nix/hosts/common/configs/system/impermanence/default.nix

{
  config,
  lib,
  pkgs,
  ...
}:
{
  imports = [ ./options.nix ];

  # uuidgen -r | tr -d -
  # https://github.com/NixOS/nixpkgs/blob/master/nixos/doc/manual/administration/systemd-state.section.md
  # https://github.com/NixOS/nixpkgs/pull/286140/files
  # https://git.eisfunke.com/config/nixos/-/blob/e65e1dc21d06d07b454005762b177ef151f8bfb6/nixos/machine-id.nix
  sops.secrets."machineId".mode = "0444";

  fileSystems."/persist".neededForBoot = true;

  environment = {
    impermanence.enable = true;

    etc."machine-id".source = pkgs.runCommandLocal "machine-id-link" { } ''
      ln -s ${config.sops.secrets."machineId".path} $out
    '';

    persistence = {
      "/persist/user"."/etc/nixos" = { };
      "/persist/state" = {
        "/var/lib/nixos" = { };
        "/var/lib/systemd" = { };
        "/var/log" = { };
      };
    };
  };
}