From 4da5d65d8f81e4add37ed0ddda014515e324f29f Mon Sep 17 00:00:00 2001
From: Leyla Becker <git@jan-leila.com>
Date: Sat, 8 Nov 2025 21:10:18 -0600
Subject: [PATCH] feat: added activation and resume scripts to storage and
 impermanence

---
 .../nixos-modules/storage/impermanence.nix    | 17 +++++++++--
 modules/nixos-modules/storage/storage.nix     | 29 +++++++++++--------
 2 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/modules/nixos-modules/storage/impermanence.nix b/modules/nixos-modules/storage/impermanence.nix
index 6619bc5..33b4706 100644
--- a/modules/nixos-modules/storage/impermanence.nix
+++ b/modules/nixos-modules/storage/impermanence.nix
@@ -66,6 +66,20 @@ in {
         }
       ];
 
+      # fixes issues with /var/lib/private not having the correct permissions https://github.com/nix-community/impermanence/issues/254
+      system.activationScripts."createPersistentStorageDirs".deps = ["var-lib-private-permissions" "users" "groups"];
+      system.activationScripts = {
+        "var-lib-private-permissions" = {
+          deps = ["specialfs"];
+          text = ''
+            mkdir -p /persist/system/root/var/lib/private
+            chmod 0700 /persist/system/root/var/lib/private
+          '';
+        };
+      };
+
+      programs.fuse.userAllowOther = true;
+
       environment.persistence =
         lib.mapAttrs (datasetName: dataset: {
           enable = true;
@@ -90,9 +104,6 @@ in {
       # TODO: need for boot on filesystems
     }
     (lib.mkIf config.storage.zfs.enable {
-      # TODO: activationScripts config for private folders
-      # TODO: rollback post resume
-      # TODO: fuse userAllowOther
       storage.zfs.datasets =
         lib.mapAttrs (
           datasetName: dataset:
diff --git a/modules/nixos-modules/storage/storage.nix b/modules/nixos-modules/storage/storage.nix
index b6428f6..d6a2a2b 100644
--- a/modules/nixos-modules/storage/storage.nix
+++ b/modules/nixos-modules/storage/storage.nix
@@ -50,6 +50,23 @@
           };
         })
         (lib.mkIf config.storage.impermanence.enable {
+          boot.initrd.postResumeCommands = lib.mkAfter ''
+            zfs rollback -r rpool/local/system/root@blank
+          '';
+
+          storage.zfs.datasets = {
+            "local/system/root" = {
+              type = "zfs_fs";
+              mount = {
+                enable = true;
+                mountPoint = "/";
+              };
+              snapshot = {
+                blankSnapshot = true;
+              };
+            };
+          };
+
           storage.impermanence.datasets = {
             "persist/system/root" = {
               mount = {
@@ -65,18 +82,6 @@
               };
             };
           };
-          storage.zfs.datasets = {
-            "local/system/root" = {
-              type = "zfs_fs";
-              mount = {
-                enable = true;
-                mountPoint = "/";
-              };
-              snapshot = {
-                blankSnapshot = true;
-              };
-            };
-          };
 
           # TODO: home-manager.users.<user>.storage.impermanence.enable
           #   is false then persist the entire directory of the user