Use the repo as flake for private dots

nixcfgs/modules/nixos/core/packages.nix

@@ -6,10 +6,8 @@
     curl
     git
     tmux
-    nix-index
     file
     unzip
     zip
-    pkg-config
   ];
 }

nixcfgs/modules/nixos/hardware/nvidia/nvidia-enable.nix

@@ -2,7 +2,7 @@
   hardware.nvidia = {
     modesetting.enable = true;
     powerManagement.enable = true;
-    open = false;
+    open = true;
     nvidiaSettings = true;
     package = config.boot.kernelPackages.nvidiaPackages.stable;
     # powerManagement.finegrained = true;

nixcfgs/modules/nixos/server.nix

@@ -0,0 +1,58 @@
+{
+  lib,
+  config,
+  pkgs,
+  ...
+}:
+with lib; let
+  cfg = config.my.host;
+in {
+  options.my.host = {
+    role = mkOption {
+      type = types.enum ["server" "desktop" "laptop"];
+      default = "server";
+      description = "The role of this machine, affects default packages and services.";
+    };
+
+    tailscale = {
+      # Syntax sugar: mkOption type=bool
+      enable = mkEnableOption "Tailscale VPN service";
+
+      ip = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Tailscale VPN IP address.";
+      };
+    };
+
+    public = {
+      ipv4 = mkOption {
+        type = types.nullOr types.str;
+        default = null;
+        description = "Public IPv4 address.";
+      };
+    };
+
+    sshKey = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Host ED25519 public key.";
+    };
+  };
+
+  config = mkMerge [
+    {
+      time.timeZone = "Etc/UTC";
+
+      services.qemuGuest.enable = true;
+
+      nix.settings.trusted-users = ["root" "@wheel"];
+    }
+
+    (mkIf cfg.tailscale.enable {
+      services.tailscale.enable = true;
+
+      networking.firewall.allowedUDPPorts = [config.services.tailscale.port];
+    })
+  ];
+}