{ nixpkgs, inputs, outputs, ... }: { mkSystem = { hostConfig, hosts }: nixpkgs.lib.nixosSystem { system = "x86_64-linux"; specialArgs = { inherit inputs outputs hostConfig hosts ; }; modules = [ inputs.impermanence.nixosModules.impermanence inputs.sops-nix.nixosModules.sops ./systems/base/configuration.nix ( { ... }: { sops.defaultSopsFile = ./secrets + "/${hostConfig.hostname}.yaml"; sops.age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ]; # Disable automatic pgp key generation based on ssh keys sops.gnupg.sshKeyPaths = [ ]; networking.hostName = hostConfig.hostname; system.stateVersion = hostConfig.stateVersion; } ) ({ ... }: hostConfig.config) ] ++ builtins.map (role: role.nixosModule) hostConfig.roles; }; mkRole = cfg: { inherit (cfg) name description nixosModule; traefikRoutes = cfg.traefikRoutes or ({ ... }: [ ]); }; }