profiles/impermanence.nix


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29

{inputs, ...}: {
  config,
  lib,
  options,
  ...
}: let
  sshHostKeys = builtins.catAttrs "path" config.services.openssh.hostKeys;
in {
  imports = [inputs.impermanence.nixosModules.impermanence];

  config = lib.mkMerge [
    {
      environment.persistence."/nix/persistent" = {
        hideMounts = true;
        directories = [
          "/var/log"
          "/var/lib/systemd/coredump"
          "/tmp" # Make builds not crash by running them on disk instead of RAM (We still clean /tmp on boot)
        ];
        files =
          [
            "/etc/machine-id"
          ]
          ++ sshHostKeys;
      };
    }
    (lib.optionalAttrs (options ? age) {age.identityPaths = map (x: "/nix/persistent" + x) sshHostKeys;})
  ];
}