feat: implement 'Erase Your Darlings' (Impermanence) root wipe

- Add @persist subvolume to BTRFS layout
- Implement automatic root-blank snapshotting during installation
- Add initrd rollback script to wipe root on every boot
- Configure persistence for core system state (NM, Bluetooth, SSH, NixOS config)

installer/disko-btrfs-luks.nix

@@ -34,6 +34,10 @@
                       mountpoint = "/";
                       mountOptions = [ "compress=zstd" "noatime" ];
                     };
+                    "@persist" = {
+                      mountpoint = "/persist";
+                      mountOptions = [ "compress=zstd" "noatime" ];
+                    };
                     "@home" = {
                       mountpoint = "/home";
                       mountOptions = [ "compress=zstd" "noatime" ];
@@ -47,6 +51,12 @@
                       mountOptions = [ "compress=zstd" "noatime" ];
                     };
                   };
+                  postCreateHook = ''
+                    MNTPOINT=$(mktemp -d)
+                    mount -t btrfs /dev/mapper/crypted $MNTPOINT
+                    btrfs subvolume snapshot -r $MNTPOINT/@ $MNTPOINT/root-blank
+                    umount $MNTPOINT
+                  '';
                 };
               };
             };

modules/system/impermanence.nix

@@ -47,8 +47,11 @@ in
         "/var/log"
         "/var/lib/nixos"
         "/var/lib/systemd/coredump"
+        "/var/lib/systemd/timesync"
         "/var/lib/bluetooth"
         "/etc/NetworkManager/system-connections"
+        "/etc/nixos"
+        "/etc/ssh"
       ];
       files = [
         "/etc/machine-id"