nix-config/modules/nixos-modules/impermanence.nix

{
  config,
  lib,
  ...
}: {
  options.host.impermanence.enable = lib.mkEnableOption "are we going to use impermanence on this device";

  config = lib.mkMerge [
    {
      assertions = [
        {
          assertion = !(config.host.impermanence.enable && !config.host.storage.enable);
          message = ''
            Disko storage must be enabled to use impermanence.
          '';
        }
      ];
    }
    (
      lib.mkIf config.host.impermanence.enable {
        assertions = [
          {
            assertion = config.host.impermanence.enable && config.host.storage.enable;
            message = "Impermanence can not be used without managed host storage.";
          }
        ];

        # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254
        system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"];
        system.activationScripts = {
          "var-lib-private-permissions" = {
            deps = ["specialfs"];
            text = ''
              mkdir -p /persist/system/root/var/lib/private
              chmod 0700 /persist/system/root/var/lib/private
            '';
          };
        };

        programs.fuse.userAllowOther = true;

        boot.initrd.postResumeCommands = lib.mkAfter ''
          zfs rollback -r rpool/local/system/root@blank
        '';

        fileSystems = {
          "/".neededForBoot = true;
          "/persist/system/root".neededForBoot = true;
          "/persist/system/var/log".neededForBoot = true;
        };

        host.storage.pool.extraDatasets = {
          # persist datasets are datasets that contain information that we would like to keep around
          "persist" = {
            type = "zfs_fs";
            options.canmount = "off";
            options = {
              "com.sun:auto-snapshot" = "true";
            };
          };
          # this is where root data actually lives
          "persist/system/root" = {
            type = "zfs_fs";
            mountpoint = "/persist/system/root";
          };
          "persist/system/var/log" = {
            type = "zfs_fs";
            mountpoint = "/persist/system/var/log";
            # logs should be append only so we shouldn't need to snapshot them
            options = {
              "com.sun:auto-snapshot" = "false";
            };
          };
        };

        environment.persistence."/persist/system/var/log" = {
          enable = true;
          hideMounts = true;
          directories = [
            "/var/log"
          ];
        };

        environment.persistence."/persist/system/root" = {
          enable = true;
          hideMounts = true;
          directories = [
            "/var/lib/nixos"
            "/var/lib/systemd/coredump"
          ];
          files = [
            "/etc/machine-id"
          ];
        };

        security.sudo.extraConfig = "Defaults lecture=never";
      }
    )
  ];
}