nix-configs/modules/system/impermanence.nix

{
  pkgs,
  lib,
  config,
  inputs,
  ...
}:
let
  cfg = config.xyno.impermanence;
  genImpermanenceCfg = cfg: {

    hideMounts = true;
    directories = [
      "/var/log"
      "/var/lib/systemd/coredump"

    ]
    ++ cfg.extraDirectories;
    files = [
      "/etc/machine-id"

    ]
    ++ cfg.extraFiles;
    users.${config.xyno.system.user.name} = {
      directories = [
        "Downloads"
        "Music"
        "Pictures"
        "Documents"
        "Videos"
        "docs"
        "proj"
        "git"
        {
          directory = ".gnupg";
          mode = "0700";
        }
        {
          directory = ".ssh";
          mode = "0700";
        }
        {
          directory = ".local/share/keyrings";
          mode = "0700";
        }
        ".local/share/direnv"
      ]
      ++ cfg.user.extraDirectories;
      files = cfg.user.extraFiles;
    };
  };

in
{
  options.xyno.impermanence = {
    enable = lib.mkEnableOption "erase all your darlings (they hate you anyways)";
    extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
    extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
    user = {
      extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
      extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
    };
    # have a seperate impermanence tree for "cache" files that can just be deleted if wanted
    cache = {
      extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
      extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
      user = {
        extraFiles = lib.mkOption { type = lib.types.listOf lib.types.str; };
        extraDirectories = lib.mkOption { type = lib.types.listOf lib.types.str; };
      };

    };
  };
  config = lib.mkIf cfg.enable {
    imports = [
      inputs.impermanence.nixosModules.impermanence
    ];
    xyno.impermanence.cache.extraDirectories = [ "/var/cache" ];
    xyno.impermanence.cache.user.extraDirectories = [ ".cache" ];
    environment.persistence."/persistent" = genImpermanenceCfg cfg;
    environment.persistence."/persistent/cache" = genImpermanenceCfg cfg.cache;
    system.activationScripts."createPersistentStorageDirs".deps = [
      "var-lib-private-permissions"
      "users"
      "groups"
    ];
    # https://github.com/nix-community/impermanence/issues/254#issuecomment-2683859091
    system.activationScripts = {
      "var-lib-private-permissions" = {
        deps = [ "specialfs" ];
        text = ''
          mkdir -p /persistent/var/lib/private
          chmod 0700 /persistent/var/lib/private
        '';
      };
    };
  };
}