{
  config,
  lib,
  username,
  ...
}:
{
  environment.persistence."/persistent" = {
    hideMounts = true;
    directories = [
      "/var/log"
      "/var/lib/systemd/coredump"
      "/var/lib/nixos"
      "/var/lib/systemd/timers"
    ];

    files = [
      "/etc/ssh/ssh_host_ed25519_key"
      "/etc/ssh/ssh_host_ed25519_key.pub"
      "/etc/ssh/ssh_host_rsa_key"
      "/etc/ssh/ssh_host_rsa_key.pub"
      "/etc/machine-id"
    ];
  };

  # Bind mount entire home directory from persistent storage
  # (impermanence doesn't support "." so we do this directly)
  fileSystems."/home/${username}" = {
    device = "/persistent/home/${username}";
    fsType = "none";
    options = [ "bind" ];
    neededForBoot = true;
  };

  systemd.tmpfiles.rules = [
    "d /etc 755 root"
  ];
}