From d1d4082d56dd56f2d4e390db267aa841e74ea9bf Mon Sep 17 00:00:00 2001 From: Nickolaj Jepsen Date: Sat, 13 Dec 2025 21:41:52 +0100 Subject: [PATCH] refactor: simplify host setup --- hosts/bootstrap/configuration.nix | 6 ---- hosts/bootstrap/default.nix | 9 ++++++ hosts/default.nix | 51 ++++++------------------------- hosts/desktop/configuration.nix | 5 --- hosts/desktop/default.nix | 22 +++++++++++++ hosts/homelab/configuration.nix | 3 -- hosts/homelab/default.nix | 17 +++++++++++ hosts/laptop/configuration.nix | 3 -- hosts/laptop/default.nix | 19 ++++++++++++ hosts/work/configuration.nix | 5 --- hosts/work/default.nix | 21 +++++++++++++ modules/base/default.nix | 1 + modules/base/fireproof.nix | 12 ++++++++ modules/base/home-manager.nix | 6 ++-- modules/base/nix.nix | 6 ++-- modules/base/secrets.nix | 3 +- modules/desktop/dms/theme.nix | 5 +-- modules/homelab/arr.nix | 2 +- modules/homelab/prometheus.nix | 2 +- modules/programs/docker.nix | 6 ++-- modules/programs/fish/default.nix | 6 ++-- modules/programs/k8s.nix | 5 +-- modules/programs/llm.nix | 2 +- modules/programs/spotify.nix | 5 +-- modules/system/networking.nix | 4 +-- modules/system/ssh.nix | 4 +-- modules/system/user.nix | 7 ++--- 27 files changed, 147 insertions(+), 90 deletions(-) create mode 100644 hosts/bootstrap/default.nix delete mode 100644 hosts/desktop/configuration.nix create mode 100644 hosts/desktop/default.nix create mode 100644 hosts/homelab/default.nix create mode 100644 hosts/laptop/default.nix delete mode 100644 hosts/work/configuration.nix create mode 100644 hosts/work/default.nix create mode 100644 modules/base/fireproof.nix diff --git a/hosts/bootstrap/configuration.nix b/hosts/bootstrap/configuration.nix index b5b39a5..41dad75 100644 --- a/hosts/bootstrap/configuration.nix +++ b/hosts/bootstrap/configuration.nix @@ -4,12 +4,6 @@ inputs, ... }: { - # Minimal system without desktop or dev tools - fireproof.desktop.enable = false; - fireproof.dev.enable = false; - fireproof.work.enable = false; - fireproof.homelab.enable = false; - # Use the nixos installation ISO as base imports = [ "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix" diff --git a/hosts/bootstrap/default.nix b/hosts/bootstrap/default.nix new file mode 100644 index 0000000..8c81b6c --- /dev/null +++ b/hosts/bootstrap/default.nix @@ -0,0 +1,9 @@ +{ + config.fireproof.hostname = "bootstrap"; + config.fireproof.username = "nickolaj"; + + imports = [ + ./configuration.nix + ./disk-configuration.nix + ]; +} diff --git a/hosts/default.nix b/hosts/default.nix index 22e1e58..7267ca7 100644 --- a/hosts/default.nix +++ b/hosts/default.nix @@ -1,21 +1,10 @@ { inputs, withSystem, - lib, ... -}: -with lib; let - mkSystemImports = hostname: let - hostDirectory = ./. + ("/" + hostname); - nixFiles = filter (file: hasSuffix ".nix" file) (attrNames (builtins.readDir hostDirectory)); - imports = map (file: ./. + ("/" + hostname + "/" + file)) nixFiles; - in { - inherit imports; - }; - +}: let mkSystem = { - hostname, - username, + host, modules ? [], system ? "x86_64-linux", }: @@ -28,7 +17,7 @@ with lib; let in inputs.nixpkgs.lib.nixosSystem { inherit system; - specialArgs = {inherit inputs hostname username pkgsUnstable;}; + specialArgs = {inherit inputs pkgsUnstable;}; modules = [ inputs.disko.nixosModules.disko @@ -46,37 +35,17 @@ with lib; let ../modules/programs ../modules/desktop ../modules/homelab - (mkSystemImports hostname) - {nixpkgs.config.allowUnfree = true;} + host ] - ++ modules - ++ ( - lib.optional (builtins.pathExists ./${hostname}/facter.json) - {config.facter.reportPath = ./${hostname}/facter.json;} - ); + ++ modules; } ); in { config.flake.nixosConfigurations = { - laptop = mkSystem { - hostname = "laptop"; - username = "nickolaj"; - }; - desktop = mkSystem { - hostname = "desktop"; - username = "nickolaj"; - }; - work = mkSystem { - hostname = "work"; - username = "nickolaj"; - }; - homelab = mkSystem { - hostname = "homelab"; - username = "nickolaj"; - }; - bootstrap = mkSystem { - hostname = "bootstrap"; - username = "nickolaj"; - }; + laptop = mkSystem {host = ./laptop;}; + desktop = mkSystem {host = ./desktop;}; + work = mkSystem {host = ./work;}; + homelab = mkSystem {host = ./homelab;}; + bootstrap = mkSystem {host = ./bootstrap;}; }; } diff --git a/hosts/desktop/configuration.nix b/hosts/desktop/configuration.nix deleted file mode 100644 index 03bcbaf..0000000 --- a/hosts/desktop/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - fireproof.desktop.enable = true; - fireproof.work.enable = true; - fireproof.dev.enable = true; -} diff --git a/hosts/desktop/default.nix b/hosts/desktop/default.nix new file mode 100644 index 0000000..a6f86c4 --- /dev/null +++ b/hosts/desktop/default.nix @@ -0,0 +1,22 @@ +{ + config = { + fireproof = { + hostname = "desktop"; + username = "nickolaj"; + desktop.enable = true; + work.enable = true; + dev.enable = true; + }; + + facter.reportPath = ./facter.json; + }; + + imports = [ + ./boot.nix + ./disk-configuration.nix + ./monitors.nix + ./networking.nix + ./nvidia.nix + ./ssh.nix + ]; +} diff --git a/hosts/homelab/configuration.nix b/hosts/homelab/configuration.nix index 8ff34bb..591a6df 100644 --- a/hosts/homelab/configuration.nix +++ b/hosts/homelab/configuration.nix @@ -3,9 +3,6 @@ lib, ... }: { - fireproof.dev.enable = true; - fireproof.homelab.enable = true; - boot = { # Use grub as bootloader as it works better with mdadm loader.grub.enable = true; diff --git a/hosts/homelab/default.nix b/hosts/homelab/default.nix new file mode 100644 index 0000000..875aa23 --- /dev/null +++ b/hosts/homelab/default.nix @@ -0,0 +1,17 @@ +{ + config = { + fireproof = { + hostname = "homelab"; + username = "nickolaj"; + dev.enable = true; + homelab.enable = true; + }; + facter.reportPath = ./facter.json; + }; + + imports = [ + ./configuration.nix + ./disks.nix + ./networking.nix + ]; +} diff --git a/hosts/laptop/configuration.nix b/hosts/laptop/configuration.nix index e996338..f8e8cd1 100644 --- a/hosts/laptop/configuration.nix +++ b/hosts/laptop/configuration.nix @@ -1,7 +1,4 @@ {pkgs, ...}: { - fireproof.desktop.enable = true; - fireproof.work.enable = true; - fireproof.dev.enable = true; # Enable OpenGL hardware.graphics = { enable = true; diff --git a/hosts/laptop/default.nix b/hosts/laptop/default.nix new file mode 100644 index 0000000..462c9a2 --- /dev/null +++ b/hosts/laptop/default.nix @@ -0,0 +1,19 @@ +{ + config = { + fireproof = { + desktop.enable = true; + work.enable = true; + dev.enable = true; + hostname = "laptop"; + username = "nickolaj"; + }; + facter.reportPath = ./facter.json; + }; + + imports = [ + ./configuration.nix + ./disk-configuration.nix + ./monitors.nix + ./ssh.nix + ]; +} diff --git a/hosts/work/configuration.nix b/hosts/work/configuration.nix deleted file mode 100644 index 03bcbaf..0000000 --- a/hosts/work/configuration.nix +++ /dev/null @@ -1,5 +0,0 @@ -{ - fireproof.desktop.enable = true; - fireproof.work.enable = true; - fireproof.dev.enable = true; -} diff --git a/hosts/work/default.nix b/hosts/work/default.nix new file mode 100644 index 0000000..102b810 --- /dev/null +++ b/hosts/work/default.nix @@ -0,0 +1,21 @@ +{ + config = { + fireproof = { + hostname = "work"; + username = "nickolaj"; + desktop.enable = true; + work.enable = true; + dev.enable = true; + }; + facter.reportPath = ./facter.json; + }; + + imports = [ + ./bluetooth.nix + ./disk-configuration.nix + ./monitors.nix + ./networking.nix + ./nvidia.nix + ./ssh.nix + ]; +} diff --git a/modules/base/default.nix b/modules/base/default.nix index 7450d0f..2dd40bf 100644 --- a/modules/base/default.nix +++ b/modules/base/default.nix @@ -2,6 +2,7 @@ _: { options.fireproof.base = {}; imports = [ + ./fireproof.nix ./defaults.nix ./gc.nix ./home-manager.nix diff --git a/modules/base/fireproof.nix b/modules/base/fireproof.nix new file mode 100644 index 0000000..51ff69e --- /dev/null +++ b/modules/base/fireproof.nix @@ -0,0 +1,12 @@ +{lib, ...}: { + options.fireproof = { + hostname = lib.mkOption { + type = lib.types.str; + description = "The hostname of the machine"; + }; + username = lib.mkOption { + type = lib.types.str; + description = "The primary username for the machine"; + }; + }; +} diff --git a/modules/base/home-manager.nix b/modules/base/home-manager.nix index ed8d76c..9deb3ad 100644 --- a/modules/base/home-manager.nix +++ b/modules/base/home-manager.nix @@ -1,10 +1,12 @@ { lib, + config, options, - username, ... }: -with lib; { +with lib; let + inherit (config.fireproof) username; +in { options.fireproof = { home-manager = lib.mkOption { type = options.home-manager.users.type.nestedTypes.elemType; diff --git a/modules/base/nix.nix b/modules/base/nix.nix index 4dae960..ca37517 100644 --- a/modules/base/nix.nix +++ b/modules/base/nix.nix @@ -1,9 +1,11 @@ -{username, ...}: { +{config, ...}: { + nixpkgs.config.allowUnfree = true; + nix.settings = { trusted-users = [ "root" "@wheel" - username + config.fireproof.username ]; experimental-features = "nix-command flakes"; diff --git a/modules/base/secrets.nix b/modules/base/secrets.nix index beb7171..a53e0b7 100644 --- a/modules/base/secrets.nix +++ b/modules/base/secrets.nix @@ -1,4 +1,5 @@ -{hostname, ...}: let +{config, ...}: let + inherit (config.fireproof) hostname; hostSecrets = ../../secrets/hosts + ("/" + hostname); publicKey = builtins.readFile (hostSecrets + "/id_ed25519.pub"); in { diff --git a/modules/desktop/dms/theme.nix b/modules/desktop/dms/theme.nix index e4805ef..f53d439 100644 --- a/modules/desktop/dms/theme.nix +++ b/modules/desktop/dms/theme.nix @@ -1,9 +1,10 @@ { config, lib, - username, ... -}: { +}: let + inherit (config.fireproof) username; +in { config = lib.mkIf config.fireproof.desktop.enable { fireproof.home-manager = { home.file.".config/DankMaterialShell/colors.json".text = builtins.toJSON { diff --git a/modules/homelab/arr.nix b/modules/homelab/arr.nix index 80d64eb..7baad72 100644 --- a/modules/homelab/arr.nix +++ b/modules/homelab/arr.nix @@ -1,10 +1,10 @@ { config, lib, - username, ... }: lib.mkIf config.fireproof.homelab.enable (let + inherit (config.fireproof) username; user = "media"; group = "media"; diff --git a/modules/homelab/prometheus.nix b/modules/homelab/prometheus.nix index 7e3617a..dda45c7 100644 --- a/modules/homelab/prometheus.nix +++ b/modules/homelab/prometheus.nix @@ -1,10 +1,10 @@ { config, - hostname, lib, ... }: lib.mkIf config.fireproof.homelab.enable (let + inherit (config.fireproof) hostname; mkScrapeConfig = name: { job_name = name; static_configs = [ diff --git a/modules/programs/docker.nix b/modules/programs/docker.nix index 6d2df2e..8e906bb 100644 --- a/modules/programs/docker.nix +++ b/modules/programs/docker.nix @@ -1,10 +1,12 @@ # Enabled when: always { - username, + config, pkgs, lib, ... -}: { +}: let + inherit (config.fireproof) username; +in { environment.systemPackages = [ pkgs.docker pkgs.docker-compose diff --git a/modules/programs/fish/default.nix b/modules/programs/fish/default.nix index 75f1c62..1d2db26 100644 --- a/modules/programs/fish/default.nix +++ b/modules/programs/fish/default.nix @@ -1,8 +1,10 @@ { - username, + config, pkgs, ... -}: { +}: let + inherit (config.fireproof) username; +in { config = { programs.fish.enable = true; users.users.${username}.shell = pkgs.fish; diff --git a/modules/programs/k8s.nix b/modules/programs/k8s.nix index 120b3bb..0bbd8f3 100644 --- a/modules/programs/k8s.nix +++ b/modules/programs/k8s.nix @@ -3,9 +3,10 @@ config, lib, pkgs, - username, ... -}: { +}: let + inherit (config.fireproof) username; +in { config = lib.mkIf config.fireproof.dev.enable { environment.systemPackages = [ pkgs.kubectl diff --git a/modules/programs/llm.nix b/modules/programs/llm.nix index 5628315..2b6addb 100644 --- a/modules/programs/llm.nix +++ b/modules/programs/llm.nix @@ -1,10 +1,10 @@ { pkgs, config, - username, pkgsUnstable, ... }: let + inherit (config.fireproof) username; llmConfig = if pkgs.stdenv.isDarwin then "Library/Application Support/io.datasette.llm" diff --git a/modules/programs/spotify.nix b/modules/programs/spotify.nix index f8bd46c..a18e89d 100644 --- a/modules/programs/spotify.nix +++ b/modules/programs/spotify.nix @@ -2,10 +2,11 @@ { config, lib, - username, pkgs, ... -}: { +}: let + inherit (config.fireproof) username; +in { config = lib.mkIf config.fireproof.desktop.enable { environment.systemPackages = with pkgs; [ spotify diff --git a/modules/system/networking.nix b/modules/system/networking.nix index f4a0323..3ff4c70 100644 --- a/modules/system/networking.nix +++ b/modules/system/networking.nix @@ -1,5 +1,5 @@ -{hostname, ...}: { +{config, ...}: { networking = { - hostName = hostname; + hostName = config.fireproof.hostname; }; } diff --git a/modules/system/ssh.nix b/modules/system/ssh.nix index 78c0837..ab83071 100644 --- a/modules/system/ssh.nix +++ b/modules/system/ssh.nix @@ -1,11 +1,11 @@ { config, pkgs, - username, - hostname, lib, ... }: let + inherit (config.fireproof) username; + inherit (config.fireproof) hostname; # Load all public keys from ../../secrets/hosts/*/id_ed25519.pub allHosts = lib.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ../../secrets/hosts)); publicKeys = map (x: builtins.readFile (../../secrets/hosts + ("/" + x) + "/id_ed25519.pub")) allHosts; diff --git a/modules/system/user.nix b/modules/system/user.nix index 7ab4840..c9a8a9a 100644 --- a/modules/system/user.nix +++ b/modules/system/user.nix @@ -1,8 +1,5 @@ -{ - username, - config, - ... -}: let +{config, ...}: let + inherit (config.fireproof) username; inherit (config.age) secrets; in { config = {