Modularise config. Add sops-nix for secrets management.

hosts/muskduck.nix

@@ -0,0 +1,46 @@
+{
+  config,
+  lib,
+  modulesPath,
+  ...
+}:
+
+{
+  imports = [
+    (modulesPath + "/installer/scan/not-detected.nix")
+  ];
+
+  boot.initrd.availableKernelModules = [
+    "xhci_pci"
+    "nvme"
+    "usb_storage"
+    "sd_mod"
+  ];
+  boot.initrd.kernelModules = [ ];
+  boot.kernelModules = [ "kvm-intel" ];
+  boot.extraModulePackages = [ ];
+
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/63d79656-aa5b-466a-b369-be5eac3f51ab";
+    fsType = "ext4";
+  };
+
+  boot.initrd.luks.devices."luks-93fa00bc-777f-4359-bad5-880c29faca0d".device =
+    "/dev/disk/by-uuid/93fa00bc-777f-4359-bad5-880c29faca0d";
+
+  fileSystems."/boot" = {
+    device = "/dev/disk/by-uuid/EBD7-3E1C";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+
+  networking.useDHCP = lib.mkDefault true;
+
+  nixpkgs.hostPlatform = lib.mkDefault "x86_64-linux";
+  hardware.cpu.intel.updateMicrocode = lib.mkDefault config.hardware.enableRedistributableFirmware;
+}

hosts/vm-docker.nix

@@ -0,0 +1,15 @@
+{
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/cac60222-9b38-4938-8b17-5fddd67e8e26";
+    fsType = "ext4";
+  };
+
+  fileSystems."/home/docker/volumes" = {
+    device = "/dev/disk/by-uuid/95461a94-ad91-43b9-b502-2b5d4496b84e";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/025beadb-a89b-4abe-8d0c-b55401316319"; }
+  ];
+}

hosts/vm-minecraft.nix

@@ -0,0 +1,15 @@
+{
+  fileSystems."/" = {
+    device = "/dev/disk/by-uuid/cbd70e61-fcdc-4b1f-af03-d3da8a2866ea";
+    fsType = "ext4";
+  };
+
+  fileSystems."/home/docker/volumes" = {
+    device = "/dev/disk/by-uuid/3730e48a-8784-4c49-8692-473c9b4bc8c3";
+    fsType = "ext4";
+  };
+
+  swapDevices = [
+    { device = "/dev/disk/by-uuid/3123f58e-63a9-44fa-ac29-3e79dc520b8f"; }
+  ];
+}