✨ Finish sops-nix configuration, update README and more

modules/nixos/archetypes/workstation/default.nix

@@ -14,6 +14,11 @@ in {
   };
 
   config = mkIf cfg.enable {
+    environment.sessionVariables = {
+      MOZ_ENABLE_WAYLAND = "1"; # Firefox native Wayland support
+      NIXOS_OZONE_WL = "1"; # Native Wayland in Chromium and Electron based applications
+    };
+
     ${namespace} = {
       # Basic system functionality
       system = {

modules/nixos/system/nix/default.nix

@@ -38,6 +38,8 @@ in {
       package = mkIf cfg.use-lix pkgs.lix; # Enable LIX
     };
 
+    nixpkgs.config.allowUnfree = true;
+
     # Dynamic libraries for unpackaged programs
     programs.nix-ld = mkIf cfg.use-nixld {
       enable = true;

modules/nixos/users/default.nix

@@ -21,6 +21,7 @@
       isSystemUser = self.lib.mkBool false "Whether this user is considered a system user.";
       initialPassword = self.lib.mkOpt (types.nullOr types.str) null "Plaintext insecure initial user password, only recommended for testing.";
       password = self.lib.mkOpt (types.nullOr types.str) null "Plaintext insecure user password, only recommended for testing.";
+      hashedPasswordFile = self.lib.mkOpt (types.nullOr types.str) null "Secure, hashed user password stored in a separate file, recommended for production.";
       extraGroups = self.lib.mkOpt (types.listOf types.str) [] "List of additional groups this user belongs to.";
     };
   };
@@ -48,6 +49,7 @@ in {
     users.users = lib.mapAttrs (username: userConfig:
       mkIf userConfig.enable {
         name = username;
+        hashedPasswordFile = userConfig.hashedPasswordFile;
         inherit (userConfig) isNormalUser isSystemUser initialPassword password extraGroups;
       })
     cfg;