feat: allow defining impermanence dirs from home manager configs

modules/config/impermanence.nix

@@ -2,10 +2,87 @@
   config,
   lib,
   ...
-}: {
+}: let
+  inherit
+    (lib)
+    attrNames
+    flip
+    isAttrs
+    mapAttrs
+    mkMerge
+    mkOption
+    optionals
+    types
+    ;
+in {
   # Give agenix access to the hostkey independent of impermanence activation
   age.identityPaths = ["/persist/etc/ssh/ssh_host_ed25519_key"];
 
+  # Expose a home manager module for each user that allows extending
+  # environment.persistence.${sourceDir}.users.${userName} simply by
+  # specifying home.persistence.${sourceDir} in home manager.
+  home-manager.sharedModules = [
+    {
+      options.home.persistence = mkOption {
+        description = "Additional persistence config for the given source path";
+        default = {};
+        type = types.attrsOf (types.submodule {
+          options = {
+            files = mkOption {
+              description = "Additional files to persist via NixOS impermanence.";
+              type = types.listOf (types.either types.attrs types.str);
+              default = [];
+            };
+
+            directories = mkOption {
+              description = "Additional directories to persist via NixOS impermanence.";
+              type = types.listOf (types.either types.attrs types.str);
+              default = [];
+            };
+          };
+        });
+      };
+    }
+  ];
+
+  # For each user that has a home-manager config, merge the locally defined
+  # persistence options that we defined above.
+  imports = let
+    mkUserFiles = map (x:
+      {mode = "600";}
+      // (
+        if isAttrs x
+        then x
+        else {file = x;}
+      ));
+    mkUserDirs = map (x:
+      {mode = "700";}
+      // (
+        if isAttrs x
+        then x
+        else {directory = x;}
+      ));
+  in [
+    {
+      environment.persistence = mkMerge (
+        flip map
+        (attrNames config.home-manager.users)
+        (
+          user: let
+            hmUserCfg = config.home-manager.users.${user};
+          in
+            flip mapAttrs hmUserCfg.home.persistence
+            (_: sourceCfg: {
+              users.${user} = {
+                files = mkUserFiles sourceCfg.files;
+                directories = mkUserDirs sourceCfg.directories;
+              };
+            })
+        )
+      );
+    }
+  ];
+
   # State that should be kept across reboots, but is otherwise
   # NOT important information in any way that needs to be backed up.
   fileSystems."/state".neededForBoot = true;
@@ -34,7 +111,7 @@
           mode = "0755";
         }
       ]
-      ++ lib.optionals config.networking.wireless.iwd.enable [
+      ++ optionals config.networking.wireless.iwd.enable [
         {
           directory = "/var/lib/iwd";
           user = "root";
@@ -62,7 +139,7 @@
           mode = "0755";
         }
       ]
-      ++ lib.optionals config.security.acme.acceptTerms [
+      ++ optionals config.security.acme.acceptTerms [
         {
           directory = "/var/lib/acme";
           user = "acme";
@@ -70,7 +147,7 @@
           mode = "0755";
         }
       ]
-      ++ lib.optionals config.services.printing.enable [
+      ++ optionals config.services.printing.enable [
         {
           directory = "/var/lib/cups";
           user = "root";
@@ -78,7 +155,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.fail2ban.enable [
+      ++ optionals config.services.fail2ban.enable [
         {
           directory = "/var/lib/fail2ban";
           user = "fail2ban";
@@ -86,7 +163,7 @@
           mode = "0750";
         }
       ]
-      ++ lib.optionals config.services.postgresql.enable [
+      ++ optionals config.services.postgresql.enable [
         {
           directory = "/var/lib/postgresql";
           user = "postgres";
@@ -94,7 +171,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.gitea.enable [
+      ++ optionals config.services.gitea.enable [
         {
           directory = config.services.gitea.stateDir;
           user = "gitea";
@@ -102,7 +179,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.caddy.enable [
+      ++ optionals config.services.caddy.enable [
         {
           directory = config.services.caddy.dataDir;
           user = "caddy";
@@ -110,7 +187,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.loki.enable [
+      ++ optionals config.services.loki.enable [
         {
           directory = "/var/lib/loki";
           user = "loki";
@@ -118,7 +195,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.grafana.enable [
+      ++ optionals config.services.grafana.enable [
         {
           directory = config.services.grafana.dataDir;
           user = "grafana";
@@ -126,7 +203,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.kanidm.enableServer [
+      ++ optionals config.services.kanidm.enableServer [
         {
           directory = "/var/lib/kanidm";
           user = "kanidm";
@@ -134,7 +211,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.vaultwarden.enable [
+      ++ optionals config.services.vaultwarden.enable [
         {
           directory = "/var/lib/vaultwarden";
           user = "vaultwarden";
@@ -142,7 +219,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.influxdb2.enable [
+      ++ optionals config.services.influxdb2.enable [
         {
           directory = "/var/lib/influxdb2";
           user = "influxdb2";
@@ -150,7 +227,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.telegraf.enable [
+      ++ optionals config.services.telegraf.enable [
         {
           directory = "/var/lib/telegraf";
           user = "telegraf";
@@ -158,7 +235,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.adguardhome.enable [
+      ++ optionals config.services.adguardhome.enable [
         {
           directory = "/var/lib/private/AdGuardHome";
           user = "root";
@@ -166,7 +243,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.esphome.enable [
+      ++ optionals config.services.esphome.enable [
         {
           directory = "/var/lib/private/esphome";
           user = "root";
@@ -174,7 +251,7 @@
           mode = "0700";
         }
       ]
-      ++ lib.optionals config.services.home-assistant.enable [
+      ++ optionals config.services.home-assistant.enable [
         {
           directory = config.services.home-assistant.configDir;
           user = "hass";

users/common/default.nix

@@ -4,6 +4,7 @@
 
     ./git.nix
     ./htop.nix
+    ./impermanence.nix
     ./neovim.nix
     ./shell
     ./utils.nix

users/common/impermanence.nix

@@ -0,0 +1,52 @@
+{
+  config,
+  nixosConfig,
+  ...
+}: {
+  home.persistence."/state".files =
+    [
+      # nothing yet ...
+    ]
+    ++ optionals config.programs.ssh.enable [
+      ".ssh/known_hosts"
+    ];
+
+  home.persistence."/state".directories =
+    [
+      ".cache/fontconfig"
+      ".cache/nix" # nix eval cache
+      ".cache/nix-index"
+    ]
+    ++ optionals config.programs.firefox.enable [
+      ".cache/mozilla"
+    ]
+    ++ optionals config.programs.direnv.enable [
+      ".local/share/direnv"
+    ]
+    ++ optionals config.programs.neovim.enable [
+      ".local/share/nvim"
+      ".local/state/nvim"
+      ".cache/nvim"
+    ]
+    ++ optionals nixosConfig.hardware.nvidia.enable [
+      ".cache/nvidia" # GLCache
+    ]
+    ++ optionals nixosConfig.services.pipewire.enable [
+      ".local/state/wireplumber"
+    ];
+
+  home.persistence."/persist".directories =
+    [
+      ".local/share/nix" # Repl history
+    ]
+    ++ optionals config.programs.firefox.enable [
+      ".mozilla"
+    ]
+    ++ optionals config.programs.atuin.enable [
+      ".local/share/atuin"
+    ]
+    ++ optionals nixosConfig.programs.steam.enable [
+      ".local/share/Steam"
+      ".steam"
+    ];
+}

users/myuser/default.nix

@@ -1,14 +1,9 @@
 {
   config,
-  lib,
   pkgs,
   ...
 }: let
   myuser = config.repo.secrets.global.myuser.name;
-  mkUserDirs = map (directory: {
-    inherit directory;
-    mode = "700";
-  });
 in {
   users.groups.${myuser}.gid = config.users.users.${myuser}.uid;
   users.users.${myuser} = {
@@ -25,40 +20,12 @@ in {
   # Needed for gtk
   programs.dconf.enable = true;
 
-  # TODO age.secrets = mapAttrs user.hmConfig.cfg.age.secrets users
   age.secrets.my-gpg-pubkey-yubikey = {
     rekeyFile = ./yubikey.gpg.age;
     group = myuser;
     mode = "640";
   };
 
-  # TODO numlock default on in sway and kernel console
-  # TODO make dataset for safe/persist/ and automount it
-  # TODO modularized based on hmConfig
-  environment.persistence."/state".users.${myuser}.directories = mkUserDirs [
-    ".cache/fontconfig"
-    ".cache/mozilla"
-    ".cache/nix" # nix eval cache
-    ".cache/nix-index"
-    ".cache/nvidia" # GLCache
-    ".cache/nvim"
-    ".local/share/nvim"
-    ".local/state/direnv"
-    ".local/state/nix"
-    ".local/state/nvim"
-    ".local/state/wireplumber"
-    "Downloads"
-  ];
-
-  environment.persistence."/persist".users.${myuser}.directories = mkUserDirs [
-    ".mozilla"
-    ".config/discord" # Bad Discord! BAD! Saves state in ,config tststs
-    ".config/Signal" # L take, electron.
-    ".local/share/atuin"
-    ".local/share/nix" # Repl history
-    "projects"
-  ];
-
   home-manager.users.${myuser} = {
     imports = [
       ../common

users/myuser/graphical/default.nix

@@ -4,7 +4,8 @@
     ./sway.nix
   ];
 
-  home.packages = with pkgs; [
+  home = {
+    packages = with pkgs; [
       discord
       firefox
       thunderbird
@@ -17,8 +18,19 @@
     # TODO VP9 hardware video decoding blocklisted
     # TODO gpg switch to sk
 
-  home.shellAliases = {
+    shellAliases = {
       p = "cd ~/projects";
       zf = "zathura --fork";
     };
+
+    persistence."/persist".directories = [
+      ".config/discord" # Bad Discord! BAD! Saves its state in .config tststs
+      ".config/Signal" # L take, electron.
+      "projects"
+    ];
+
+    persistence."/state".directories = [
+      "Downloads"
+    ];
+  };
 }