{ modulesPath, lib, pkgs, sops, config, ... }@args: { imports = [ ./disk-config.nix ]; nix = { extraOptions = '' experimental-features = ca-derivations nix-command flakes ''; settings = { substituters = [ "https://cache.nixos.org" "https://cache.ngi0.nixos.org/" ]; trusted-public-keys = [ "cache.ngi0.nixos.org-1:KqH5CBLNSyX184S9BKZJo1LxrxJ9ltnY2uAs5c/f1MA=" ]; }; }; sops = { defaultSopsFile = ./secrets.yaml; age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; age.generateKey = false; secrets = { luks_passphrase = { }; kj_hashed_password = { neededForUsers = true; }; ssh_host_key_ed25519 = { }; ssh_host_key_rsa = { }; }; }; boot.loader.systemd-boot.enable = true; system.stateVersion = "25.05"; swapDevices = [ { device = "/swap/swapfile"; size = 32768; } ]; security.sudo.enable = true; users.mutableUsers = false; users.groups.kjtsanaktsidis = { }; users.users = { kjtsanaktsidis = { createHome = true; isNormalUser = true; description = "KJ Tsanaktsidis"; group = "kjtsanaktsidis"; extraGroups = [ "wheel" "networkmanager" ]; hashedPasswordFile = config.sops.secrets.kj_hashed_password.path; openssh.authorizedKeys.keys = [ "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAC/BtvW1c1RbBI8eeGo7oOH2y9byBaxWVDHsErgaE+s kjtsanaktsidis@KJMacbookGroq.local" ]; }; }; # Enable systemd-resolved for DNS services.resolved = { enable = true; llmnr = "true"; extraConfig = '' MulticastDNS=yes ''; }; networking.hostName = "kj-laptop01"; networking.nameservers = [ "127.0.0.53" ]; networking.networkmanager = { enable = true; dns = "systemd-resolved"; # Enable mDNS on NetworkManager connections connectionConfig = { "connection.mdns" = "2"; # 2 = yes (resolve & register) }; }; services.openssh = { enable = true; hostKeys = [ { type = "ed25519"; path = config.sops.secrets.ssh_host_key_ed25519.path; } { type = "rsa"; path = config.sops.secrets.ssh_host_key_rsa.path; } ]; }; environment.systemPackages = with pkgs; []; }