Impermanence and Persistence
cells/persist/ contains the persistence leaves for the security branch.
Up: cells
Down: system persistence | home persistence
What this subtree does
The system uses an impermanent root and explicitly persists only selected state. This makes state reviewable and reduces accidental long-term drift.
Why persistence belongs to security
Persistence decides what survives reboot. That is a security and operations question. SSH host keys, machine identity, logs, secrets, browser profiles, project directories, and keyrings should be persisted intentionally.
Pattern
environment.persistence."/persist" = {
hideMounts = true;
directories = [ "/var/log" "/var/lib/systemd" ];
files = [ "/etc/machine-id" ];
};