From 2f96b52b6ff5209b5ba209881e2a5d5a1f17ea47 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Mon, 5 Jan 2026 23:29:34 -0600
Subject: [PATCH 1/4] add tailscale to impermanence

---
 hosts/juni/impermanence.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/juni/impermanence.nix b/hosts/juni/impermanence.nix
index 9b867bfd..dfe17114 100644
--- a/hosts/juni/impermanence.nix
+++ b/hosts/juni/impermanence.nix
@@ -18,6 +18,8 @@
       "/var/lib/NetworkManager"
       "/var/lib/iwd"
       "/var/lib/fail2ban"
+
+      "/var/lib/tailscale"
     ];
     files = [
       "/machine-key.json"

From d04f85587471ab83afeb18bc94e7e01dcfc3135b Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Mon, 5 Jan 2026 23:44:18 -0600
Subject: [PATCH 2/4] add better diff ignores

---
 hosts/i001/impermanence-tools.nix | 57 ++++++++++++++++++++++++++++++-
 hosts/i001/impermanence-tools.sh  | 46 +++++++++++++++++++++++++
 hosts/juni/impermanence-tools.nix | 57 ++++++++++++++++++++++++++++++-
 hosts/juni/impermanence-tools.sh  | 46 +++++++++++++++++++++++++
 4 files changed, 204 insertions(+), 2 deletions(-)

diff --git a/hosts/i001/impermanence-tools.nix b/hosts/i001/impermanence-tools.nix
index cf6a9467..08ef5567 100644
--- a/hosts/i001/impermanence-tools.nix
+++ b/hosts/i001/impermanence-tools.nix
@@ -7,9 +7,64 @@
 let
   cfg = config.impermanence.tools;
 
-  bcacheImpermanenceBin = pkgs.writeShellScriptBin "bcache-impermanence" (
+  persistence = config.environment.persistence or { };
+
+  normalizePath = v:
+    if builtins.isString v then
+      v
+    else if v ? dirPath then
+      v.dirPath
+    else if v ? filePath then
+      v.filePath
+    else
+      null;
+
+  pathsFromList = f: xs: lib.filter (p: p != null) (map f xs);
+
+  userPersistencePaths = users:
+    lib.flatten (
+      lib.mapAttrsToList (
+        userName: userCfg:
+        let
+          home = (config.users.users.${userName} or { }).home or "/home/${userName}";
+          normalizeUserPath = v:
+            if builtins.isString v then
+              if lib.hasPrefix "/" v then v else "${home}/${v}"
+            else
+              normalizePath v;
+        in
+        (pathsFromList normalizeUserPath (userCfg.directories or [ ]))
+        ++ (pathsFromList normalizeUserPath (userCfg.files or [ ]))
+      ) users
+    );
+
+  ignorePaths =
+    lib.unique (
+      lib.filter (p: p != null && p != "" && p != "/") (
+        lib.flatten (
+          lib.mapAttrsToList (
+            persistRoot: persistCfg:
+            [ persistRoot ]
+            ++ (pathsFromList normalizePath (persistCfg.directories or [ ]))
+            ++ (pathsFromList normalizePath (persistCfg.files or [ ]))
+            ++ (userPersistencePaths (persistCfg.users or { }))
+          ) persistence
+        )
+      )
+    );
+
+  ignoreFile = pkgs.writeText "bcache-impermanence-ignore-paths" (
+    lib.concatStringsSep "\n" ignorePaths + "\n"
+  );
+
+  scriptFile = pkgs.writeText "bcache-impermanence.sh" (
     builtins.readFile ./impermanence-tools.sh
   );
+
+  bcacheImpermanenceBin = pkgs.writeShellScriptBin "bcache-impermanence" ''
+    export BCACHE_IMPERMANENCE_IGNORE_FILE="${ignoreFile}"
+    exec ${pkgs.bash}/bin/bash "${scriptFile}" "$@"
+  '';
 in
 {
   options.impermanence.tools = {
diff --git a/hosts/i001/impermanence-tools.sh b/hosts/i001/impermanence-tools.sh
index bd6d293a..73e389ac 100644
--- a/hosts/i001/impermanence-tools.sh
+++ b/hosts/i001/impermanence-tools.sh
@@ -7,6 +7,7 @@ KEEP_RECENT_WEEKS=4
 KEEP_RECENT_COUNT=5
 DRY_RUN=0
 DIFF_MAX_DEPTH=0
+IGNORE_FILE="${BCACHE_IMPERMANENCE_IGNORE_FILE-}"
 
 usage() {
   cat <<EOF
@@ -466,6 +467,13 @@ cmd_diff() {
   local persist_mounts
   persist_mounts=$(awk '$2 ~ "^/persist(/|$)" { print $2 }' /proc/self/mounts || true)
 
+  # Optional ignore list file generated from `environment.persistence`.
+  local ignore_list
+  ignore_list=""
+  if [ -n "$IGNORE_FILE" ] && [ -f "$IGNORE_FILE" ]; then
+    ignore_list=$(grep -vE '^[[:space:]]*($|#)' "$IGNORE_FILE" | sed 's/[[:space:]]*$//' || true)
+  fi
+
   is_persist_backed() {
     local p
     p="$1"
@@ -484,6 +492,34 @@ cmd_diff() {
     return 1
   }
 
+  is_ignored_path() {
+    local p
+    p="$1"
+
+    if [ -z "$p" ] || [ "$p" = "/" ]; then
+      return 1
+    fi
+
+    if [ -z "$ignore_list" ]; then
+      return 1
+    fi
+
+    local ign
+    while read -r ign; do
+      [ -n "$ign" ] || continue
+      case "$ign" in
+        /*) : ;;
+        *) continue ;;
+      esac
+
+      case "$p" in
+        "$ign"|"$ign"/*) return 0 ;;
+      esac
+    done <<<"$ignore_list"
+
+    return 1
+  }
+
   local prefixes
   prefixes=("$@")
 
@@ -504,6 +540,11 @@ cmd_diff() {
       continue
     fi
 
+    # Skip prefixes explicitly persisted via `environment.persistence`.
+    if is_ignored_path "$prefix"; then
+      continue
+    fi
+
     local rel
     rel="${prefix#/}"
     [ -z "$rel" ] && rel="."
@@ -550,6 +591,11 @@ cmd_diff() {
       continue
     fi
 
+    # Skip paths explicitly persisted via `environment.persistence`.
+    if is_ignored_path "$b_path"; then
+      continue
+    fi
+
     local status
     if [ ! -e "$a_path" ] && [ -e "$b_path" ]; then
       status="added"
diff --git a/hosts/juni/impermanence-tools.nix b/hosts/juni/impermanence-tools.nix
index cf6a9467..08ef5567 100644
--- a/hosts/juni/impermanence-tools.nix
+++ b/hosts/juni/impermanence-tools.nix
@@ -7,9 +7,64 @@
 let
   cfg = config.impermanence.tools;
 
-  bcacheImpermanenceBin = pkgs.writeShellScriptBin "bcache-impermanence" (
+  persistence = config.environment.persistence or { };
+
+  normalizePath = v:
+    if builtins.isString v then
+      v
+    else if v ? dirPath then
+      v.dirPath
+    else if v ? filePath then
+      v.filePath
+    else
+      null;
+
+  pathsFromList = f: xs: lib.filter (p: p != null) (map f xs);
+
+  userPersistencePaths = users:
+    lib.flatten (
+      lib.mapAttrsToList (
+        userName: userCfg:
+        let
+          home = (config.users.users.${userName} or { }).home or "/home/${userName}";
+          normalizeUserPath = v:
+            if builtins.isString v then
+              if lib.hasPrefix "/" v then v else "${home}/${v}"
+            else
+              normalizePath v;
+        in
+        (pathsFromList normalizeUserPath (userCfg.directories or [ ]))
+        ++ (pathsFromList normalizeUserPath (userCfg.files or [ ]))
+      ) users
+    );
+
+  ignorePaths =
+    lib.unique (
+      lib.filter (p: p != null && p != "" && p != "/") (
+        lib.flatten (
+          lib.mapAttrsToList (
+            persistRoot: persistCfg:
+            [ persistRoot ]
+            ++ (pathsFromList normalizePath (persistCfg.directories or [ ]))
+            ++ (pathsFromList normalizePath (persistCfg.files or [ ]))
+            ++ (userPersistencePaths (persistCfg.users or { }))
+          ) persistence
+        )
+      )
+    );
+
+  ignoreFile = pkgs.writeText "bcache-impermanence-ignore-paths" (
+    lib.concatStringsSep "\n" ignorePaths + "\n"
+  );
+
+  scriptFile = pkgs.writeText "bcache-impermanence.sh" (
     builtins.readFile ./impermanence-tools.sh
   );
+
+  bcacheImpermanenceBin = pkgs.writeShellScriptBin "bcache-impermanence" ''
+    export BCACHE_IMPERMANENCE_IGNORE_FILE="${ignoreFile}"
+    exec ${pkgs.bash}/bin/bash "${scriptFile}" "$@"
+  '';
 in
 {
   options.impermanence.tools = {
diff --git a/hosts/juni/impermanence-tools.sh b/hosts/juni/impermanence-tools.sh
index bd6d293a..73e389ac 100644
--- a/hosts/juni/impermanence-tools.sh
+++ b/hosts/juni/impermanence-tools.sh
@@ -7,6 +7,7 @@ KEEP_RECENT_WEEKS=4
 KEEP_RECENT_COUNT=5
 DRY_RUN=0
 DIFF_MAX_DEPTH=0
+IGNORE_FILE="${BCACHE_IMPERMANENCE_IGNORE_FILE-}"
 
 usage() {
   cat <<EOF
@@ -466,6 +467,13 @@ cmd_diff() {
   local persist_mounts
   persist_mounts=$(awk '$2 ~ "^/persist(/|$)" { print $2 }' /proc/self/mounts || true)
 
+  # Optional ignore list file generated from `environment.persistence`.
+  local ignore_list
+  ignore_list=""
+  if [ -n "$IGNORE_FILE" ] && [ -f "$IGNORE_FILE" ]; then
+    ignore_list=$(grep -vE '^[[:space:]]*($|#)' "$IGNORE_FILE" | sed 's/[[:space:]]*$//' || true)
+  fi
+
   is_persist_backed() {
     local p
     p="$1"
@@ -484,6 +492,34 @@ cmd_diff() {
     return 1
   }
 
+  is_ignored_path() {
+    local p
+    p="$1"
+
+    if [ -z "$p" ] || [ "$p" = "/" ]; then
+      return 1
+    fi
+
+    if [ -z "$ignore_list" ]; then
+      return 1
+    fi
+
+    local ign
+    while read -r ign; do
+      [ -n "$ign" ] || continue
+      case "$ign" in
+        /*) : ;;
+        *) continue ;;
+      esac
+
+      case "$p" in
+        "$ign"|"$ign"/*) return 0 ;;
+      esac
+    done <<<"$ignore_list"
+
+    return 1
+  }
+
   local prefixes
   prefixes=("$@")
 
@@ -504,6 +540,11 @@ cmd_diff() {
       continue
     fi
 
+    # Skip prefixes explicitly persisted via `environment.persistence`.
+    if is_ignored_path "$prefix"; then
+      continue
+    fi
+
     local rel
     rel="${prefix#/}"
     [ -z "$rel" ] && rel="."
@@ -550,6 +591,11 @@ cmd_diff() {
       continue
     fi
 
+    # Skip paths explicitly persisted via `environment.persistence`.
+    if is_ignored_path "$b_path"; then
+      continue
+    fi
+
     local status
     if [ ! -e "$a_path" ] && [ -e "$b_path" ]; then
       status="added"

From eab7ef7b3563dd93ac6dc44951838f3db856243a Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Tue, 6 Jan 2026 00:04:03 -0600
Subject: [PATCH 3/4] update common for tun kernel module

---
 hosts/juni/flake.lock | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/hosts/juni/flake.lock b/hosts/juni/flake.lock
index 86ad66fb..6c939097 100644
--- a/hosts/juni/flake.lock
+++ b/hosts/juni/flake.lock
@@ -39,11 +39,11 @@
     "common": {
       "locked": {
         "dir": "flakes/common",
-        "lastModified": 1767575724,
-        "narHash": "sha256-L+3hoO4t3RCXkp9RXyXpJlCkzj6AdTOsstUv7RphEBM=",
+        "lastModified": 1767678258,
+        "narHash": "sha256-UIbi/8BEJnasj3yVK+I4Y2Gqxq7Li86rb8iuzWrNfco=",
         "ref": "refs/heads/master",
-        "rev": "f86b8085c2ad39986c194b28d51260f8f402572a",
-        "revCount": 1041,
+        "rev": "d04f85587471ab83afeb18bc94e7e01dcfc3135b",
+        "revCount": 1062,
         "type": "git",
         "url": "https://git.joshuabell.xyz/ringofstorms/dotfiles"
       },

From 89c80b9de0b7a925e7a00705a030ffe5d8ac3c45 Mon Sep 17 00:00:00 2001
From: "RingOfStorms (Joshua Bell)" <ringofstorms@gmail.com>
Date: Tue, 6 Jan 2026 00:36:05 -0600
Subject: [PATCH 4/4] idk

---
 hosts/juni/impermanence.nix | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/hosts/juni/impermanence.nix b/hosts/juni/impermanence.nix
index dfe17114..11faf801 100644
--- a/hosts/juni/impermanence.nix
+++ b/hosts/juni/impermanence.nix
@@ -20,6 +20,8 @@
       "/var/lib/fail2ban"
 
       "/var/lib/tailscale"
+
+      "/var/lib/upower"
     ];
     files = [
       "/machine-key.json"