add argiletum

systems/argiletum/configuration.nix

@@ -0,0 +1,25 @@
+{ lib, ... }:
+{
+  time.timeZone = "America/New_York";
+
+  networking = {
+    hostId = "5f8a1c2e";
+    firewall = {
+      enable = true;
+      allowedTCPPorts = [ 80 ];
+    };
+    useNetworkd = true;
+  };
+
+  # Raspberry Pi 4 uses U-Boot / extlinux, not systemd-boot
+  boot.useSystemdBoot = lib.mkForce false;
+
+  sops = {
+    defaultSopsFile = ./secrets.yaml;
+    age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
+  };
+
+  services.tang.enable = true;
+
+  system.stateVersion = "25.11";
+}

systems/argiletum/default.nix

@@ -0,0 +1,11 @@
+{ inputs, ... }:
+{
+  system = "aarch64-linux";
+  server = true;
+  home = false;
+  sops = true;
+  users = [ "alice" ];
+  modules = [
+    inputs.nixos-hardware.nixosModules.raspberry-pi-4
+  ];
+}

systems/argiletum/hardware.nix

@@ -0,0 +1,21 @@
+# TODO: replace with the output of:
+#   sudo nixos-generate-config --show-hardware-config
+# run on the Pi after initial boot into the NixOS installer.
+{ ... }:
+{
+  fileSystems."/" = {
+    device = "/dev/disk/by-label/nixos";
+    fsType = "ext4";
+  };
+
+  fileSystems."/boot/firmware" = {
+    device = "/dev/disk/by-label/NIXOS_BOOT";
+    fsType = "vfat";
+    options = [
+      "fmask=0077"
+      "dmask=0077"
+    ];
+  };
+
+  swapDevices = [ ];
+}