docker only persist volumes

rollRootfs chattr +C

modules/system/fileSystems/default.nix

@@ -241,6 +241,7 @@ inputs:
             {
               grep = "${inputs.pkgs.gnugrep}/bin/grep";
               awk = "${inputs.pkgs.gawk}/bin/awk";
+              chattr = "${inputs.pkgs.e2fsprogs}/bin/chattr";
             };
             services.roll-rootfs =
             {
@@ -260,6 +261,7 @@ inputs:
                   btrfs property set -ts /mnt${path}/$timestamp-$subvolid ro true
                 fi
                 btrfs subvolume create /mnt${path}/current
+                chattr +C /mnt${path}/current
                 echo $(date '+%Y%m%d%H%M%S') > /mnt${path}/current/.timestamp
                 umount /mnt
               '';

modules/system/impermanence.nix

@@ -28,6 +28,7 @@ inputs:
             "/var/log"
             "/var/spool"
             "/var/backup"
+            { directory = "/var/lib/docker/volumes"; mode = "0710"; }
           ];
           files =
           [
@@ -41,7 +42,12 @@ inputs:
         "${impermanence.root}" =
         {
           hideMounts = true;
-          directories = [ "/var/lib/systemd/linger" "/var/lib/systemd/coredump" ]
+          directories =
+          [
+            "/var/lib/systemd/linger"
+            "/var/lib/systemd/coredump"
+            { directory = "/var/lib/docker"; mode = "0710"; }
+          ]
           ++ (if inputs.config.services.xserver.displayManager.sddm.enable then
             [{ directory = "/var/lib/sddm"; user = "sddm"; group = "sddm"; mode = "0700"; }] else []);
         }