{ lib, ... }:

let
  secrets = toString ./secrets;
in

{
  imports = [
    <nixpkgs/nixos/modules/virtualisation/qemu-vm.nix>
    ./configuration.nix
  ];

  virtualisation.memorySize = "4000"; # MB

  virtualisation.qemu.options = [
    # Use serial console to access the VM
    "-display none"
    "-serial mon:stdio"

    # Ensure secrets are accessible by the
    # activation scripts at runtime.
    "-virtfs local,path=${secrets},security_model=none,mount_tag=secrets"
  ];

  fileSystems = lib.mkVMOverride {
   "${secrets}" =
      { device = "secrets";
        fsType = "9p";
        options = [ "trans=virtio" "version=9p2000.L" ];
        neededForBoot = true;
      };
  };

}