{ config, lib, pkgs, ... }: with lib; let cfg = config.my.profiles.impermanence; in { options.my.profiles.impermanence.enable = mkEnableOption "impermanence"; config = mkIf cfg.enable { age.secrets = { root-password.file = ../../secrets/root-password.age; moritz-password.file = ../../secrets/moritz-password.age; }; users.users = { root.hashedPasswordFile = config.age.secrets.root-password.path; moritz.hashedPasswordFile = config.age.secrets.moritz-password.path; }; users.mutableUsers = false; environment.persistence."/persist" = { enable = cfg.enable; hideMounts = true; directories = [ "/etc/NetworkManager/system-connections" "/var/db/dhcpcd/" "/var/lib/NetworkManager/" "/var/lib/bluetooth" "/var/lib/nixos" "/var/lib/systemd" "/var/log" ]; files = [ "/etc/machine-id" "/etc/nix/id_rsa" "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" "/etc/ssh/ssh_host_rsa_key" "/etc/ssh/ssh_host_rsa_key.pub" ]; users.moritz = { directories = [ ".cache/keepassxc" ".cat_installer" # eduroam ".config/Nextcloud" ".config/Signal/" ".config/calibre" ".config/keepassxc" ".local/share/Steam/" ".local/share/zoxide" ".mozilla" "Documents" "Downloads" "Music" "Pictures" "Videos" { directory = ".gnupg"; mode = "0700"; } { directory = ".local/share/keyrings"; mode = "0700"; } { directory = ".ssh"; mode = "0700"; } ]; files = [ ".local/share/fish/fish_history" ".local/share/nix/trusted-settings.json" ".parallel/will-cite" ".local/state/tofi-history" ]; }; users.root = { home = "/root"; directories = [ { directory = ".gnupg"; mode = "0700"; } { directory = ".ssh"; mode = "0700"; } ]; files = [ ".local/share/nix/trusted-settings.json" ]; }; }; environment.systemPackages = [ ( pkgs.writeShellApplication { name = "zfs-diff"; runtimeInputs = with pkgs; [ zfs coreutils parallel tree ]; text = '' zfs diff -F zroot/encrypted/root@blank | awk '$2 == "F" && system("test -e /persist/"$3) != 0 { print $3 }' 2>/dev/null | tree --fromfile . "$@" ''; } ) ]; }; }