nixos/modules/impermanence.nix

{ config, lib, ... }:

let
  cfg = config.custom.impermanence;
in
{
  options.custom.impermanence = {
    enable = lib.mkEnableOption "impermanence";

    base = lib.mkOption {
      type = lib.types.str;
      default = "/data";
    };
    cache = {
      enable = lib.mkEnableOption "impermanence.cache";
      path = lib.mkOption {
        type = lib.types.str;
        default = "/cache";
      };
    };

    users = lib.mkOption {
      type = with lib.types; listOf str;
      default = [ "root" config.custom.user ];
    };

    userExtraFiles = lib.mkOption {
      type = with lib.types; attrsOf (listOf str);
      default = { };
    };
    userExtraDirs = lib.mkOption {
      type = with lib.types; attrsOf (listOf str);
      default = { };
    };
  };

  config = lib.mkIf cfg.enable {
    fileSystems.${cfg.base}.neededForBoot = true;

    services = {
      openssh.hostKeys = [
        { path = "/data/system/etc/ssh/ssh_host_ed25519_key"; type = "ed25519"; }
        { path = "/data/system/etc/ssh/ssh_host_rsa_key"; type = "rsa"; bits = 4096; }
      ];
      matrix-synapse.dataDir = "${cfg.base}/system/var/lib/matrix-synapse";
      gitea.stateDir = "${cfg.base}/system/var/lib/gitea";
    };

    environment.persistence = lib.mkMerge [
      {
        "${cfg.base}/system" = {
          hideMounts = true;

          directories = [
            "/etc/nixos"
          ] ++ (lib.lists.optional config.services.tailscale.enable "/var/lib/tailscale") ++
          (lib.lists.optional config.services.zigbee2mqtt.enable config.services.zigbee2mqtt.dataDir) ++
          (lib.lists.optional config.services.postgresql.enable config.services.postgresql.dataDir) ++
          (lib.lists.optional config.hardware.bluetooth.enable "/var/lib/bluetooth") ++
          (lib.lists.optional config.custom.services.unifi.enable "/var/lib/unifi") ++
          (lib.lists.optional (config.virtualisation.oci-containers.containers != { }) "/var/lib/containers") ++
          (lib.lists.optional config.services.tang.enable "/var/lib/private/tang") ++
          (lib.lists.optional config.services.caddy.enable "/var/lib/caddy") ++
          (lib.lists.optional config.services.step-ca.enable "/var/lib/step-ca/db");
        };
      }
      (lib.mkIf cfg.cache.enable {
        "${cfg.cache.path}/system" = {
          hideMounts = true;

          directories = (lib.lists.optional config.services.postgresqlBackup.enable config.services.postgresqlBackup.location);
        };
      })
    ];

    home-manager.users =
      let
        mkUser = (x: {
          name = x;
          value = {
            home = {
              persistence."/data/users/${x}" = {
                allowOther = false;

                files = cfg.userExtraFiles.${x} or [ ];
                directories = cfg.userExtraDirs.${x} or [ ];
              };
              file.".zshrc".text = lib.mkForce ''
                HISTFILE=/data/users/${x}/.zsh_history
              '';
            };
          };
        });
      in
      builtins.listToAttrs (builtins.map mkUser cfg.users);

    systemd.tmpfiles.rules = lib.lists.flatten (builtins.map
      (user:
        let details = config.users.users.${user}; in [
          "d /data/users/${user} 0700 ${user} ${details.group} - -"
          "L ${details.home}/local - ${user} ${details.group} - /data/users/${user}"
        ])
      cfg.users);
  };
}