{ lib, ... }:

let
  secrets = toString ./secrets;
in

{
  imports = [
    <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
    ./configuration.nix
  ];

  # Ensure secrets are accessible by the
  # activation scripts at runtime.
  virtualisation.qemu.options = [
    "-virtfs local,path=${secrets},security_model=none,mount_tag=secrets"
  ];
  fileSystems = lib.mkVMOverride {
   "${secrets}" =
      { device = "secrets";
        fsType = "9p";
        options = [ "trans=virtio" "version=9p2000.L" ];
        neededForBoot = true;
      };
  };

}