{ repoFlake, pkgs, lib, config, nodeFlake, nodeName, localDomainName, system, ... }: let in { imports = [ # repoFlake.inputs.sops-nix.nixosModules.sops # ../../profiles/common/user.nix { nix.nixPath = [ "nixpkgs=${pkgs.path}" ]; nix.settings.experimental-features = [ "nix-command" "flakes" ]; nix.settings.max-jobs = lib.mkDefault "auto"; nix.settings.cores = lib.mkDefault 0; } { services.openssh.enable = true; services.openssh.settings.PermitRootLogin = "yes"; # users.commonUsers = { # enable = true; # enableNonRoot = false; # rootPasswordFile = config.sops.secrets.passwords-root.path; # }; users.users.root.password = "voodoo"; # sops.defaultSopsFile = ../../../../secrets/${nodeName}/secrets.yaml; # sops.defaultSopsFormat = "yaml"; # sops.secrets.passwords-root.neededForUsers = true; } ]; networking = { hostName = nodeName; useNetworkd = false; useDHCP = true; firewall.enable = false; }; system.stateVersion = "23.11"; # We exclude a number of modules included in the default list. A non-insignificant amount do # not apply to embedded hardware like this, so simply skip the defaults. # # Custom kernel is required as a lot of MTK components misbehave when built as modules. # They fail to load properly, leaving the system without working ethernet, they'll oops on # remove. MTK-DSA parts and PCIe were observed to do this. # boot.initrd.includeDefaultModules = false; # boot.initrd.kernelModules = ["rfkill" "cfg80211" "mt7915e"]; # boot.initrd.availableKernelModules = ["nvme"]; hardware.enableRedistributableFirmware = false; # Extlinux compatible with custom uboot patches in this repo, which also provide unique # MAC addresses instead of the non-unique one that gets used by a lot of MTK devices... boot.loader.grub.enable = true; environment.systemPackages = [ # pkgs.pciutils ]; fileSystems."/".label = "voodoo_root"; boot.loader.grub.devices = [ "/dev/disk/by-id/usb-ST313640_A_20171021-0" ]; }