refactor: simplify host setup

2026-01-22 08:06:50 +01:00 · 2025-12-13 21:41:52 +01:00 · 2025-12-13 21:41:52 +01:00 · d1d4082d56
commit d1d4082d56
parent 15fb616845
27 changed files with 147 additions and 90 deletions
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -2,6 +2,7 @@ _: {
  options.fireproof.base = {};

  imports = [
+    ./fireproof.nix
    ./defaults.nix
    ./gc.nix
    ./home-manager.nix
--- a/modules/base/fireproof.nix
+++ b/modules/base/fireproof.nix
@ -0,0 +1,12 @@
+{lib, ...}: {
+  options.fireproof = {
+    hostname = lib.mkOption {
+      type = lib.types.str;
+      description = "The hostname of the machine";
+    };
+    username = lib.mkOption {
+      type = lib.types.str;
+      description = "The primary username for the machine";
+    };
+  };
+}
--- a/modules/base/home-manager.nix
+++ b/modules/base/home-manager.nix
@ -1,10 +1,12 @@
 {
  lib,
+  config,
  options,
-  username,
  ...
 }:
-with lib; {
+with lib; let
+  inherit (config.fireproof) username;
+in {
  options.fireproof = {
    home-manager = lib.mkOption {
      type = options.home-manager.users.type.nestedTypes.elemType;
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@ -1,9 +1,11 @@
-{username, ...}: {
+{config, ...}: {
+  nixpkgs.config.allowUnfree = true;
+
  nix.settings = {
    trusted-users = [
      "root"
      "@wheel"
-      username
+      config.fireproof.username
    ];

    experimental-features = "nix-command flakes";
--- a/modules/base/secrets.nix
+++ b/modules/base/secrets.nix
@ -1,4 +1,5 @@
-{hostname, ...}: let
+{config, ...}: let
+  inherit (config.fireproof) hostname;
  hostSecrets = ../../secrets/hosts + ("/" + hostname);
  publicKey = builtins.readFile (hostSecrets + "/id_ed25519.pub");
 in {
--- a/modules/desktop/dms/theme.nix
+++ b/modules/desktop/dms/theme.nix
@ -1,9 +1,10 @@
 {
  config,
  lib,
-  username,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.desktop.enable {
    fireproof.home-manager = {
      home.file.".config/DankMaterialShell/colors.json".text = builtins.toJSON {
--- a/modules/homelab/arr.nix
+++ b/modules/homelab/arr.nix
@ -1,10 +1,10 @@
 {
  config,
  lib,
-  username,
  ...
 }:
 lib.mkIf config.fireproof.homelab.enable (let
+  inherit (config.fireproof) username;
  user = "media";
  group = "media";

--- a/modules/homelab/prometheus.nix
+++ b/modules/homelab/prometheus.nix
@ -1,10 +1,10 @@
 {
  config,
-  hostname,
  lib,
  ...
 }:
 lib.mkIf config.fireproof.homelab.enable (let
+  inherit (config.fireproof) hostname;
  mkScrapeConfig = name: {
    job_name = name;
    static_configs = [
--- a/modules/programs/docker.nix
+++ b/modules/programs/docker.nix
@ -1,10 +1,12 @@
 # Enabled when: always
 {
-  username,
+  config,
  pkgs,
  lib,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  environment.systemPackages = [
    pkgs.docker
    pkgs.docker-compose
--- a/modules/programs/fish/default.nix
+++ b/modules/programs/fish/default.nix
@ -1,8 +1,10 @@
 {
-  username,
+  config,
  pkgs,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = {
    programs.fish.enable = true;
    users.users.${username}.shell = pkgs.fish;
--- a/modules/programs/k8s.nix
+++ b/modules/programs/k8s.nix
@ -3,9 +3,10 @@
  config,
  lib,
  pkgs,
-  username,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.dev.enable {
    environment.systemPackages = [
      pkgs.kubectl
--- a/modules/programs/llm.nix
+++ b/modules/programs/llm.nix
@ -1,10 +1,10 @@
 {
  pkgs,
  config,
-  username,
  pkgsUnstable,
  ...
 }: let
+  inherit (config.fireproof) username;
  llmConfig =
    if pkgs.stdenv.isDarwin
    then "Library/Application Support/io.datasette.llm"
--- a/modules/programs/spotify.nix
+++ b/modules/programs/spotify.nix
@ -2,10 +2,11 @@
 {
  config,
  lib,
-  username,
  pkgs,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.desktop.enable {
    environment.systemPackages = with pkgs; [
      spotify
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@ -1,5 +1,5 @@
-{hostname, ...}: {
+{config, ...}: {
  networking = {
-    hostName = hostname;
+    hostName = config.fireproof.hostname;
  };
 }
--- a/modules/system/ssh.nix
+++ b/modules/system/ssh.nix
@ -1,11 +1,11 @@
 {
  config,
  pkgs,
-  username,
-  hostname,
  lib,
  ...
 }: let
+  inherit (config.fireproof) username;
+  inherit (config.fireproof) hostname;
  # Load all public keys from ../../secrets/hosts/*/id_ed25519.pub
  allHosts = lib.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ../../secrets/hosts));
  publicKeys = map (x: builtins.readFile (../../secrets/hosts + ("/" + x) + "/id_ed25519.pub")) allHosts;
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@ -1,8 +1,5 @@
-{
-  username,
-  config,
-  ...
-}: let
+{config, ...}: let
+  inherit (config.fireproof) username;
  inherit (config.age) secrets;
 in {
  config = {