diff --git a/bbb b/bbb
deleted file mode 120000
index 7c4a013e..00000000
--- a/bbb
+++ /dev/null
@@ -1 +0,0 @@
-aaa
\ No newline at end of file
diff --git a/modules/system/fileSystems/cluster.nix b/modules/system/fileSystems/cluster.nix
index 379bd405..d27d6d4a 100644
--- a/modules/system/fileSystems/cluster.nix
+++ b/modules/system/fileSystems/cluster.nix
@@ -3,8 +3,8 @@ inputs:
   config = inputs.lib.mkMerge
   [
     # for cluster master, export NFS
-    (inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "master")
-      { nixos.services.nfs = { root = "/"; exports = [ "/nix/persistent/home" ]; accessLimit = "192.168.178.0/24"; }; })
+    (inputs.lib.mkIf true
+      { nixos.services.nfs = { root = "/"; exports = [ "/nix/persistent/home" ]; accessLimit = "127.0.0.0/8"; }; })
     # for cluster worker, mount nfs, disable some home manager files
     (inputs.lib.mkIf (inputs.config.nixos.model.cluster.nodeType or null == "worker")
     {
diff --git a/modules/system/fileSystems/impermanence.nix b/modules/system/fileSystems/impermanence.nix
index 77cd1af2..cf123578 100644
--- a/modules/system/fileSystems/impermanence.nix
+++ b/modules/system/fileSystems/impermanence.nix
@@ -20,7 +20,12 @@ inputs:
       "/nix/rootfs/current" =
       {
         hideMounts = true;
-        directories = [ { directory = "/var/lib/docker"; mode = "0710"; } "/var/lib/flatpak" ]
+        directories =
+        [
+          # dummy option to make /nix/rootfs/current/home with correct permission
+          "/home"
+          { directory = "/var/lib/docker"; mode = "0710"; } "/var/lib/flatpak"
+        ]
           ++ builtins.map (f: "/var/lib/systemd/${f}") [ "linger" "coredump" "backlight" ];
       };
       "/nix/nodatacow" =