{ flake, flakeInputs, path, hostName, config, lib, pkgs, customUtils, ... }: let profileSet = customUtils.types.attrNameSet flake.nixosModules.systemProfiles; userProfileSet = customUtils.types.attrNameSet (lib.zipAttrs (lib.attrValues flake.nixosModules.userProfiles)); hasSops = config.sops.secrets != {}; in { imports = with flakeInputs; [ sops-nix.nixosModules.sops home-manager.nixosModules.home-manager ]; options = { # See mkSystemProfile in ../flake.nix system.profiles = lib.mkOption { type = profileSet; default = []; description = '' Set (list without duplicates) of ‘systemProfiles’ enabled for this host ''; }; users.users = lib.mkOption { type = lib.types.attrsOf (lib.types.submodule { options.profiles = lib.mkOption { type = userProfileSet; default = []; description = '' Set (list without duplicates) of ‘userProfiles’ enabled for this user ''; }; }); }; }; config = { networking.hostName = hostName; system.configurationRevision = lib.mkIf (flake ? rev) flake.rev; nixpkgs.pkgs = import flake.legacyPackages.${config.nixpkgs.system}.path { inherit (config.nixpkgs) system config; overlays = lib.attrValues flake.overlays; }; nix = { package = pkgs.nixUnstable; useSandbox = true; allowedUsers = [ "@wheel" ]; trustedUsers = [ "root" "@wheel" ]; extraOptions = '' experimental-features = nix-command flakes ca-references ''; nixPath = [ "nixpkgs=${flakeInputs.nixpkgs.legacyPackages.${config.nixpkgs.system}.path}" "nixpkgs-overlays=${flake.overlays-path.${config.nixpkgs.system}}" ]; registry = { nixpkgs.flake = flakeInputs.nixpkgs; home-manager.flake = flakeInputs.home-manager; sops-nix.flake = flakeInputs.sops-nix; nixos.flake = flake; }; }; users.mutableUsers = false; # documentation.nixos.includeAllModules = true; # incompatible with home-manager (build fails) home-manager = { useGlobalPkgs = true; # Otherwise home-manager would only work impurely useUserPackages = true; }; sops.gnupgHome = lib.mkIf hasSops "/root/.gnupg"; environment.systemPackages = [ pkgs.git ] ++ lib.optional hasSops pkgs.gnupg; }; }