enabling system.etc.overlay = true throws away everything in /etc like /etc/ssh/known_hosts and /etc/shadow. Locking you out

[arianvp]

Describe the bug

enabling system.etc.overlay = true throws away everything in /etc like /etc/ssh/known_hosts and /etc/shadow. Locking you out

Steps To Reproduce

Steps to reproduce the behavior:

1. enable openssh
2. enable system.etc.overlay.enable = true
3. Try ssh'ing

get

@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
@    WARNING: REMOTE HOST IDENTIFICATION HAS CHANGED!     @
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
IT IS POSSIBLE THAT SOMEONE IS DOING SOMETHING NASTY!
Someone could be eavesdropping on you right now (man-in-the-middle attack)!
It is also possible that a host key has just been changed.
The fingerprint for the ED25519 key sent by the remote host is
SHA256:GWwZuxyzWHnxc2N93I80rehKbpcYEd3zGn9PUZFwuyA.
Please contact your system administrator.
Add correct host key in /Users/arian/.ssh/known_hosts to get rid of this message.
Offending RSA key in /Users/arian/.ssh/known_hosts:130
Host key for utm.local has changed and you have requested strict checking.
Host key verification failed.

4. ignore the host key verification
5. Notice that my password doesn't work anymore.

Expected behavior

Old content from /etc/ is migrated to /.rw-etc on switch

Screenshots

If applicable, add screenshots to help explain your problem.

Additional context

Add any other context about the problem here.

Notify maintainers

Metadata

Please run nix-shell -p nix-info --run "nix-info -m" and paste the result.

[user@system:~]$ nix-shell -p nix-info --run "nix-info -m"
output here

---

Add a :+1: reaction to issues you find important.

[arianvp]

I guess this is because we don't migrate the old /etc on switch. This is a nasty deficiency. IDK if we can fix it though