{ inputs, config, lib, pkgs, outputs,... }: let sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path; secretsDirectory = builtins.toString inputs.nix-secrets; secretsFile = "${secretsDirectory}/secrets.yaml"; in { imports = [ # Disk configuration inputs.disko.nixosModules.disko (import ../common/disks/std-disk-config.nix { device = "/dev/vda"; }) ../common/optional/btrfs-impermanence.nix inputs.impermanence.nixosModules.impermanence # Create users for this host ../common/users/media # Import core options ./hardware-configuration.nix ../common/core # Import optional options ../common/optional/openssh.nix ]; nixpkgs = { overlays = [ outputs.overlays.additions outputs.overlays.modifications outputs.overlays.unstable-packages ]; config = { allowUnfree = true; }; }; fileSystems."/persist".neededForBoot = true; environment.persistence."/persist" = { hideMounts = true; directories = [ "/etc/nixos" "/var/log" "/var/lib/nixos" "/var/lib/systemd/coredump" "/etc/NetworkManager/system-connections" ]; files = [ "/etc/ssh/ssh_host_ed25519_key" "/etc/ssh/ssh_host_ed25519_key.pub" ]; }; users = { mutableUsers = true; extraUsers = { root = { hashedPasswordFile = sopsHashedPasswordFile; }; }; }; boot = { loader = { systemd-boot.enable = true; efi.canTouchEfiVariables = true; timeout = 3; }; }; networking = { hostName = "sparky"; networkmanager.enable = true; enableIPv6 = false; }; services = { qemuGuest.enable = true; }; services.libinput.enable = true; services.displayManager.defaultSession = "cinnamon"; services.xserver = { enable = true; displayManager.lightdm.enable = true; desktopManager = { cinnamon.enable = true; }; }; nix.settings.experimental-features = [ "nix-command" "flakes" ]; system.stateVersion = "23.11"; }