Migrate cert-store to disko+impermanence

servers/acme-cert-store.nix

@@ -8,8 +8,8 @@ let
     ${pkgs.sops}/bin/sops -d --extract '["cert-fullchain"]' --output old-fullchain secrets/cert.yaml
     ${pkgs.sops}/bin/sops -d --extract '["cert-key"]' --output old-key secrets/cert.yaml
 
-    cp ${config.users.users."cert-store".home}/acme/-.vsinerva.fi/fullchain.pem ./new-fullchain
-    cp ${config.users.users."cert-store".home}/acme/-.vsinerva.fi/key.pem ./new-key
+    cp ${config.users.users."cert-store".home}/-.vsinerva.fi/fullchain.pem ./new-fullchain
+    cp ${config.users.users."cert-store".home}/-.vsinerva.fi/key.pem ./new-key
 
     if ${pkgs.diffutils}/bin/cmp new-fullchain old-fullchain; then
       echo "Old and new fullchain are the same, skipping!"
@@ -45,6 +45,14 @@ in
     };
   };
 
+  environment.persistence."/persist".directories = [
+    {
+      directory = "/home/cert-store";
+      user = "cert-store";
+      group = "users";
+      mode = "u=rwx,g=,o=";
+    }
+  ];
   users.users."cert-store" = {
     isNormalUser = true;
     openssh.authorizedKeys.keys = config.users.users.root.openssh.authorizedKeys.keys ++ [