FYI, this line
nix.settings.trusted-users = [ "unifi" ];
essentially gives the user root access, so it’s not exactly a rootless setup anymore. From the nix manual:
Adding a user to
trusted-usersis essentially equivalent to giving that user root access to the system. For example, the user can access or replace store path contents that are critical for system security.
That said, this shouldn’t really be needed for the user to use home-manager, I’m not sure why you had to add it…