nixos-config/modules/nixos-system.nix

{inputs, ...}: let
	local = import ./_lib/local.nix;
	userHome = "/home/${local.user.name}";
in {
	den.aspects.nixos-system.nixos = {pkgs, ...}: {
		imports = [inputs.home-manager.nixosModules.home-manager];

		security.sudo.enable = true;
		security.sudo.extraRules = [
			{
				users = [local.user.name];
				commands = [
					{
						command = "/run/current-system/sw/bin/nix-env";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/bin/switch-to-configuration";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/bin/activate";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/bin/activate-rs";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/activate-rs";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/bin/wait-activate";
						options = ["NOPASSWD"];
					}
					{
						command = "/nix/store/*/wait-activate";
						options = ["NOPASSWD"];
					}
					{
						command = "/run/current-system/sw/bin/rm /tmp/deploy-rs-canary-*";
						options = ["NOPASSWD"];
					}
				];
			}
		];

		time.timeZone = "UTC";

		nix = {
			settings.trusted-users = [local.user.name];
			gc.dates = "weekly";
			nixPath = ["nixos-config=${userHome}/.local/share/src/nixos-config:/etc/nixos"];
		};

		boot = {
			loader = {
				systemd-boot = {
					enable = true;
					configurationLimit = 42;
				};
				efi.canTouchEfiVariables = true;
			};
			initrd.availableKernelModules = [
				"xhci_pci"
				"ahci"
				"nvme"
				"usbhid"
				"usb_storage"
				"sd_mod"
			];
			kernelPackages = pkgs.linuxPackages;
		};

		users.users = {
			${local.user.name} = {
				isNormalUser = true;
				home = userHome;
				extraGroups = [
					"wheel"
					"sudo"
					"network"
					"systemd-journal"
				];
				shell = pkgs.nushell;
				openssh.authorizedKeys.keys = [
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfRZQ+7ejD3YHbyMTrV0gN1Gc0DxtGgl5CVZSupo5ws"
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/I+/2QT47raegzMIyhwMEPKarJP/+Ox9ewA4ZFJwk/"
				];
			};
			root = {
				openssh.authorizedKeys.keys = [
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIHfRZQ+7ejD3YHbyMTrV0gN1Gc0DxtGgl5CVZSupo5ws"
					"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIL/I+/2QT47raegzMIyhwMEPKarJP/+Ox9ewA4ZFJwk/"
				];
			};
		};
	};
}