Impermanence & Persistence¶
The root filesystem is a volatile tmpfs, rebuilt clean on every boot via
nix-community/impermanence. Nothing outside the Nix
store and explicitly-declared persistence survives a reboot.
graph LR
BOOT["boot"] --> TMP["/ (tmpfs)<br/>wiped clean"]
PERSIST["/persist<br/>real disk"] -->|bind / symlink| TMP
REPO["/persist/.../.nix-config/dots"] -->|mkOutOfStoreSymlink| CFG["~/.config/*"]
EDIT["edit dotfile"] --> REPO
REPO -.live, no rebuild.-> CFGWhat persists¶
Persistence is declared per-user in
home/persist.nix under
home.persistence."/persist". Categories include:
| Category | Examples |
|---|---|
| Credentials | .ssh, .gnupg, .config/sops, .local/share/keyrings |
| Tooling | .cargo, .rustup, .npm, .local/share/go, .foundry, .solc-select |
| App state | .config/BraveSoftware, .config/VSCodium, .ollama, .claude, .var/app |
| Caches | .cache/pip, .cache/quickshell, .cache/nvidia |
| Home dirs | Documents, Pictures, Downloads, Projects, CodeRepo, AppImage |
| Memory tool | .config/memd, .local/state/memd |
| Single file | .claude.json (Claude Code state, lives outside ~/.claude) |
Out-of-store symlinks¶
User dotfiles are not copied into the Nix store. Instead,
home/persist.nix maps them with
config.lib.file.mkOutOfStoreSymlink from the repo checkout into ~/.config/:
xdg.configFile."hypr".source =
config.lib.file.mkOutOfStoreSymlink
"/persist${config.home.homeDirectory}/.nix-config/dots/hypr";
Why out-of-store
Edits to the tracked dotfiles take effect immediately — inotify hot-reload works across the
symlink — without a home-manager rebuild, while the files remain version-controlled. This is the
same philosophy applied to the agent tooling binaries in
home/scripts.nix.
The ~/volnix alias¶
home/persist.nix also creates a non-hidden symlink ~/volnix → /persist$HOME/.nix-config. The
Antigravity CLI rejects hidden paths as workspace folders, so the agent tether
delegates with ~/volnix as the working directory.
Secrets never live in dots/
dots/ is published in the public repo. Secrets belong only in nixos/secrets.yaml
(sops-encrypted) or under /persist (never git-tracked). See Secrets.