nixos-config/hosts/naos/default.nix

{ lib, config, ... }: {
  nixpkgs.hostPlatform = "x86_64-linux";
  hardware.enableRedistributableFirmware = true;
  boot.initrd.availableKernelModules = [
    "ata_piix"
    "usb_storage"
    "usbhid"
    "sd_mod"
  ];

  age.secrets.naos_userasdf_password = {
    rekeyFile = ./secrets/password.age;
    owner = "userasdf";
    group = "users";
    mode = "0400";
  };
  
  n.host = {
    hardware.cpu = "intel";
    bootloader = "sysdboot";

    hostId = "553fb274";
    users."userasdf" = lib.mkUser config.age.secrets.naos_userasdf_password.path true;
    defaultUser = "userasdf";
    types = [ "server" ];
  };

  imports = [
    (lib.fs.zfs "/nix" "rpool/nix" null)
    (lib.fs.luks "cryptroot"
      "/dev/disk/by-partuuid/ed673238-50b1-4ebf-b6fc-4a25568917c6"
      { allowDiscards = true; # Used if primary device is a SSD
        preLVM = true; })

    (lib.fs.tmpfs "/" "none" [ "mode=755" "size=30%" ])
    (lib.fs.vfat "/boot" "/dev/disk/by-uuid/CDA1-7D4A" null)
  ];
}