Merge branch 'master' of ssh://git.joshuabell.xyz:3032/ringofstorms/dotfiles

hosts/i001/flake.lock

@@ -1024,12 +1024,28 @@
         "type": "github"
       }
     },
+    "preservation": {
+      "locked": {
+        "lastModified": 1757436102,
+        "narHash": "sha256-mMI9IanU+Xw+pVogD2oT0I2kTmvz2Un/Apc5+CwUpEY=",
+        "owner": "nix-community",
+        "repo": "preservation",
+        "rev": "93416f4614ad2dfed5b0dcf12f27e57d27a5ab11",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "preservation",
+        "type": "github"
+      }
+    },
     "root": {
       "inputs": {
         "common": "common",
         "de_plasma": "de_plasma",
         "home-manager": "home-manager_2",
         "nixpkgs": "nixpkgs_3",
+        "preservation": "preservation",
         "ros_neovim": "ros_neovim"
       }
     },

hosts/i001/flake.nix

@@ -10,7 +10,8 @@
 
     ros_neovim.url = "git+https://git.joshuabell.xyz/ringofstorms/nvim";
 
-    impermanence.url = "github:nix-community/impermanence";
+    # impermanence.url = "github:nix-community/impermanence";
+    preservation.url = "github:nix-community/preservation";
   };
 
   outputs =
@@ -34,7 +35,8 @@
               inherit inputs;
             };
             modules = [
-              inputs.impermanence.nixosModules.impermanence
+              # inputs.impermanence.nixosModules.impermanence
+              inputs.preservation.nixosModules.preservation
               inputs.home-manager.nixosModules.default
 
               inputs.ros_neovim.nixosModules.default
@@ -65,7 +67,8 @@
 
               ./hardware-configuration.nix
               ./hardware-mounts.nix
-              ./impermanence.nix
+              # ./impermanence.nix
+              ./preservation.nix
               (
                 {
                   config,

hosts/i001/hardware-mounts.nix

@@ -135,7 +135,6 @@ lib.mkMerge [
 
       # Make this part of the root-fs chain, not just initrd.target
       wantedBy = [
-        # "initrd.target"
         "sysroot.mount"
         "initrd-root-fs.target"
       ];

hosts/i001/preservation.nix

@@ -0,0 +1,93 @@
+{ ... }:
+{
+  preservation = {
+    enable = true;
+
+    # Preserve system-wide directories and files at /persist
+    preserveAt = {
+      "/persist" = {
+        commonMountOptions = [
+          "x-gvfs-hide"
+          "x-gdu.hide"
+        ];
+
+        # Directories to persist (bind-mount by default)
+        directories = [
+          "/var/log"
+          "/var/lib/nixos"
+          "/var/lib/systemd/coredump"
+          "/var/lib/systemd/timers"
+
+          "/etc/nixos"
+          "/etc/ssh"
+
+          "/etc/NetworkManager/system-connections"
+          "/var/lib/bluetooth"
+          "/var/lib/NetworkManager"
+          "/var/lib/iwd"
+          "/var/lib/fail2ban"
+        ];
+
+        # Files to persist
+        files = [
+          # Persist machine-id early (initrd) via symlink for ConditionFirstBoot compatibility
+          { file = "/etc/machine-id"; inInitrd = true; how = "symlink"; configureParent = true; }
+
+          # SSH host keys: ensure correct handling with symlinks
+          { file = "/etc/ssh/ssh_host_rsa_key"; how = "symlink"; configureParent = true; }
+          { file = "/etc/ssh/ssh_host_ed25519_key"; how = "symlink"; configureParent = true; }
+        ];
+
+        # Per-user persistence
+        users = {
+          luser = {
+            directories = [
+              ".ssh"
+              ".gnupg"
+
+              "projects"
+              ".config/nixos-config"
+
+              ".config/atuin"
+              ".local/share/atuin"
+
+              ".local/share/zoxide"
+
+              # KDE
+              ".config/kdeconnect"
+
+              # Chrome
+              ".config/google-chrome"
+
+              # neovim ros_neovim
+              ".local/state/nvim_ringofstorms_helium"
+            ];
+            files = [ ];
+          };
+        };
+      };
+    };
+  };
+
+  # Configure intermediate system-wide directories that may need custom modes
+  # (Example: none required beyond defaults here.)
+
+  # Let systemd-machine-id-commit write the transient ID to the persistent volume.
+  # This avoids activation failure when /etc/machine-id is a symlink.
+  systemd.services.systemd-machine-id-commit = {
+    unitConfig.ConditionPathIsMountPoint = [
+      ""
+      "/persist/etc/machine-id"
+    ];
+    serviceConfig.ExecStart = [
+      ""
+      "systemd-machine-id-setup --commit --root /persist"
+    ];
+  };
+
+  # If you need custom ownership/modes for parent directories, use tmpfiles:
+  # systemd.tmpfiles.settings.preservation = {
+  #   "/foo".d = { user = "foo"; group = "bar"; mode = "0775"; };
+  #   "/foo/bar".d = { user = "bar"; group = "bar"; mode = "0755"; };
+  # };
+}