diff --git a/flake.lock b/flake.lock
index 2ab10ac..e3a940a 100644
--- a/flake.lock
+++ b/flake.lock
@@ -136,6 +136,21 @@
         "type": "github"
       }
     },
+    "impermanence": {
+      "locked": {
+        "lastModified": 1737831083,
+        "narHash": "sha256-LJggUHbpyeDvNagTUrdhe/pRVp4pnS6wVKALS782gRI=",
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "rev": "4b3e914cdf97a5b536a889e939fb2fd2b043a170",
+        "type": "github"
+      },
+      "original": {
+        "owner": "nix-community",
+        "repo": "impermanence",
+        "type": "github"
+      }
+    },
     "import-tree": {
       "locked": {
         "lastModified": 1751399845,
@@ -196,6 +211,7 @@
         "flake-parts": "flake-parts",
         "git-hooks": "git-hooks",
         "home-manager": "home-manager",
+        "impermanence": "impermanence",
         "import-tree": "import-tree",
         "make-shell": "make-shell",
         "nixpkgs": "nixpkgs",
diff --git a/flake.nix b/flake.nix
index e296268..ad30700 100644
--- a/flake.nix
+++ b/flake.nix
@@ -19,6 +19,8 @@
       url = "github:nix-community/disko";
       inputs.nixpkgs.follows = "nixpkgs";
     };
+    # impermanence provides a nice abstraction over linking files from /persist
+    impermanence.url = "github:nix-community/impermanence";
     # import-tree imports all nix files in a given directory.
     import-tree.url = "github:vic/import-tree";
     # files lets us write text files and automatically add checks for them
diff --git a/nix/modules/machine/root.nix b/nix/modules/machine/root/drive.nix
similarity index 100%
rename from nix/modules/machine/root.nix
rename to nix/modules/machine/root/drive.nix
diff --git a/nix/modules/machine/root/ephemeral.nix b/nix/modules/machine/root/ephemeral.nix
new file mode 100644
index 0000000..80a61f2
--- /dev/null
+++ b/nix/modules/machine/root/ephemeral.nix
@@ -0,0 +1,44 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+let
+  inherit (lib) mkMerge mkIf mkAfter;
+in
+{
+  flake.modules.nixos.default =
+    { hostName, ... }:
+    let
+      inherit (config.flake.manifest.hosts.nixos.${hostName}.machine) root;
+    in
+    {
+      imports = [ inputs.impermanence.nixosModules.impermanence ];
+      config = mkMerge [
+        # Ephemeral by default - assumes btrfs
+        (mkIf (root.ephemeral or true) {
+          boot.initrd.postDeviceCommands = mkAfter ''
+            mkdir /btrfs_tmp
+            mount /dev/root_vg/root /btrfs_tmp
+
+            if [[ -e /btrfs_tmp/root ]]; then
+              btrfs subvolume delete "/btrfs_tmp/root"
+            fi
+          '';
+          programs.fuse.userAllowOther = true;
+          fileSystems."/persist".neededForBoot = true;
+          environment.persistence."/persist" = {
+            hideMounts = true;
+            files = [
+              "/etc/ssh/ssh_host_ed25519_key"
+              "/etc/ssh/ssh_host_ed25519_key.pub"
+              "/etc/ssh/ssh_host_rsa_key"
+              "/etc/ssh/ssh_host_rsa_key.pub"
+              "/etc/machine-id"
+            ];
+          };
+        })
+      ];
+    };
+}