add impermanence

hosts/common/default.nix

@@ -3,9 +3,17 @@
   username,
   outputs,
   config,
+  lib,
+  inputs,
   ...
-}: {
+}: let
+  # Sops needs acess to the keys before the persist dirs are even mounted; so
+  # just persisting the keys won't work, we must point at /persist
+  hasOptinPersistence = config.environment.persistence."/persist".enable;
+in {
   imports = [
+    inputs.impermanence.nixosModules.impermanence
+
     ../../modules/nixos/sops.nix
   ];
 
@@ -91,6 +99,13 @@
       settings = {
         PasswordAuthentication = false;
       };
+
+      hostKeys = [
+        {
+          path = "${lib.optionalString hasOptinPersistence "/persist"}/etc/ssh/ssh_host_ed25519_key";
+          type = "ed25519";
+        }
+      ];
     };
   };
 

hosts/common/home.nix

@@ -1,9 +1,12 @@
 {
   outputs,
   username,
+  inputs,
   ...
 }: {
   imports = [
+    inputs.impermanence.nixosModules.home-manager.impermanence
+
     ../../modules/home-manager/shell
     ../../modules/home-manager/git
     ../../modules/home-manager/starship