chore: update persist immich containers, add nix-ld on kroma, disable

STT until jaxlib is fixed

hosts/kroma/default.nix

@@ -105,5 +105,6 @@
     }
   ];
 
+  programs.nix-ld.enable = true;
   topology.self.icon = "devices.desktop";
 }

hosts/sire/guests/immich.nix

@@ -149,6 +149,13 @@ in {
   # Forwarding required to masquerade podman network
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
 
+  environment.persistence."/state".directories = [
+    {
+      directory = "/var/lib/containers";
+      mode = "0755";
+    }
+  ];
+
   # Mirror the original oauth2 secret
   age.secrets.immich-oauth2-client-secret = {
     inherit (nodes.ward-kanidm.config.age.secrets.kanidm-oauth2-immich) rekeyFile;

hosts/ward/net.nix

@@ -112,7 +112,6 @@
       };
       dhcpPrefixDelegationConfig.UplinkInterface = "wan";
       dhcpPrefixDelegationConfig.Token = "::ff";
-      ipv6SendRAConfig.Managed = true;
       # Announce a static prefix
       ipv6Prefixes = [
         {Prefix = globals.net.home-lan.cidrv6;}
@@ -122,10 +121,12 @@
         SubnetId = "22";
       };
       # Provide a DNS resolver
-      ipv6SendRAConfig = {
-        EmitDNS = true;
-        DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6;
-      };
+      # ipv6SendRAConfig = {
+      #   Managed = true;
+      #   EmitDNS = true;
+      # FIXME: this is not the true ipv6 of adguardhome   DNS = globals.net.home-lan.hosts.ward-adguardhome.ipv6;
+      # FIXME: todo assign static additional to reservation in kea
+      # };
       linkConfig.RequiredForOnline = "routable";
     };
     # Remaining macvtap interfaces should not be touched.