nixos-configs/machines/blocktech/configuration.nix

{
  self,
  pkgs,
  lib,
  inputs,
  config,
  ...
}: {
  options = {
    pim.cosmic.enable = lib.mkEnableOption "cosmic";
  };

  config = {
    pim = {
      lanzaboote.enable = false;
      tidal.enable = false;
      gnome.enable = true;
      stylix.enable = true;
      wireguard.enable = true;
      sops-nix.usersWithSopsKeys = ["pkunis"];
    };

    users.users.pkunis = {
      isNormalUser = true;
      extraGroups = ["wheel" "docker" "input" "wireshark" "dialout"];
    };

    deployment = {
      allowLocalDeployment = true;
      targetHost = null;
      tags = ["desktop"];
    };

    facter.reportPath = ./facter.json;
    home-manager.users.pkunis.imports = [./pkunis.home.nix];
    nix.settings.trusted-users = ["pkunis"];
    system.stateVersion = "23.05";
    sops.defaultSopsFile = "${self}/secrets/blocktech/nixos.yaml";

    environment.systemPackages = with pkgs; [
      borgbackup
      kubectl
      nmap
      poppler_utils # For pdfunite
      silicon
      units
    ];

    virtualisation = {
      libvirtd.enable = true;

      docker = {
        enable = true;

        rootless = {
          enable = true;
          setSocketVariable = true;
        };
      };
    };

    swapDevices = [
      {device = "/dev/disk/by-uuid/949815d4-cfc4-4cf3-bbbe-22516f91119c";}
    ];

    fileSystems."/" = {
      device = "/dev/disk/by-uuid/06710546-327b-402a-b221-8d88b75301d2";
      fsType = "ext4";
    };
    fileSystems."/boot" = {
      device = "/dev/disk/by-uuid/E547-7E6C";
      fsType = "vfat";
      options = ["fmask=0077" "dmask=0077"];
    };

    boot = {
      initrd.luks.devices."luks-4cc1ad7c-a794-4c54-adc8-c9f666c9b781".device = "/dev/disk/by-uuid/4cc1ad7c-a794-4c54-adc8-c9f666c9b781";
      initrd.luks.devices."luks-161f5109-c2d7-4307-91f6-27c655d6ab3e".device = "/dev/disk/by-uuid/161f5109-c2d7-4307-91f6-27c655d6ab3e";

      loader.systemd-boot.enable = true;
      loader.efi.canTouchEfiVariables = true;
    };

    nix.settings = {
      substituters = ["https://cosmic.cachix.org/"];
      trusted-public-keys = ["cosmic.cachix.org-1:Dya9IyXD4xdBehWjrkPv6rtxpmMdRel02smYzA85dPE="];
    };

    specialisation.cosmic = lib.mkIf config.pim.cosmic.enable {
      configuration = {
        imports = [
          inputs.nixos-cosmic.nixosModules.default
        ];

        services = {
          desktopManager.cosmic.enable = true;
          displayManager.cosmic-greeter.enable = true;
        };
      };
    };
  };
}