{
  config,
  lib,
  ...
}:
with lib; let
  cfg = config.local.boot.impermanence;
in {
  options.local.boot.impermanence = {
    enable = mkEnableOption "root fs impermanence";

    #TODO: type correcto de files, directories?

    directories = mkOption {
      type = with lib.types; listOf (either str attrs);
      default = [];
    };

    files = mkOption {
      type = with lib.types; listOf (either str attrs);
      default = [];
    };
  };

  config = mkMerge [
    {
      local.boot.impermanence = {
        directories = [
          "/etc/lvm"
          "/var/lib/lastlog"
          "/var/lib/nixos"
          "/var/lib/systemd"
          "/var/log"
        ];

        files =
          [
            "/etc/machine-id"
            "/var/lib/logrotate.status"
          ]
          ++ optionals config.users.mutableUsers [
            "/etc/group"
            "/etc/passwd"
            "/etc/shadow"
            "/etc/subuid"
            "/etc/subgid"
          ];
      };
    }
    (mkIf cfg.enable {
      assertions = [
        {
          assertion = (config.fileSystems ? "/persist") && config.fileSystems."/persist".neededForBoot;
          message = "Impermanence requires /persist to be a neededForBoot mountpoint";
        }
      ];

      environment.persistence."/persist" = {
        hideMounts = true;

        files = cfg.files;
        directories = cfg.directories;
      };
    })
  ];
}