lnbits-sensei/configuration.nix

# lnbits-sensei — NixOS entry point.
#
# Thin by design. All real config lives in modules/. This file imports
# the module set and wires per-host settings (hostname, timezone) from
# the shared `settings` attrset.
{
  config,
  pkgs,
  lib,
  settings,
  ...
}:

{
  imports = [
    # Ships as a placeholder (unbootable values) so `nix flake check`
    # evaluates cleanly. Overwrite with `nixos-generate-config` output
    # before the first real `nixos-rebuild switch`.
    ./hardware-configuration.nix

    # Shared helpers (config.lnbits-sensei.lib).
    ./modules/lib.nix

    # Option schema (lnbits-sensei.*).
    ./modules/core.nix

    # sops-nix wiring. Inert until secrets/<hostName>.yaml exists.
    ./modules/secrets.nix

    # Git remote topology — upstream / fork / extras.
    ./modules/git/remotes.nix

    # Dev environment (worktree mgmt, regtest stack, dev CLI, tmux).
    ./modules/dev-env
  ];

  # --- Per-host settings ---

  lnbits-sensei = {
    enable = true;
    user = settings.user;
    hostName = settings.hostName;
  };

  networking.hostName = settings.hostName;
  time.timeZone = settings.timeZone;

  # Primary user. Group declared explicitly per NixOS warning about
  # implicit `nogroup` defaults. Consumer extends extraGroups as needed.
  users.users.${settings.user} = {
    isNormalUser = true;
    group = settings.user;
    extraGroups = [ "wheel" ];
  };
  users.groups.${settings.user} = { };

  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
  ];

  # Pin the state version that matches the nixpkgs input. Bump
  # deliberately after reviewing release notes — never auto.
  system.stateVersion = "24.11";
}