{ pkgs, lib, secret, ... }: let inherit (lib) singleton concatStringsSep; in { environment.systemPackages = with pkgs; [ sshfs ]; services.hashicorp.vault-agent = { settings.template = singleton { source = pkgs.writeText "kodi-samba.cred.vtmpl" ''{{ with secret "kv/data/homelab-1/blowhole/kodi_samba.cred" }}{{ .Data.data.cred }}{{ end }}''; destination = "/run/secrets/kodi_samba.cred"; }; }; fileSystems = { "/boot" = { device = "/dev/disk/by-uuid/738acc32-3e2e-4986-987c-40264153d5bf"; fsType = "ext4"; }; "/" = { device = "blowhole-zpool/local/root"; fsType = "zfs"; }; "/nix" = { device = "blowhole-zpool/local/nix"; fsType = "zfs"; }; "/var/nfs" = { device = "/dev/disk/by-uuid/e06f6d2c-e434-4eec-b00d-b13c1ecc96f0"; fsType = "btrfs"; options = [ "subvol=/nfs" "noatime" ]; }; "/mnt/cctv" = { device = "camera@${secret.network.ips.woodchip or ""}:/"; fsType = "fuse.sshfs"; noCheck = true; options = [ "_netdev" "noauto" "x-systemd.automount" "IdentityFile=/run/secrets/id_ed_camera" "StrictHostKeyChecking=no" "allow_other" "reconnect" "Port=2522" "nofail" ]; }; "/old-root" = { device = "/dev/disk/by-uuid/e06f6d2c-e434-4eec-b00d-b13c1ecc96f0"; fsType = "btrfs"; options = [ "subvol=/arch" "noatime" ]; }; "/var/lib/nomad" = { device = "blowhole-zpool/persist/nomad"; fsType = "zfs"; }; "/var/secrets" = { device = "blowhole-zpool/persist/secrets"; fsType = "zfs"; }; "/var/lib/consul" = { device = "/old-root/var/lib/consul"; options = singleton "bind"; }; "/var/lib/vault" = { device = "/old-root/var/lib/vault"; options = singleton "bind"; }; } // secret.mounts.blowhole or {}; }