+ networking.extraHosts = builtins.concatStringsSep "\n"
+ (lib.mapAttrsToList (n: v: "${v.config.hostEnv.ips.main.ip4} ${n}") nodes);
+
+ users.extraUsers.root.openssh.authorizedKeys.keys = [ config.myEnv.sshd.rootKeys.nix_repository ];
+ secrets.deleteSecretsVars = true;
+ secrets.gpgKeys = [
+ ../../nixops/public_keys/Immae.pub
+ ];
+ secrets.secretsVars = "/run/keys/vars.yml";
+
+ services.openssh.enable = true;
+
+ nixpkgs.overlays = builtins.attrValues (import ../../overlays) ++ [
+ (self: super: {
+ postgresql = self.postgresql_pam;
+ mariadb = self.mariadb_pam;
+ }) # don’t put them as generic overlay because of home-manager
+ ];
+