- [ ] use the Nix module system instead of projectOnto for `cerulean.mkNexus`
- [ ] find an alternative to `nix.settings.trusted-users` probably
- [ ] add support for github:microvm-nix/microvm.nix
- [ ] add support for sops-nix

- [ ] create an alternative to nixos-install called cerulean-install that
      allows people to easily bootstrap new machines


- [ ] rename nixos-modules/ to nixos/


- [ ] add the ceru-build user
- [ ] ensure all machines are in groups.all by default