From a99c1a0b945f6fecf49b53cec475dbdb048a4a56 Mon Sep 17 00:00:00 2001
From: Tyler Kelley <tylerzanekelley@gmail.com>
Date: Sun, 11 Feb 2024 03:51:40 -0600
Subject: [PATCH] Adding support for and switching myself to impermanence

---
 config/system/default.nix     |  1 +
 config/system/persistence.nix | 27 +++++++++++++++++++++
 hardware.nix                  | 45 ++++++++++++++++++++++++++++-------
 system.nix                    | 20 +++++++++-------
 4 files changed, 77 insertions(+), 16 deletions(-)
 create mode 100644 config/system/persistence.nix

diff --git a/config/system/default.nix b/config/system/default.nix
index 5d92011..dd149de 100644
--- a/config/system/default.nix
+++ b/config/system/default.nix
@@ -19,6 +19,7 @@
     ./ntp.nix
     ./nvidia.nix
     ./packages.nix
+    ./persistence.nix
     ./polkit.nix
     ./python.nix
     ./printer.nix
diff --git a/config/system/persistence.nix b/config/system/persistence.nix
new file mode 100644
index 0000000..d843f76
--- /dev/null
+++ b/config/system/persistence.nix
@@ -0,0 +1,27 @@
+{ config, pkgs, lib, username, ... }:
+
+{
+  environment.persistence."/nix/persist" = {
+    hideMounts = true;
+    directories = [
+      "/var/log"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+    ];
+    files = [
+      "/etc/machine-id"
+    ];
+    users.${username} = {
+      directories = [
+	"Downloads"
+	"Music"
+	"Documents"
+	"Pictures"
+	"Videos"
+	".local/share/sddm"
+      ];
+      files = [
+      ];
+    };
+  };
+}
diff --git a/hardware.nix b/hardware.nix
index fe7741e..1c63086 100644
--- a/hardware.nix
+++ b/hardware.nix
@@ -5,27 +5,56 @@
 
 {
   imports =
-    [ (modulesPath + "/installer/scan/not-detected.nix")
+    [
+      (modulesPath + "/installer/scan/not-detected.nix")
     ];
 
-  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "usb_storage" "sd_mod" ];
+  boot.initrd.availableKernelModules = [ "xhci_pci" "ehci_pci" "nvme" "usbhid" "uas" "usb_storage" "sd_mod" ];
   boot.initrd.kernelModules = [ ];
   boot.kernelModules = [ "kvm-intel" ];
   boot.extraModulePackages = [ ];
 
   fileSystems."/" =
-    { device = "/dev/disk/by-uuid/b3302d13-4461-425c-aecc-13296f8bc93b";
+    {
+      device = "none";
+      fsType = "tmpfs";
+      options = [ "defaults" "size=25%" "mode=755" ];
+    };
+
+  fileSystems."/boot" =
+    {
+      device = "/dev/disk/by-uuid/CF00-A288";
+      fsType = "vfat";
+      options = [ "umask=0077" ];
+    };
+
+  fileSystems."/nix" =
+    {
+      device = "/dev/disk/by-uuid/86765b18-75f6-4900-809a-2931a8dac75e";
       fsType = "ext4";
     };
 
-  boot.initrd.luks.devices."luks-bcd5941f-0fd9-4a5e-b8ff-b6bef60a1dd1".device = "/dev/disk/by-uuid/bcd5941f-0fd9-4a5e-b8ff-b6bef60a1dd1";
+  boot.initrd.luks.devices."crypted".device = "/dev/disk/by-uuid/1a35e8d0-f13c-43f3-8c12-3aaa5059c8a3";
 
-  fileSystems."/boot" =
-    { device = "/dev/disk/by-uuid/67A4-1012";
-      fsType = "vfat";
+  fileSystems."/etc/nixos" =
+    {
+      device = "/nix/persist/etc/nixos";
+      fsType = "none";
+      options = [ "bind" ];
     };
 
-  swapDevices = [ ];
+  fileSystems."/var/log" =
+    {
+      device = "/nix/persist/var/log";
+      fsType = "none";
+      options = [ "bind" ];
+    };
+
+  swapDevices =
+    [{
+      device = "/dev/disk/by-partuuid/b77747cb-7eb5-4d78-bb6a-34ded8eb7c23";
+      randomEncryption.enable = true;
+    }];
 
   # Enables DHCP on each ethernet and wireless interface. In case of scripted networking
   # (the default) this is the recommended approach. When using systemd-networkd it's
diff --git a/system.nix b/system.nix
index 49384f4..3df82ac 100644
--- a/system.nix
+++ b/system.nix
@@ -38,14 +38,18 @@ in {
   console.keyMap = "${theKBDLayout}";
 
   # Define a user account.
-  users.users."${username}" = {
-    homeMode = "755";
-    isNormalUser = true;
-    description = "${gitUsername}";
-    extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
-    shell = pkgs.${theShell};
-    ignoreShellProgramCheck = true;
-    packages = with pkgs; [];
+  users = {
+    mutableUsers = true;
+    users."${username}" = {
+      homeMode = "755";
+      hashedPassword = "$6$YdPBODxytqUWXCYL$AHW1U9C6Qqkf6PZJI54jxFcPVm2sm/XWq3Z1qa94PFYz0FF.za9gl5WZL/z/g4nFLQ94SSEzMg5GMzMjJ6Vd7.";
+      isNormalUser = true;
+      description = "${gitUsername}";
+      extraGroups = [ "networkmanager" "wheel" "libvirtd" ];
+      shell = pkgs.${theShell};
+      ignoreShellProgramCheck = true;
+      packages = with pkgs; [];
+    };
   };
 
   environment.variables = {