impermanence

2025-10-21 15:18:29 +03:00 · 2025-10-21 15:18:29 +03:00 · 5fb91cde2f
commit 5fb91cde2f
parent 06ca85ed52
4 changed files with 44 additions and 23 deletions
--- a/hosts/nixos/apollo/configuration.nix
+++ b/hosts/nixos/apollo/configuration.nix
@ -7,7 +7,6 @@
  imports = [
    ./hardware-configuration.nix
    ../../../modules/nixos
-    inputs.impermanence.nixosModules.impermanence
  ];

  osbmModules = {
--- a/modules/nixos/system/default.nix
+++ b/modules/nixos/system/default.nix
@ -8,6 +8,7 @@
    ./virtualization.nix
    ./emulation.nix
    ./i18n.nix
+    ./impermanence.nix
    ./fonts.nix
    ./nix-index.nix
  ];
--- a/modules/nixos/system/home-manager.nix
+++ b/modules/nixos/system/home-manager.nix
@ -38,28 +38,6 @@
            ++ lib.optionals systemConfig.osbmModules.hardware.disko.zfs.root.impermanenceRoot [
              # Import impermanence home-manager module when impermanence is enabled
              inputs.impermanence.homeManagerModules.impermanence
-              # Configure persistence
-              {
-                home.persistence."/persist/home/${username}" = {
-                  directories = [
-                    "Pictures"
-                    "Documents"
-                    "Videos"
-                    ".gnupg"
-                    ".ssh"
-                    ".local/share/keyrings"
-                    ".local/share/direnv"
-                    # {
-                    #   directory = ".local/share/Steam";
-                    #   method = "symlink";
-                    # }
-                  ];
-                  files = [
-                    ".screenrc"
-                  ];
-                  allowOther = true;
-                };
-              }
            ];
          });
      };
--- a/modules/nixos/system/impermanence.nix
+++ b/modules/nixos/system/impermanence.nix
@ -0,0 +1,43 @@
+# impermanence 
+{lib, inputs, config, ...}:
+let
+  # Filter out 'root' from the users list since it's a special system user
+  regularUsers = builtins.filter (u: u != "root") config.osbmModules.users;
+  
+  # Generate user persistence configuration
+  userPersistence = lib.genAttrs regularUsers (username: {
+    directories = [
+      "Documents"
+      { directory = ".gnupg"; mode = "0700"; }
+      { directory = ".ssh"; mode = "0700"; }
+      ".local/share/direnv"
+    ];
+    # files = [
+    #   ".screenrc"
+    # ];
+  });
+in
+{
+  imports = [
+    inputs.impermanence.nixosModules.impermanence
+  ];
+
+  config = lib.mkMerge [
+    # Enable impermanence root if configured
+    (lib.mkIf (config.osbmModules.hardware.disko.zfs.root.impermanenceRoot) {
+      environment.persistence."/persist" = {
+        hideMounts = true;
+        directories = [
+          "/var/log"
+          "/var/lib/nixos"
+          "/var/lib/systemd/coredump"
+          "/etc/NetworkManager/system-connections"
+        ];
+        files = [
+          "/etc/machine-id"
+        ];
+        users = userPersistence;
+      };
+    })
+  ];
+}