{ self, pkgs, lib, ... }: let sops = lib.getExe pkgs.sops; in { config = { pim = { lanzaboote.enable = true; tidal.enable = true; gnome.enable = true; stylix.enable = true; wireguard.enable = true; compliance.enable = true; }; users.users.pim = { isNormalUser = true; extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"]; }; deployment = { allowLocalDeployment = true; targetHost = null; tags = ["desktop"]; keys = { # TODO: Create macro for this root-sops-age-key = { keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/nixos.sops.yaml"]; name = "keys.txt"; destDir = "/root/.config/sops/age"; }; pim-sops-age-key = { keyCommand = ["sudo" sops "--extract" "[\"sops_age_key\"]" "-d" "${self}/machines/sue/home.sops.yaml"]; name = "keys.txt"; destDir = "/home/pim/.config/sops/age"; user = "pim"; group = "users"; }; }; }; services.tailscale.enable = true; facter.reportPath = ./facter.json; home-manager.users.pim.imports = [./pim.home.nix]; networking.hostName = "sue"; nix.settings.trusted-users = ["pim"]; sops = { age.keyFile = "/root/.config/sops/age/keys.txt"; defaultSopsFile = ./nixos.sops.yaml; }; environment.systemPackages = with pkgs; [ borgbackup kubectl nmap poppler_utils # For pdfunite silicon units ]; virtualisation.docker = { enable = true; rootless = { enable = true; setSocketVariable = true; }; }; swapDevices = [{device = "/dev/disk/by-uuid/96a43c35-0174-4e92-81f0-168a5f601f0b";}]; fileSystems = { "/" = { device = "/dev/disk/by-uuid/31638735-5cc4-4013-8037-17e30edcbb0a"; fsType = "ext4"; }; "/boot" = { device = "/dev/disk/by-uuid/560E-F8A2"; fsType = "vfat"; options = ["fmask=0022" "dmask=0022"]; }; }; nix.settings = { substituters = ["https://cosmic.cachix.org/"]; trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="]; }; boot.initrd.luks.devices."luks-8ffd3129-4908-4209-98c4-4eb68a35c494".device = "/dev/disk/by-uuid/8ffd3129-4908-4209-98c4-4eb68a35c494"; # specialisation.cosmic.configuration = { # imports = [ # inputs.nixos-cosmic.nixosModules.default # ]; # services = { # desktopManager.cosmic.enable = true; # displayManager.cosmic-greeter.enable = true; # }; # }; }; }