diff --git a/flake.nix b/flake.nix index 4d0e3dd..fccbfbc 100644 --- a/flake.nix +++ b/flake.nix @@ -71,17 +71,16 @@ nixosConfigurations = { matej-nixos = mkHost "matej-nixos" { system = "x86_64-linux"; - users = [ "matej" ]; + user = "matej"; }; matej-tower = mkHost "matej-tower" { system = "x86_64-linux"; - users = [ "matej" ]; + user = "matej"; }; # nixos-rebuild build-image --image-variant install-iso --flake .#live-iso live-iso = mkHost "live-iso" { system = "x86_64-linux"; - users = [ ]; }; }; @@ -94,6 +93,11 @@ inherit my-lib; inherit (nixpkgs) lib; } { }; + + nixosProfiles = import ./profiles { + inherit my-lib; + inherit (nixpkgs) lib; + } { }; } // flake-utils.lib.eachDefaultSystem ( system: diff --git a/hosts/live-iso/configuration.nix b/hosts/live-iso/configuration.nix index d001828..8ce29b5 100644 --- a/hosts/live-iso/configuration.nix +++ b/hosts/live-iso/configuration.nix @@ -2,16 +2,10 @@ pkgs, lib, inputs, + userKeys, ... }: -let - keys = import ../../users/matej/keys.nix; -in { - imports = [ - inputs.self.nixosModules.openssh - ]; - openssh.enable = true; image.modules.iso-installer = { @@ -41,7 +35,7 @@ in "wheel" "users" ]; - openssh.authorizedKeys.keys = keys.sshAuthorizedKeys; + openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys or [ ]; }; }; diff --git a/hosts/matej-nixos/configuration.nix b/hosts/matej-nixos/configuration.nix index d76f89a..196775b 100644 --- a/hosts/matej-nixos/configuration.nix +++ b/hosts/matej-nixos/configuration.nix @@ -4,6 +4,7 @@ pkgs, inputs, options, + userKeys, ... }: @@ -15,31 +16,14 @@ in imports = [ inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series inputs.stylix.nixosModules.stylix - inputs.self.nixosModules.yubikey - inputs.self.nixosModules.sway - inputs.self.nixosModules.openssh - inputs.self.nixosModules.desktop - inputs.self.nixosModules.printing - inputs.self.nixosModules.zsh - inputs.self.nixosModules.gnupg - inputs.self.nixosModules.tuigreet - inputs.self.nixosModules.workstation - inputs.self.nixosModules.localisation ]; - yubikey.enable = true; - openssh.enable = true; - desktop.enable = true; - printing.enable = true; - zsh.enable = true; - gnupg.enable = true; - workstation.enable = true; - tuigreet = { - enable = true; - command = "sway"; - }; + profiles.desktop.enable = true; - sway.enable = true; + localisation = { + timeZone = "Europe/Ljubljana"; + defaultLocale = "en_US.UTF-8"; + }; stylix = { enable = true; @@ -51,12 +35,6 @@ in boot.loader.systemd-boot.enable = true; boot.loader.efi.canTouchEfiVariables = true; - localisation = { - enable = true; - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; - }; - # WARN:(@janezicmatej) nix-ld for running pip-installed binaries outside nix, probably want to drop this programs.nix-ld.enable = true; programs.nix-ld.libraries = options.programs.nix-ld.libraries.default; diff --git a/hosts/matej-tower/configuration.nix b/hosts/matej-tower/configuration.nix index 10c4b66..39b20b2 100644 --- a/hosts/matej-tower/configuration.nix +++ b/hosts/matej-tower/configuration.nix @@ -4,44 +4,27 @@ pkgs, inputs, options, + userKeys, ... }: { - networking.hostName = "matej-tower"; imports = [ inputs.stylix.nixosModules.stylix inputs.lanzaboote.nixosModules.lanzaboote - - inputs.self.nixosModules.yubikey - inputs.self.nixosModules.sway - inputs.self.nixosModules.openssh - inputs.self.nixosModules.desktop - inputs.self.nixosModules.printing - inputs.self.nixosModules.zsh - inputs.self.nixosModules.gnupg - inputs.self.nixosModules.tuigreet - inputs.self.nixosModules.workstation - inputs.self.nixosModules.initrd-ssh - inputs.self.nixosModules.localisation ]; - yubikey.enable = true; - openssh.enable = true; - desktop.enable = true; - printing.enable = true; - zsh.enable = true; - gnupg.enable = true; - workstation.enable = true; - tuigreet = { - enable = true; - command = "sway"; - }; - sway.enable = true; + profiles.desktop.enable = true; initrd-ssh = { enable = true; networkModule = "r8169"; + authorizedKeys = userKeys.sshAuthorizedKeys; + }; + + localisation = { + timeZone = "Europe/Ljubljana"; + defaultLocale = "en_US.UTF-8"; }; stylix = { @@ -60,12 +43,6 @@ pkiBundle = "/var/lib/sbctl"; }; - localisation = { - enable = true; - timeZone = "Europe/Ljubljana"; - defaultLocale = "en_US.UTF-8"; - }; - services.udisks2.enable = true; programs._1password.enable = true; @@ -83,6 +60,8 @@ easyeffects ]; + networking.hostName = "matej-tower"; + xdg.mime.defaultApplications = { "application/pdf" = "org.pwmt.zathura.desktop"; }; diff --git a/lib/mkHost.nix b/lib/mkHost.nix index acb46a8..80c67d3 100644 --- a/lib/mkHost.nix +++ b/lib/mkHost.nix @@ -7,19 +7,23 @@ name: { system, - users ? [ ], + user ? null, }: let hostConfig = ../hosts/${name}/configuration.nix; hostHWConfig = ../hosts/${name}/hardware-configuration.nix; hasHWConfig = builtins.pathExists hostHWConfig; + hasUser = user != null; - userNixosConfigs = map (user: ../users/${user}/nixos.nix) ( - builtins.filter (user: builtins.pathExists ../users/${user}/nixos.nix) users - ); + userKeys = if hasUser then import ../users/${user}/keys.nix else { }; - userHMConfigs = nixpkgs.lib.genAttrs users (user: import ../users/${user}/home-manager.nix); + # auto-import all nixos modules and profiles + nixosModuleList = builtins.attrValues inputs.self.nixosModules; + nixosProfileList = builtins.attrValues inputs.self.nixosProfiles; + + # auto-import all home-manager modules + hmModuleList = builtins.attrValues inputs.self.homeManagerModules; in nixpkgs.lib.nixosSystem { @@ -33,16 +37,23 @@ nixpkgs.lib.nixosSystem { hostConfig ] ++ nixpkgs.lib.optional hasHWConfig hostHWConfig - ++ userNixosConfigs + ++ nixosModuleList + ++ nixosProfileList + ++ nixpkgs.lib.optional ( + hasUser && builtins.pathExists ../users/${user}/nixos.nix + ) ../users/${user}/nixos.nix ++ [ inputs.home-manager.nixosModules.home-manager { home-manager.useGlobalPkgs = true; home-manager.useUserPackages = true; home-manager.backupFileExtension = "backup"; - home-manager.users = userHMConfigs; + home-manager.users = nixpkgs.lib.mkIf hasUser { + ${user} = import ../users/${user}/home-manager.nix; + }; + home-manager.sharedModules = hmModuleList; home-manager.extraSpecialArgs = { inherit inputs; }; } ]; - specialArgs = { inherit inputs; }; + specialArgs = { inherit inputs userKeys; }; } diff --git a/modules/nixos/initrd-ssh.nix b/modules/nixos/initrd-ssh.nix index 4afeddb..7801356 100644 --- a/modules/nixos/initrd-ssh.nix +++ b/modules/nixos/initrd-ssh.nix @@ -4,9 +4,6 @@ ... }: let - # TODO:(@janezicmatej) restructure keys import - keys = import ../../users/matej/keys.nix; - # generate host keys for new machines: ./scripts/initrd-ssh-keygen.sh keyDir = "/etc/secrets/initrd"; @@ -51,7 +48,7 @@ in authorizedKeys = lib.mkOption { type = lib.types.listOf lib.types.str; - default = keys.sshAuthorizedKeys; + default = [ ]; }; networkModule = lib.mkOption { diff --git a/profiles/base.nix b/profiles/base.nix new file mode 100644 index 0000000..c6531d4 --- /dev/null +++ b/profiles/base.nix @@ -0,0 +1,17 @@ +{ + lib, + config, + ... +}: +{ + options = { + profiles.base.enable = lib.mkEnableOption "base profile for all machines"; + }; + + config = lib.mkIf config.profiles.base.enable { + openssh.enable = lib.mkDefault true; + zsh.enable = lib.mkDefault true; + localisation.enable = lib.mkDefault true; + gnupg.enable = lib.mkDefault true; + }; +} diff --git a/profiles/default.nix b/profiles/default.nix new file mode 100644 index 0000000..70db651 --- /dev/null +++ b/profiles/default.nix @@ -0,0 +1 @@ +{ lib, my-lib }: args: (my-lib.autoDir ./.) diff --git a/profiles/desktop.nix b/profiles/desktop.nix new file mode 100644 index 0000000..3795093 --- /dev/null +++ b/profiles/desktop.nix @@ -0,0 +1,23 @@ +{ + lib, + config, + ... +}: +{ + options = { + profiles.desktop.enable = lib.mkEnableOption "desktop profile (sway, audio, printing)"; + }; + + config = lib.mkIf config.profiles.desktop.enable { + profiles.base.enable = lib.mkDefault true; + desktop.enable = lib.mkDefault true; + sway.enable = lib.mkDefault true; + tuigreet = { + enable = lib.mkDefault true; + command = lib.mkDefault "sway"; + }; + printing.enable = lib.mkDefault true; + workstation.enable = lib.mkDefault true; + yubikey.enable = lib.mkDefault true; + }; +} diff --git a/profiles/server.nix b/profiles/server.nix new file mode 100644 index 0000000..4dfcd38 --- /dev/null +++ b/profiles/server.nix @@ -0,0 +1,15 @@ +{ + lib, + config, + ... +}: +{ + options = { + profiles.server.enable = lib.mkEnableOption "headless server profile"; + }; + + config = lib.mkIf config.profiles.server.enable { + profiles.base.enable = lib.mkDefault true; + workstation.enable = lib.mkDefault true; + }; +} diff --git a/users/gorazd/home-manager.nix b/users/gorazd/home-manager.nix deleted file mode 100644 index 850ece1..0000000 --- a/users/gorazd/home-manager.nix +++ /dev/null @@ -1,52 +0,0 @@ -{ - config, - lib, - pkgs, - inputs, - ... -}: - -let - packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; -in - -{ - home.stateVersion = "24.11"; - - home.packages = [ - pkgs.git - ]; - - programs.neovim = { - enable = true; - vimAlias = true; - defaultEditor = true; - - package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default; - - extraPackages = with pkgs; [ - # runtime deps - fzf - ripgrep - gnumake - gcc - luajit - - lua-language-server - nil - nixd - - nixpkgs-fmt - stylua - - ]; - - extraWrapperArgs = [ - "--suffix" - "LD_LIBRARY_PATH" - ":" - "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}" - ]; - - }; -} diff --git a/users/matej/home-manager.nix b/users/matej/home-manager.nix index a579be3..949456e 100644 --- a/users/matej/home-manager.nix +++ b/users/matej/home-manager.nix @@ -8,11 +8,9 @@ let packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system}; - hmModules = inputs.self.outputs.homeManagerModules; in { - imports = [ hmModules.claude ]; claude = { enable = true; package = inputs.claude-code-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;