nixos/services/impermanence.nix

{
  lib,
  config,
  impermanence,
  ...
}:

with lib;
let
  persistUser = user: {
    inherit (user) name;
    value = {
      directories = [
        ".config/home-manager"
        ".local/state"
        {
          directory = ".gnupg";
          mode = "0700";
        }
        {
          directory = ".ssh";
          mode = "0700";
        }
      ];
    };
  };
in
{
  imports = [
    impermanence.nixosModules.impermanence
  ];
}
// mkIf (elem "impermanence" config.machine.services) {
  environment.persistence."/persist" = {
    hideMounts = true;
    directories =
      [
        "/etc/nixos"
        # Stores auto assigned user/group ids
        "/var/lib/nixos"
        "/var/log"
        # User directories
      ]
      ++ optional config.services.ollama.enable "/var/lib/private/ollama"
      ++ optional config.programs.virt-manager.enable "/var/lib/libvirt"
      ++ optional config.networking.networkmanager.enable "/etc/NetworkManager/system-connections"
      ++ optional config.services.radicale.enable config.services.radicale.settings.storage.filesystem_folder
      ++ optionals config.virtualisation.podman.enable [
        "/var/lib/containers/storage"
        "/run/containers/storage"
      ];

    files =
      [
        "/etc/machine-id"
      ]
      # remember last user and user sessions
      ++ optional config.programs.regreet.enable "/var/lib/regreet/state.toml"
      ++ optional config.services.printing.enable "/etc/staticcups/printers.conf"
      ++ optionals config.services.openssh.enable [
        "/etc/ssh/ssh_host_ed25519_key"
        "/etc/ssh/ssh_host_ed25519_key.pub"
        "/etc/ssh/ssh_host_rsa_key"
        "/etc/ssh/ssh_host_rsa_key.pub"
      ];
    users = listToAttrs (map persistUser config.machine.administrators);
  };

  # link current home manager profile if it exists
  # impermanence mounts come after system activation during boot
  # we check the persistent location and link to the expected mount point
  system.activationScripts.profile-init.text = concatStrings (
    map (
      user:
      with user; # bash
      ''
        if [[ -d /persist/home/${name}/.local/state/nix/profiles/profile ]]; then
          ln -sfn /home/${name}/.local/state/nix/profiles/profile /home/${name}/.nix-profile
        fi
      ''
    ) config.machine.administrators
  );
}