nix-config/modules/baremetal.nix

{ config, lib, pkgs, ... }:

{
  options.c3d2.baremetal = lib.mkEnableOption "baremetal";

  config = lib.mkIf config.c3d2.baremetal {
    boot.initrd.network = {
      enable = true;
      ssh = {
        enable = true;
        authorizedKeys = config.users.users.root.openssh.authorizedKeys.keys;
        hostKeys = [
          "/etc/ssh/initrd/ssh_host_ed25519_key"
          "/etc/ssh/initrd/ssh_host_rsa_key"
        ];
        port = 4748;
      };
      postCommands = ''
        cat <<EOF > /root/.profile
        cryptsetup-askpass
        EOF
      '';
    };

    environment.systemPackages = with pkgs; [
      lshw
      pciutils # lscpi
      smartmontools # for smartctl
    ];

    nix.settings.system-features = [
      "kvm" "big-parallel" "nixos-test" "benchmark"
    ];

    services = {
      # just assume there are ssd's everywhere
      fstrim.enable = true;
      smartd.enable = true;
    };
  };
}