feat: put impermanence for services next to service definitions

modules/config/impermanence.nix

@@ -117,14 +117,6 @@ in {
       [
         "/var/lib/nixos"
       ]
-      ++ optionals config.hardware.bluetooth.enable [
-        {
-          directory = "/var/lib/bluetooth";
-          #user = "acme";
-          #group = "acme";
-          #mode = "0755";
-        }
-      ]
       ++ optionals config.security.acme.acceptTerms [
         {
           directory = "/var/lib/acme";
@@ -139,14 +131,6 @@ in {
           mode = "0700";
         }
       ]
-      ++ optionals config.services.fail2ban.enable [
-        {
-          directory = "/var/lib/fail2ban";
-          user = "fail2ban";
-          group = "fail2ban";
-          mode = "0750";
-        }
-      ]
       ++ optionals config.services.postgresql.enable [
         {
           directory = "/var/lib/postgresql";
@@ -154,90 +138,6 @@ in {
           group = "postgres";
           mode = "0700";
         }
-      ]
-      ++ optionals config.services.gitea.enable [
-        {
-          directory = config.services.gitea.stateDir;
-          user = "gitea";
-          group = "gitea";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.caddy.enable [
-        {
-          directory = config.services.caddy.dataDir;
-          user = "caddy";
-          group = "caddy";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.loki.enable [
-        {
-          directory = "/var/lib/loki";
-          user = "loki";
-          group = "loki";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.grafana.enable [
-        {
-          directory = config.services.grafana.dataDir;
-          user = "grafana";
-          group = "grafana";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.kanidm.enableServer [
-        {
-          directory = "/var/lib/kanidm";
-          user = "kanidm";
-          group = "kanidm";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.vaultwarden.enable [
-        {
-          directory = "/var/lib/vaultwarden";
-          user = "vaultwarden";
-          group = "vaultwarden";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.influxdb2.enable [
-        {
-          directory = "/var/lib/influxdb2";
-          user = "influxdb2";
-          group = "influxdb2";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.telegraf.enable [
-        {
-          directory = "/var/lib/telegraf";
-          user = "telegraf";
-          group = "telegraf";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.adguardhome.enable [
-        {
-          directory = "/var/lib/private/AdGuardHome";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.esphome.enable [
-        {
-          directory = "/var/lib/private/esphome";
-          mode = "0700";
-        }
-      ]
-      ++ optionals config.services.home-assistant.enable [
-        {
-          directory = config.services.home-assistant.configDir;
-          user = "hass";
-          group = "hass";
-          mode = "0700";
-        }
       ];
   };
 }

modules/optional/hardware/bluetooth.nix

@@ -1,5 +1,8 @@
 {pkgs, ...}: {
   environment.systemPackages = with pkgs; [bluetuith];
+  environment.persistence."/persist".directories = [
+    "/var/lib/bluetooth"
+  ];
 
   hardware.bluetooth = {
     enable = true;

modules/telegraf.nix

@@ -177,6 +177,15 @@ in {
       '';
     };
 
+    environment.persistence."/persist".directories = [
+      {
+        directory = "/var/lib/telegraf";
+        user = "telegraf";
+        group = "telegraf";
+        mode = "0700";
+      }
+    ];
+
     systemd.services.telegraf = {
       path = [
         # Make sensors refer to the correct wrapper