feat: Impermanence (system)

I had to disable initrd's systemd stuff.  I just /couldn't/ get a rollback
service working; believe me, not for a lack of effort!  I've been working on
this on-and-off for a month or two now.

hosts/nixos-testbed/configuration.nix

@@ -17,7 +17,7 @@
     ];
 
     impermanence = {
-      enable = false;
+      enable = true;
       directories = [
         # "Warning: Neither /var/lib/nixos nor any of its parents are persisted.
         # This means all users/groups without specified uids/gids will have them
@@ -28,25 +28,15 @@
         # just think it's annoying to edit ~/.ssh/known_hosts all the time.
         "/etc/ssh"
       ];
-      device = "placeholderrrr";
-      archiveLimit = 3;
+      rollback = {
+        enable = true;
+        device = "/dev/sda2";
+        subvolume = "rootfs";
+      };
     };
-
-    # niri.enable = true;
   };
 
   boot = {
-    initrd = {
-      enable = true;
-      systemd.enable = true;
-
-      # systemd.initrdBin = with pkgs; [
-      #   zfs
-      #   coreutils
-      #   babashka
-      # ];
-    };
-
     loader = {
       systemd-boot.enable = true;
       efi.canTouchEfiVariables = false;
@@ -60,28 +50,6 @@
     mountPoint = "/persist/dots";
   };
 
-  # HACK: This is here temporarily so I can use `/persist` without
-  # Impermanence.  This can be removed once impermanence is enabled.
-  # Create a group called `cfg.persistGroupName`
-  users.groups.persist = {
-    name = "persist";
-  };
-
-  # HACK: This is here temporarily so I can use `/persist` without
-  # Impermanence.  This can be removed once impermanence is enabled.
-  systemd.tmpfiles.settings = {
-    "10-persist" = {
-      # Permit members of `cfg.persistGroupName` to read, write, and execute
-      # /persist.
-      "/persist" = {
-        z = {
-          group = "persist";
-          mode = "2775";
-        };
-      };
-    };
-  };
-
   # networking.hostName = "nixos-testbed";
   networking.hostId = "238e9b1e"; # head -c 8 /etc/machine-id