Impermanence for zeus

flake.nix

@@ -73,7 +73,10 @@
         zeus = nixpkgs.lib.nixosSystem {
           system = "x86_64-linux";
           specialArgs = { inherit inputs; };
-          modules = [ ./systems/zeus/configuration.nix ];
+          modules = [ 
+            impermanence.nixosModules.impermanence
+            ./systems/zeus/configuration.nix 
+          ];
         };
         orangepihole = nixpkgs.lib.nixosSystem {
           system = "aarch64-linux";

modules/common/sops.nix

@@ -1,7 +1,7 @@
 { inputs, ... }: {
   imports = [ inputs.sops-nix.nixosModules.sops ];
   sops.defaultSopsFile = ../../secrets/secret.yaml;
-  sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   sops.age.keyFile = "/var/lib/sops-nix/key.txt";
   sops.age.generateKey = true;
 }

systems/orangepihole/configuration.nix

@@ -10,7 +10,6 @@
   boot.loader.grub.enable = false;
   boot.loader.generic-extlinux-compatible.enable = true;
   boot.loader.timeout = 1;
-#  boot.kernelPackages = pkgs.linuxPackages_6_6;
   boot.tmp.cleanOnBoot = true;
   networking = {
     hostName = "orangepihole"; # Define your hostname.
@@ -35,7 +34,6 @@
     ipv6SendRAConfig.EmitDNS = false;
     ipv6Prefixes = [{ ipv6PrefixConfig.Prefix = "fd72:3dd5:21ae:3c97::/64"; }];
   };
-  sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   zramSwap.enable = true;
   swapDevices = [{
     device = "/persist/swapfile";

systems/smolboi/configuration.nix

@@ -25,7 +25,6 @@
     tmp.cleanOnBoot = true;
   };
   powerManagement.cpuFreqGovernor = "schedutil";
-  sops.age.sshKeyPaths = [ "/persist/etc/ssh/ssh_host_ed25519_key" ];
   sops.secrets."cdombroski/password" = {
     neededForUsers = true;
     sopsFile = ../../secrets/smolboi/users.yaml;
@@ -238,7 +237,7 @@
       };
     };
     cursor = {
-      package = pkgs.breeze-qt5;
+      package = pkgs.kdePackages.breeze;
       name = "breeze_cursors";
       size = 24;
     };

systems/zeus/configuration.nix

@@ -263,14 +263,32 @@
       "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIH7rvqA2VG9kOPHBNgfna0YA+jEjIR6ZAKrdgWVWQjCV root@orangepihole"
     ];
   };
-  environment.systemPackages = with pkgs; [
-    vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
-    dive
-    podman-tui
-    docker-compose
-    tcpdump
-    ethtool
-  ];
+  environment = {
+    systemPackages = with pkgs; [
+      vim # Do not forget to add an editor to edit configuration.nix! The Nano editor is also installed by default.
+      dive
+      podman-tui
+      docker-compose
+      tcpdump
+      ethtool
+    ];
+    persistence."/persist" = {
+      hideMounts = true;
+      directories = [
+        "/srv/docker"
+        "/tmp"
+        "/etc/containers/networks"
+      ];
+      files = [
+        "/etc/machine-id"
+        "/etc/adjtime"
+        "/etc/ssh/ssh_host_rsa_key"
+        "/etc/ssh/ssh_host_rsa_key.pub"
+        "/etc/ssh/ssh_host_ed25519_key"
+        "/etc/ssh/ssh_host_ed25519_key.pub"
+        ];
+    };
+  };
 
   services = {
     samba = {

systems/zeus/hardware-configuration.nix

@@ -13,8 +13,15 @@
   boot.extraModulePackages = [ ];
 
   fileSystems."/" = {
+    device = "none";
+    fsType = "tmpfs";
+    options = [ "defaults" "mode=755" ];
+  };
+
+  fileSystems."/persist" = {
     device = "zroot/root";
     fsType = "zfs";
+    neededForBoot = true;
   };
 
   fileSystems."/boot" = {