Add custom impermanence module

Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>

hosts/common/system/configs/impermanence/default.nix

@@ -1,6 +1,6 @@
-{ inputs, pkgs, ... }:
+{ config, pkgs, ... }:
 {
-  imports = [ inputs.impermanence.nixosModules.impermanence ];
+  imports = [ ./options.nix ];
 
   boot.initrd.systemd =
     let
@@ -12,35 +12,35 @@
       ];
     in
     {
+      enable = true;
       initrdBin = bins;
-
       services.impermanence = {
         description = "Rollback BTRFS subvolumes to a pristine state";
-
-        serviceConfig.Type = "oneshot";
         wantedBy = [ "initrd.target" ];
         before = [ "sysroot.mount" ];
         after = [ "cryptsetup.target" ];
         unitConfig.DefaultDependencies = "no";
-
+        serviceConfig.Type = "oneshot";
         path = bins;
-        script = builtins.readFile ./impermanence.sh;
+        script = builtins.readFile ./scripts/wipe.sh;
       };
     };
 
-  fileSystems = {
-    "/persist".neededForBoot = true;
-    "/cache".neededForBoot = true;
-  };
+  # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
+  # https://github.com/NixOS/nixpkgs/pull/286140/files
+  # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
+  sops.secrets."machineId".mode = "0444";
 
-  environment.persistence."/persist" = {
-    hideMounts = true;
-    directories = [
-      "/etc/nixos"
-      "/var/lib/nixos"
-      "/var/lib/systemd/coredump"
-      "/var/log"
-    ];
-    files = [ "/etc/machine-id" ];
+  environment = {
+    etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
+      ln -s ${config.sops.secrets."machineId".path} $out
+    '';
+
+    persistence."/persist" = {
+      "/etc/nixos" = { };
+      "/var/lib/nixos" = { };
+      "/var/lib/systemd" = { };
+      "/var/log" = { };
+    };
   };
 }