From fd2389fed1bf3af8cef624c0827eee9cb17fdd17 Mon Sep 17 00:00:00 2001
From: TheCrazyInsanity <iforgotthefakeoneiuse@fuckyou.com>
Date: Tue, 16 Dec 2025 12:30:30 -0500
Subject: [PATCH] hashtag erasing my darlings

---
 flake.nix                    | 84 +++++++++++++++++++-----------------
 global/eraseyourdarlings.nix | 73 +++++++++++++++++++++++++++++++
 2 files changed, 118 insertions(+), 39 deletions(-)
 create mode 100644 global/eraseyourdarlings.nix

diff --git a/flake.nix b/flake.nix
index 5c45519..3f6768e 100644
--- a/flake.nix
+++ b/flake.nix
@@ -11,49 +11,55 @@
       # to avoid problems caused by different versions of nixpkgs.
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    impermanence.url = "github:nix-community/impermanence";
   };
 
-  outputs = {
-    self,
-    nixpkgs,
-    home-manager,
-  }@inputs: let
-    inherit (self) outputs;
-    nix.registry.nixos.flake = inputs.self;
-    environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath;
-    nix.nixPath = ["nixpkgs=${nixpkgs.outPath}"];
-  in{
-    nixosConfigurations = {
-      homepc = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        system = "x86_64-linux";
-        modules = [
-          ./machines/homepc/configuration.nix
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.extraSpecialArgs = {inherit inputs outputs;};
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
+  outputs =
+    {
+      self,
+      nixpkgs,
+      home-manager,
+      impermanence,
+    }@inputs:
+    let
+      inherit (self) outputs;
+      nix.registry.nixos.flake = inputs.self;
+      environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath;
+      nix.nixPath = [ "nixpkgs=${nixpkgs.outPath}" ];
+    in
+    {
+      nixosConfigurations = {
+        homepc = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs outputs; };
+          system = "x86_64-linux";
+          modules = [
+            ./machines/homepc/configuration.nix
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.extraSpecialArgs = { inherit inputs outputs; };
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
 
-            home-manager.users.laythe = import ./machines/homepc/home.nix;
-          }
-        ];
-      };
-      workstation = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
-        system = "x86_64-linux";
-        modules = [
-          ./machines/workstation/configuration.nix
-          home-manager.nixosModules.home-manager
-          {
-            home-manager.extraSpecialArgs = {inherit inputs outputs;};
-            home-manager.useGlobalPkgs = true;
-            home-manager.useUserPackages = true;
+              home-manager.users.laythe = import ./machines/homepc/home.nix;
+            }
+          ];
+        };
+        workstation = nixpkgs.lib.nixosSystem {
+          specialArgs = { inherit inputs outputs; };
+          system = "x86_64-linux";
+          modules = [
+            ./machines/workstation/configuration.nix
+            impermanence.nixosModules.impermanence
+            home-manager.nixosModules.home-manager
+            {
+              home-manager.extraSpecialArgs = { inherit inputs outputs; };
+              home-manager.useGlobalPkgs = true;
+              home-manager.useUserPackages = true;
 
-            home-manager.users.laythe = import ./machines/homepc/home.nix;
-          }
-        ];
+              home-manager.users.laythe = import ./machines/homepc/home.nix;
+            }
+          ];
+        };
       };
     };
-  };
 }
diff --git a/global/eraseyourdarlings.nix b/global/eraseyourdarlings.nix
new file mode 100644
index 0000000..8a67cda
--- /dev/null
+++ b/global/eraseyourdarlings.nix
@@ -0,0 +1,73 @@
+{lib, ...}:
+{
+  boot.initrd.postResumeCommands = lib.mkAfter ''
+    rm -rf /bin /etc /lib64 /srv /sys /tmp /usr /var
+  ''
+
+  {
+    environment.persistence."/persistent" = {
+      enable = true; # NB: Defaults to true, not needed
+      hideMounts = true;
+      directories = [
+        "/var/log"
+        "/var/lib/bluetooth"
+        "/var/lib/nixos"
+        "/var/lib/systemd/coredump"
+        "/etc/NetworkManager/system-connections"
+        {
+          directory = "/var/lib/colord";
+          user = "colord";
+          group = "colord";
+          mode = "u=rwx,g=rx,o=";
+        }
+      ];
+      files = [
+        "/etc/machine-id"
+        {
+          file = "/var/keys/secret_file";
+          parentDirectory = {
+            mode = "u=rwx,g=,o=";
+          };
+        }
+      ];
+      users.laythe = {
+        directories = [
+          "Downloads"
+          "Music"
+          "Pictures"
+          "Documents"
+          "Videos"
+          "VirtualBox VMs"
+          {
+            directory = ".local/share/Steam";
+            mode = "0777"
+          }
+          {
+            directory = ".local/share/flatpak";
+            mode = "0700"
+          }
+          {
+            directory = ".gnupg";
+            mode = "0700";
+          }
+          {
+            directory = ".ssh";
+            mode = "0700";
+          }
+          {
+            directory = ".nixops";
+            mode = "0700";
+          }
+          {
+            directory = ".local/share/keyrings";
+            mode = "0700";
+          }
+          ".local/share/direnv"
+        ];
+        files = [
+          ".screenrc"
+        ];
+      };
+    };
+  }
+}
\ No newline at end of file