hashtag erasing my darlings

2025-12-16 12:30:30 -05:00
parent edfc6cffdd
commit fd2389fed1
2 changed files with 118 additions and 39 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -11,27 +11,32 @@
      # to avoid problems caused by different versions of nixpkgs.
      inputs.nixpkgs.follows = "nixpkgs";
    };
+    impermanence.url = "github:nix-community/impermanence";
  };

-  outputs = {
+  outputs =
+    {
      self,
      nixpkgs,
      home-manager,
-  }@inputs: let
+      impermanence,
+    }@inputs:
+    let
      inherit (self) outputs;
      nix.registry.nixos.flake = inputs.self;
      environment.etc."nix/inputs/nixpkgs".source = nixpkgs.outPath;
-    nix.nixPath = ["nixpkgs=${nixpkgs.outPath}"];
-  in{
+      nix.nixPath = [ "nixpkgs=${nixpkgs.outPath}" ];
+    in
+    {
      nixosConfigurations = {
        homepc = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+          specialArgs = { inherit inputs outputs; };
          system = "x86_64-linux";
          modules = [
            ./machines/homepc/configuration.nix
            home-manager.nixosModules.home-manager
            {
-            home-manager.extraSpecialArgs = {inherit inputs outputs;};
+              home-manager.extraSpecialArgs = { inherit inputs outputs; };
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;

@@ -40,13 +45,14 @@
          ];
        };
        workstation = nixpkgs.lib.nixosSystem {
-        specialArgs = {inherit inputs outputs;};
+          specialArgs = { inherit inputs outputs; };
          system = "x86_64-linux";
          modules = [
            ./machines/workstation/configuration.nix
+            impermanence.nixosModules.impermanence
            home-manager.nixosModules.home-manager
            {
-            home-manager.extraSpecialArgs = {inherit inputs outputs;};
+              home-manager.extraSpecialArgs = { inherit inputs outputs; };
              home-manager.useGlobalPkgs = true;
              home-manager.useUserPackages = true;

--- a/global/eraseyourdarlings.nix
+++ b/global/eraseyourdarlings.nix
@@ -0,0 +1,73 @@
+{lib, ...}:
+{
+  boot.initrd.postResumeCommands = lib.mkAfter ''
+    rm -rf /bin /etc /lib64 /srv /sys /tmp /usr /var
+  ''
+
+  {
+    environment.persistence."/persistent" = {
+      enable = true; # NB: Defaults to true, not needed
+      hideMounts = true;
+      directories = [
+        "/var/log"
+        "/var/lib/bluetooth"
+        "/var/lib/nixos"
+        "/var/lib/systemd/coredump"
+        "/etc/NetworkManager/system-connections"
+        {
+          directory = "/var/lib/colord";
+          user = "colord";
+          group = "colord";
+          mode = "u=rwx,g=rx,o=";
+        }
+      ];
+      files = [
+        "/etc/machine-id"
+        {
+          file = "/var/keys/secret_file";
+          parentDirectory = {
+            mode = "u=rwx,g=,o=";
+          };
+        }
+      ];
+      users.laythe = {
+        directories = [
+          "Downloads"
+          "Music"
+          "Pictures"
+          "Documents"
+          "Videos"
+          "VirtualBox VMs"
+          {
+            directory = ".local/share/Steam";
+            mode = "0777"
+          }
+          {
+            directory = ".local/share/flatpak";
+            mode = "0700"
+          }
+          {
+            directory = ".gnupg";
+            mode = "0700";
+          }
+          {
+            directory = ".ssh";
+            mode = "0700";
+          }
+          {
+            directory = ".nixops";
+            mode = "0700";
+          }
+          {
+            directory = ".local/share/keyrings";
+            mode = "0700";
+          }
+          ".local/share/direnv"
+        ];
+        files = [
+          ".screenrc"
+        ];
+      };
+    };
+  }
+}