{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.local.boot.impermanence;

  #TODO: type correcto de files, directories?
  entryOption = mkOption {
    type = with lib.types; listOf (either str attrs);
    default = [];
  };

  persistPath = "/persist";

  trustPath =
    if cfg.trust.path != null
    then cfg.trust.path
    else persistPath;
in {
  options.local.boot.impermanence = {
    enable = mkEnableOption "root fs impermanence";

    files = entryOption;
    directories = entryOption;

    trust = {
      path = mkOption {
        type = with lib.types; nullOr path;
        default = null;
      };

      files = entryOption;
      directories = entryOption;
    };
  };

  config = mkMerge [
    {
      local.boot.impermanence = {
        directories = [
          "/etc/lvm"
          "/var/lib/lastlog"
          "/var/lib/nixos"
          "/var/lib/systemd"
          "/var/log"
        ];

        files =
          [
            "/etc/machine-id"
            "/var/lib/logrotate.status"
          ]
          ++ optionals config.users.mutableUsers [
            "/etc/group"
            "/etc/passwd"
            "/etc/shadow"
            "/etc/subuid"
            "/etc/subgid"
          ];
      };
    }
    (mkIf cfg.enable {
      assertions = [
        {
          assertion = (config.fileSystems ? ${persistPath}) && config.fileSystems.${persistPath}.neededForBoot;
          message = "Impermanence requires ${persistPath} to be a neededForBoot mountpoint";
        }
      ];

      environment.persistence = mkMerge [
        {
          ${persistPath} = {
            hideMounts = true;

            files = cfg.files;
            directories = cfg.directories;
          };
        }
        {
          ${trustPath} = {
            hideMounts = true;

            files = cfg.trust.files;
            directories = cfg.trust.directories;
          };
        }
      ];
    })
  ];
}