Migrate VM dotfiles to chezmoiHEADmaster

Move VM dotfile deployment out of Home Manager and into chezmoi with a machineRole guard.

Add VM recipes for applying chezmoi state and restarting the Nix GnuPG agent.

Make host-only hooks no-op on the VM and render container storage per role.

1 files changed, 32 insertions, 0 deletions

diff --git a/dot_config/containers/storage.conf.tmpl b/dot_config/containers/storage.conf.tmpl
new file mode 100644
index 0000000..62dd35c
--- /dev/null
+++ b/dot_config/containers/storage.conf.tmpl
@@ -0,0 +1,32 @@
+{{- $machineRole := default "host" (index . "machineRole") -}}
+{{- if eq $machineRole "vm" -}}
+# Rootless podman storage configuration.
+#
+# The VM uses ext4, so use the kernel overlay driver. runroot/graphroot default
+# to $XDG_RUNTIME_DIR/containers and $XDG_DATA_HOME/containers/storage.
+
+[storage]
+driver = "overlay"
+
+[storage.options.overlay]
+# Kernel >=5.13 supports rootless overlay natively on the VM, so leave
+# mount_program unset and avoid fuse-overlayfs.
+{{- else -}}
+# Rootless podman storage configuration.
+#
+# Uses the native kernel btrfs graph driver — much faster than fuse-overlayfs
+# (especially `podman commit`) because layers are real btrfs subvolumes with
+# CoW snapshots, no FUSE userspace round-trip.
+#
+# Switching driver requires a one-time `podman system reset --force`; the
+# overlay/fuse-overlay on-disk layout is incompatible. See the migration
+# helper at the dotfiles repo root (migrate-podman-to-btrfs.sh).
+#
+# graphroot/runroot left at defaults:
+#   graphroot = $XDG_DATA_HOME/containers/storage
+#   runroot   = $XDG_RUNTIME_DIR/containers
+# both are on btrfs in this setup (root fs is btrfs).
+
+[storage]
+driver = "btrfs"
+{{- end }}