refactor: simplify host setup

2026-01-22 08:06:50 +01:00 · 2025-12-13 21:41:52 +01:00 · 2025-12-13 21:41:52 +01:00 · d1d4082d56
commit d1d4082d56
parent 15fb616845
27 changed files with 147 additions and 90 deletions
--- a/hosts/bootstrap/configuration.nix
+++ b/hosts/bootstrap/configuration.nix
@ -4,12 +4,6 @@
  inputs,
  ...
 }: {
-  # Minimal system without desktop or dev tools
-  fireproof.desktop.enable = false;
-  fireproof.dev.enable = false;
-  fireproof.work.enable = false;
-  fireproof.homelab.enable = false;
-
  # Use the nixos installation ISO as base
  imports = [
    "${inputs.nixpkgs}/nixos/modules/installer/cd-dvd/installation-cd-minimal.nix"
--- a/hosts/bootstrap/default.nix
+++ b/hosts/bootstrap/default.nix
@ -0,0 +1,9 @@
+{
+  config.fireproof.hostname = "bootstrap";
+  config.fireproof.username = "nickolaj";
+
+  imports = [
+    ./configuration.nix
+    ./disk-configuration.nix
+  ];
+}
--- a/hosts/default.nix
+++ b/hosts/default.nix
@ -1,21 +1,10 @@
 {
  inputs,
  withSystem,
-  lib,
  ...
-}:
-with lib; let
-  mkSystemImports = hostname: let
-    hostDirectory = ./. + ("/" + hostname);
-    nixFiles = filter (file: hasSuffix ".nix" file) (attrNames (builtins.readDir hostDirectory));
-    imports = map (file: ./. + ("/" + hostname + "/" + file)) nixFiles;
-  in {
-    inherit imports;
-  };
-
+}: let
  mkSystem = {
-    hostname,
-    username,
+    host,
    modules ? [],
    system ? "x86_64-linux",
  }:
@ -28,7 +17,7 @@ with lib; let
      in
        inputs.nixpkgs.lib.nixosSystem {
          inherit system;
-          specialArgs = {inherit inputs hostname username pkgsUnstable;};
+          specialArgs = {inherit inputs pkgsUnstable;};
          modules =
            [
              inputs.disko.nixosModules.disko
@ -46,37 +35,17 @@ with lib; let
              ../modules/programs
              ../modules/desktop
              ../modules/homelab
-              (mkSystemImports hostname)
-              {nixpkgs.config.allowUnfree = true;}
+              host
            ]
-            ++ modules
-            ++ (
-              lib.optional (builtins.pathExists ./${hostname}/facter.json)
-              {config.facter.reportPath = ./${hostname}/facter.json;}
-            );
+            ++ modules;
        }
    );
 in {
  config.flake.nixosConfigurations = {
-    laptop = mkSystem {
-      hostname = "laptop";
-      username = "nickolaj";
-    };
-    desktop = mkSystem {
-      hostname = "desktop";
-      username = "nickolaj";
-    };
-    work = mkSystem {
-      hostname = "work";
-      username = "nickolaj";
-    };
-    homelab = mkSystem {
-      hostname = "homelab";
-      username = "nickolaj";
-    };
-    bootstrap = mkSystem {
-      hostname = "bootstrap";
-      username = "nickolaj";
-    };
+    laptop = mkSystem {host = ./laptop;};
+    desktop = mkSystem {host = ./desktop;};
+    work = mkSystem {host = ./work;};
+    homelab = mkSystem {host = ./homelab;};
+    bootstrap = mkSystem {host = ./bootstrap;};
  };
 }
--- a/hosts/desktop/configuration.nix
+++ b/hosts/desktop/configuration.nix
@ -1,5 +0,0 @@
-{
-  fireproof.desktop.enable = true;
-  fireproof.work.enable = true;
-  fireproof.dev.enable = true;
-}
--- a/hosts/desktop/default.nix
+++ b/hosts/desktop/default.nix
@ -0,0 +1,22 @@
+{
+  config = {
+    fireproof = {
+      hostname = "desktop";
+      username = "nickolaj";
+      desktop.enable = true;
+      work.enable = true;
+      dev.enable = true;
+    };
+
+    facter.reportPath = ./facter.json;
+  };
+
+  imports = [
+    ./boot.nix
+    ./disk-configuration.nix
+    ./monitors.nix
+    ./networking.nix
+    ./nvidia.nix
+    ./ssh.nix
+  ];
+}
--- a/hosts/homelab/configuration.nix
+++ b/hosts/homelab/configuration.nix
@ -3,9 +3,6 @@
  lib,
  ...
 }: {
-  fireproof.dev.enable = true;
-  fireproof.homelab.enable = true;
-
  boot = {
    # Use grub as bootloader as it works better with mdadm
    loader.grub.enable = true;
--- a/hosts/homelab/default.nix
+++ b/hosts/homelab/default.nix
@ -0,0 +1,17 @@
+{
+  config = {
+    fireproof = {
+      hostname = "homelab";
+      username = "nickolaj";
+      dev.enable = true;
+      homelab.enable = true;
+    };
+    facter.reportPath = ./facter.json;
+  };
+
+  imports = [
+    ./configuration.nix
+    ./disks.nix
+    ./networking.nix
+  ];
+}
--- a/hosts/laptop/configuration.nix
+++ b/hosts/laptop/configuration.nix
@ -1,7 +1,4 @@
 {pkgs, ...}: {
-  fireproof.desktop.enable = true;
-  fireproof.work.enable = true;
-  fireproof.dev.enable = true;
  # Enable OpenGL
  hardware.graphics = {
    enable = true;
--- a/hosts/laptop/default.nix
+++ b/hosts/laptop/default.nix
@ -0,0 +1,19 @@
+{
+  config = {
+    fireproof = {
+      desktop.enable = true;
+      work.enable = true;
+      dev.enable = true;
+      hostname = "laptop";
+      username = "nickolaj";
+    };
+    facter.reportPath = ./facter.json;
+  };
+
+  imports = [
+    ./configuration.nix
+    ./disk-configuration.nix
+    ./monitors.nix
+    ./ssh.nix
+  ];
+}
--- a/hosts/work/configuration.nix
+++ b/hosts/work/configuration.nix
@ -1,5 +0,0 @@
-{
-  fireproof.desktop.enable = true;
-  fireproof.work.enable = true;
-  fireproof.dev.enable = true;
-}
--- a/hosts/work/default.nix
+++ b/hosts/work/default.nix
@ -0,0 +1,21 @@
+{
+  config = {
+    fireproof = {
+      hostname = "work";
+      username = "nickolaj";
+      desktop.enable = true;
+      work.enable = true;
+      dev.enable = true;
+    };
+    facter.reportPath = ./facter.json;
+  };
+
+  imports = [
+    ./bluetooth.nix
+    ./disk-configuration.nix
+    ./monitors.nix
+    ./networking.nix
+    ./nvidia.nix
+    ./ssh.nix
+  ];
+}
--- a/modules/base/default.nix
+++ b/modules/base/default.nix
@ -2,6 +2,7 @@ _: {
  options.fireproof.base = {};

  imports = [
+    ./fireproof.nix
    ./defaults.nix
    ./gc.nix
    ./home-manager.nix
--- a/modules/base/fireproof.nix
+++ b/modules/base/fireproof.nix
@ -0,0 +1,12 @@
+{lib, ...}: {
+  options.fireproof = {
+    hostname = lib.mkOption {
+      type = lib.types.str;
+      description = "The hostname of the machine";
+    };
+    username = lib.mkOption {
+      type = lib.types.str;
+      description = "The primary username for the machine";
+    };
+  };
+}
--- a/modules/base/home-manager.nix
+++ b/modules/base/home-manager.nix
@ -1,10 +1,12 @@
 {
  lib,
+  config,
  options,
-  username,
  ...
 }:
-with lib; {
+with lib; let
+  inherit (config.fireproof) username;
+in {
  options.fireproof = {
    home-manager = lib.mkOption {
      type = options.home-manager.users.type.nestedTypes.elemType;
--- a/modules/base/nix.nix
+++ b/modules/base/nix.nix
@ -1,9 +1,11 @@
-{username, ...}: {
+{config, ...}: {
+  nixpkgs.config.allowUnfree = true;
+
  nix.settings = {
    trusted-users = [
      "root"
      "@wheel"
-      username
+      config.fireproof.username
    ];

    experimental-features = "nix-command flakes";
--- a/modules/base/secrets.nix
+++ b/modules/base/secrets.nix
@ -1,4 +1,5 @@
-{hostname, ...}: let
+{config, ...}: let
+  inherit (config.fireproof) hostname;
  hostSecrets = ../../secrets/hosts + ("/" + hostname);
  publicKey = builtins.readFile (hostSecrets + "/id_ed25519.pub");
 in {
--- a/modules/desktop/dms/theme.nix
+++ b/modules/desktop/dms/theme.nix
@ -1,9 +1,10 @@
 {
  config,
  lib,
-  username,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.desktop.enable {
    fireproof.home-manager = {
      home.file.".config/DankMaterialShell/colors.json".text = builtins.toJSON {
--- a/modules/homelab/arr.nix
+++ b/modules/homelab/arr.nix
@ -1,10 +1,10 @@
 {
  config,
  lib,
-  username,
  ...
 }:
 lib.mkIf config.fireproof.homelab.enable (let
+  inherit (config.fireproof) username;
  user = "media";
  group = "media";

--- a/modules/homelab/prometheus.nix
+++ b/modules/homelab/prometheus.nix
@ -1,10 +1,10 @@
 {
  config,
-  hostname,
  lib,
  ...
 }:
 lib.mkIf config.fireproof.homelab.enable (let
+  inherit (config.fireproof) hostname;
  mkScrapeConfig = name: {
    job_name = name;
    static_configs = [
--- a/modules/programs/docker.nix
+++ b/modules/programs/docker.nix
@ -1,10 +1,12 @@
 # Enabled when: always
 {
-  username,
+  config,
  pkgs,
  lib,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  environment.systemPackages = [
    pkgs.docker
    pkgs.docker-compose
--- a/modules/programs/fish/default.nix
+++ b/modules/programs/fish/default.nix
@ -1,8 +1,10 @@
 {
-  username,
+  config,
  pkgs,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = {
    programs.fish.enable = true;
    users.users.${username}.shell = pkgs.fish;
--- a/modules/programs/k8s.nix
+++ b/modules/programs/k8s.nix
@ -3,9 +3,10 @@
  config,
  lib,
  pkgs,
-  username,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.dev.enable {
    environment.systemPackages = [
      pkgs.kubectl
--- a/modules/programs/llm.nix
+++ b/modules/programs/llm.nix
@ -1,10 +1,10 @@
 {
  pkgs,
  config,
-  username,
  pkgsUnstable,
  ...
 }: let
+  inherit (config.fireproof) username;
  llmConfig =
    if pkgs.stdenv.isDarwin
    then "Library/Application Support/io.datasette.llm"
--- a/modules/programs/spotify.nix
+++ b/modules/programs/spotify.nix
@ -2,10 +2,11 @@
 {
  config,
  lib,
-  username,
  pkgs,
  ...
-}: {
+}: let
+  inherit (config.fireproof) username;
+in {
  config = lib.mkIf config.fireproof.desktop.enable {
    environment.systemPackages = with pkgs; [
      spotify
--- a/modules/system/networking.nix
+++ b/modules/system/networking.nix
@ -1,5 +1,5 @@
-{hostname, ...}: {
+{config, ...}: {
  networking = {
-    hostName = hostname;
+    hostName = config.fireproof.hostname;
  };
 }
--- a/modules/system/ssh.nix
+++ b/modules/system/ssh.nix
@ -1,11 +1,11 @@
 {
  config,
  pkgs,
-  username,
-  hostname,
  lib,
  ...
 }: let
+  inherit (config.fireproof) username;
+  inherit (config.fireproof) hostname;
  # Load all public keys from ../../secrets/hosts/*/id_ed25519.pub
  allHosts = lib.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir ../../secrets/hosts));
  publicKeys = map (x: builtins.readFile (../../secrets/hosts + ("/" + x) + "/id_ed25519.pub")) allHosts;
--- a/modules/system/user.nix
+++ b/modules/system/user.nix
@ -1,8 +1,5 @@
-{
-  username,
-  config,
-  ...
-}: let
+{config, ...}: let
+  inherit (config.fireproof) username;
  inherit (config.age) secrets;
 in {
  config = {