diff --git a/template/system/configuration.nix b/template/system/configuration.nix
index 479f18a..e936e69 100644
--- a/template/system/configuration.nix
+++ b/template/system/configuration.nix
@@ -1,49 +1 @@
-{
-  pkgs,
-  lib,
-  ...
-}: {
-  networking.hostName = "example";
-  networking.firewall.enable = true;
-  networking.firewall.allowPing = false;
-
-  environment.systemPackages = with pkgs; [
-    git
-  ];
-
-  nix.settings = {
-    experimental-features = lib.mkDefault "nix-command flakes";
-    auto-optimise-store = true;
-    trusted-users = ["root" "@wheel"];
-  };
-
-  security.sudo = {
-    enable = true;
-    execWheelOnly = true;
-    wheelNeedsPassword = false; # So we don't have to set a password for our user
-  };
-
-  users = {
-    mutableUsers = false; # Disallow creation of new users and groups
-
-    users."admin" = {
-      isNormalUser = true;
-      extraGroups = ["wheel"];
-    };
-  };
-
-  time.timeZone = "Europe/Vienna";
-
-  i18n.defaultLocale = "en_US.UTF-8";
-  i18n.extraLocaleSettings = {
-    LC_ADDRESS = "de_AT.UTF-8";
-    LC_IDENTIFICATION = "de_AT.UTF-8";
-    LC_MEASUREMENT = "de_AT.UTF-8";
-    LC_MONETARY = "de_AT.UTF-8";
-    LC_NAME = "de_AT.UTF-8";
-    LC_NUMERIC = "de_AT.UTF-8";
-    LC_PAPER = "de_AT.UTF-8";
-    LC_TELEPHONE = "de_AT.UTF-8";
-    LC_TIME = "de_AT.UTF-8";
-  };
-}
+{...}: throw "Overwrite configuration.nix with: nixos-generate-config --force --no-filesystem --root /mnt --dir ./system"
diff --git a/template/system/custom/default.nix b/template/system/custom/default.nix
new file mode 100644
index 0000000..479f18a
--- /dev/null
+++ b/template/system/custom/default.nix
@@ -0,0 +1,49 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  networking.hostName = "example";
+  networking.firewall.enable = true;
+  networking.firewall.allowPing = false;
+
+  environment.systemPackages = with pkgs; [
+    git
+  ];
+
+  nix.settings = {
+    experimental-features = lib.mkDefault "nix-command flakes";
+    auto-optimise-store = true;
+    trusted-users = ["root" "@wheel"];
+  };
+
+  security.sudo = {
+    enable = true;
+    execWheelOnly = true;
+    wheelNeedsPassword = false; # So we don't have to set a password for our user
+  };
+
+  users = {
+    mutableUsers = false; # Disallow creation of new users and groups
+
+    users."admin" = {
+      isNormalUser = true;
+      extraGroups = ["wheel"];
+    };
+  };
+
+  time.timeZone = "Europe/Vienna";
+
+  i18n.defaultLocale = "en_US.UTF-8";
+  i18n.extraLocaleSettings = {
+    LC_ADDRESS = "de_AT.UTF-8";
+    LC_IDENTIFICATION = "de_AT.UTF-8";
+    LC_MEASUREMENT = "de_AT.UTF-8";
+    LC_MONETARY = "de_AT.UTF-8";
+    LC_NAME = "de_AT.UTF-8";
+    LC_NUMERIC = "de_AT.UTF-8";
+    LC_PAPER = "de_AT.UTF-8";
+    LC_TELEPHONE = "de_AT.UTF-8";
+    LC_TIME = "de_AT.UTF-8";
+  };
+}
diff --git a/template/system/default.nix b/template/system/default.nix
index 87afea0..ef1ceb2 100644
--- a/template/system/default.nix
+++ b/template/system/default.nix
@@ -1,6 +1,11 @@
 {...}: {
   imports = [
+    # Core system
     (import ./disko.nix {})
     ./impermanence.nix
+    ./configuration.nix
+
+    # Your custom configuration
+    ./custom
   ];
 }
diff --git a/template/system/impermanence.nix b/template/system/impermanence.nix
index 6462967..eb28acd 100644
--- a/template/system/impermanence.nix
+++ b/template/system/impermanence.nix
@@ -1 +1,56 @@
-{...}: {}
+{lib, ...}: {
+  boot.initrd.postDeviceCommands = lib.mkAfter ''
+    mkdir /btrfs_tmp
+    mount /dev/mapper/crypted /btrfs_tmp
+    if [[ -e /btrfs_tmp/root ]]; then
+        mkdir -p /btrfs_tmp/old_roots
+        timestamp=$(date --date="@$(stat -c %Y /btrfs_tmp/root)" "+%Y-%m-%-d_%H:%M:%S")
+        mv /btrfs_tmp/root "/btrfs_tmp/old_roots/$timestamp"
+    fi
+
+    delete_subvolume_recursively() {
+        IFS=$'\n'
+        for i in $(btrfs subvolume list -o "$1" | cut -f 9- -d ' '); do
+            delete_subvolume_recursively "/btrfs_tmp/$i"
+        done
+        btrfs subvolume delete "$1"
+    }
+
+    for i in $(find /btrfs_tmp/old_roots/ -maxdepth 1 -mtime +30); do
+        delete_subvolume_recursively "$i"
+    done
+
+    btrfs subvolume create /btrfs_tmp/root
+    umount /btrfs_tmp
+  '';
+
+  fileSystems."/persist".neededForBoot = true;
+  environment.persistence."/persist" = {
+    hideMounts = true;
+    directories = [
+      {
+        directory = "/etc/nixos";
+        user = "admin";
+        mode = "u=rwx,g=rx,o=rx";
+      }
+      "/var/log"
+      "/var/lib/bluetooth"
+      "/var/lib/nixos"
+      "/var/lib/systemd/coredump"
+      "/etc/NetworkManager/system-connections"
+    ];
+    files = [
+      "/etc/machine-id"
+      {
+        file = "/var/keys/secret_file";
+        parentDirectory = {mode = "u=rwx,g=,o=";};
+      }
+    ];
+
+    users."admin" = {
+      directories = [
+        "this-will-persist"
+      ];
+    };
+  };
+}