++++++
 secrets/pocket-id.key.age            | Bin 477 -> 602 bytes
 2 files changed, 13 insertions(+)

diff --git a/aspects/hosts/_trantor/pocket-id.nix b/aspects/hosts/_trantor/pocket-id.nix
index 297424f..78f2d75 100644
--- a/aspects/hosts/_trantor/pocket-id.nix
+++ b/aspects/hosts/_trantor/pocket-id.nix
@@ -27,4 +27,17 @@ in
   age.secrets.pocket-id-key = {
     file = "${inputs.self}/secrets/pocket-id.key.age";
   };
+
+  environment.persistence.main.directories = [
+    {
+      directory = config.services.pocket-id.dataDir;
+      inherit (config.services.pocket-id) user group;
+      mode = "0700";
+    }
+  ];
+
+  systemd.services.pocket-id.serviceConfig = {
+    PrivateMounts = lib.mkForce false;
+    ProtectSystem = lib.mkForce false;
+  };
 }
diff --git a/secrets/pocket-id.key.age b/secrets/pocket-id.key.age
index 5d7fabe0f1c22f05b1a08a67c8c9481935bdfd9c..5e17454bcb6a6e62812b67d71128152b68d02948 100644
GIT binary patch
delta 549
zcmcc1e2Zm*PJLlgetwQiZbn3+dwO<Nh<l)0c$R-?QL?LfWks<^ZdF!pPIjb|v45dk
zBv+YPd4X?gKvkw!gr%upSiZK8Yp7YNQBruhxsPv=p|`i0QC@0hWtd}t1(&X!LUD11
zZfc5=si~o*LU4d(nwg`5aj1K_dqJdum%h8FS(uZhd3{i>zEg-(R%()glVM0oQg~Qc
zMQ)^tv5|8&S9!j9US3E^h-XD)NqTTpc7eBHpnkSlc#vgqQBtsBq*rEIdPr74R%uQo
zx^)(j!H${b3eE<le*OkY#(8<+897cR5!x<kj=9c};YlXRuFioLh9xDYE}^MuVX5As
zo?N~~#g@+Ip{9BH2Ib+EX2t2g#mTOwP7#SF9(l$A;oA8=nci7m85a4*t`k3s*9Vuo
z8JZ_mnD~Wd`MQ*wm6w%=7bOOl<QjP7<~SM`2YZw|7loNQ`)G%laHU3=qy<!!1m~KE
z`X*)O`(%a~M;N-f=lbVY`ez&G<+_$fSthxa2WF&NaOvvmDpY2NWE+JzrKN^un<iEj
zRTifi8kHEi1%*VJS$JE7<Qu!VrAFn48J6XQL~?CXxA=5XUZucWr+&+CJ^fW(T%LFC
zshZuJ(eOTw=d;Z1`8(8-E7jUNW<}h&pzoL9bC2!ts@*=fPZXFx2ny;b*xi!ma&=Pv
bFX?|5Wy~iE7+(<!yP-OrQS#40#-4Wok<`Jd

delta 404
zcmcb`a+i66PIy&hZgEM9S6E<}Z-zl)MwYj6l1X`SS(;C-M^1Q=uZ53eab$92rh9Hh
zAeWh$enwu1xnp>`erSfaNkK(gRB>fcu1i^(W28l1k$F^#pTDbNRjN;A=){lW;faaq
zA(i3!Df-18iJqllNseWSDTPK==Ds;80ooO2NycGjnIY*OK?a7&TtyyU7T%^_u0_Q@
zDN(s)Miyli<>3}yVXp3F=3y>rE;%LTZU$+t6`sM4lj9l1>$5xqjP(Pw6N5a>9Q}N~
z!V*IwoWe@n{euh*{VdZ{z4LNQ{1Q_P%9GuTxtuK1l0B2d4J%SD+><Q*JPZnQoc;aX
z%bZQ!DpH*EbBb~@(*up1GYTWJxpZ}P6>>v@lif{=15)+1bBfFY5>vd5v(k+NbF)m6
zy(|rlTzwtW!kp4A&4W{Ni@Chg*dE_lsC)0x^Ih?chRnx$KX7M!eSAJsu_;(GQH=e=
z{`Q6I^qm}Yf9Kskx5?v%#MZYb8MuwAHt=ywE4MQ3a{cq?-oLD4(+W(^ywb@60EoAf
A8~^|S