merge: profiles and improved mkHost

flake.nix

@@ -71,17 +71,16 @@
       nixosConfigurations = {
         matej-nixos = mkHost "matej-nixos" {
           system = "x86_64-linux";
-          users = [ "matej" ];
+          user = "matej";
         };
         matej-tower = mkHost "matej-tower" {
           system = "x86_64-linux";
-          users = [ "matej" ];
+          user = "matej";
         };
 
         # nixos-rebuild build-image --image-variant install-iso --flake .#live-iso
         live-iso = mkHost "live-iso" {
           system = "x86_64-linux";
-          users = [ ];
         };
       };
 
@@ -94,6 +93,11 @@
         inherit my-lib;
         inherit (nixpkgs) lib;
       } { };
+
+      nixosProfiles = import ./profiles {
+        inherit my-lib;
+        inherit (nixpkgs) lib;
+      } { };
     }
     // flake-utils.lib.eachDefaultSystem (
       system:

hosts/live-iso/configuration.nix

@@ -2,16 +2,10 @@
   pkgs,
   lib,
   inputs,
+  userKeys,
   ...
 }:
-let
-  keys = import ../../users/matej/keys.nix;
-in
 {
-  imports = [
-    inputs.self.nixosModules.openssh
-  ];
-
   openssh.enable = true;
 
   image.modules.iso-installer = {
@@ -41,7 +35,7 @@ in
         "wheel"
         "users"
       ];
-      openssh.authorizedKeys.keys = keys.sshAuthorizedKeys;
+      openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys or [ ];
     };
   };
 

hosts/matej-nixos/configuration.nix

@@ -4,6 +4,7 @@
   pkgs,
   inputs,
   options,
+  userKeys,
   ...
 }:
 
@@ -15,31 +16,14 @@ in
   imports = [
     inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
     inputs.stylix.nixosModules.stylix
-    inputs.self.nixosModules.yubikey
-    inputs.self.nixosModules.sway
-    inputs.self.nixosModules.openssh
-    inputs.self.nixosModules.desktop
-    inputs.self.nixosModules.printing
-    inputs.self.nixosModules.zsh
-    inputs.self.nixosModules.gnupg
-    inputs.self.nixosModules.tuigreet
-    inputs.self.nixosModules.workstation
-    inputs.self.nixosModules.localisation
   ];
 
-  yubikey.enable = true;
+  profiles.desktop.enable = true;
-  openssh.enable = true;
-  desktop.enable = true;
-  printing.enable = true;
-  zsh.enable = true;
-  gnupg.enable = true;
-  workstation.enable = true;
-  tuigreet = {
-    enable = true;
-    command = "sway";
-  };
 
-  sway.enable = true;
+  localisation = {
+    timeZone = "Europe/Ljubljana";
+    defaultLocale = "en_US.UTF-8";
+  };
 
   stylix = {
     enable = true;
@@ -51,12 +35,6 @@ in
   boot.loader.systemd-boot.enable = true;
   boot.loader.efi.canTouchEfiVariables = true;
 
-  localisation = {
-    enable = true;
-    timeZone = "Europe/Ljubljana";
-    defaultLocale = "en_US.UTF-8";
-  };
-
   # WARN:(@janezicmatej) nix-ld for running pip-installed binaries outside nix, probably want to drop this
   programs.nix-ld.enable = true;
   programs.nix-ld.libraries = options.programs.nix-ld.libraries.default;

hosts/matej-tower/configuration.nix

@@ -4,44 +4,27 @@
   pkgs,
   inputs,
   options,
+  userKeys,
   ...
 }:
 
 {
-  networking.hostName = "matej-tower";
   imports = [
     inputs.stylix.nixosModules.stylix
     inputs.lanzaboote.nixosModules.lanzaboote
-
-    inputs.self.nixosModules.yubikey
-    inputs.self.nixosModules.sway
-    inputs.self.nixosModules.openssh
-    inputs.self.nixosModules.desktop
-    inputs.self.nixosModules.printing
-    inputs.self.nixosModules.zsh
-    inputs.self.nixosModules.gnupg
-    inputs.self.nixosModules.tuigreet
-    inputs.self.nixosModules.workstation
-    inputs.self.nixosModules.initrd-ssh
-    inputs.self.nixosModules.localisation
   ];
 
-  yubikey.enable = true;
+  profiles.desktop.enable = true;
-  openssh.enable = true;
-  desktop.enable = true;
-  printing.enable = true;
-  zsh.enable = true;
-  gnupg.enable = true;
-  workstation.enable = true;
-  tuigreet = {
-    enable = true;
-    command = "sway";
-  };
-  sway.enable = true;
 
   initrd-ssh = {
     enable = true;
     networkModule = "r8169";
+    authorizedKeys = userKeys.sshAuthorizedKeys;
+  };
+
+  localisation = {
+    timeZone = "Europe/Ljubljana";
+    defaultLocale = "en_US.UTF-8";
   };
 
   stylix = {
@@ -60,12 +43,6 @@
     pkiBundle = "/var/lib/sbctl";
   };
 
-  localisation = {
-    enable = true;
-    timeZone = "Europe/Ljubljana";
-    defaultLocale = "en_US.UTF-8";
-  };
-
   services.udisks2.enable = true;
 
   programs._1password.enable = true;
@@ -83,6 +60,8 @@
     easyeffects
   ];
 
+  networking.hostName = "matej-tower";
+
   xdg.mime.defaultApplications = {
     "application/pdf" = "org.pwmt.zathura.desktop";
   };

lib/mkHost.nix

@@ -7,19 +7,23 @@
 name:
 {
   system,
-  users ? [ ],
+  user ? null,
 }:
 
 let
   hostConfig = ../hosts/${name}/configuration.nix;
   hostHWConfig = ../hosts/${name}/hardware-configuration.nix;
   hasHWConfig = builtins.pathExists hostHWConfig;
+  hasUser = user != null;
 
-  userNixosConfigs = map (user: ../users/${user}/nixos.nix) (
+  userKeys = if hasUser then import ../users/${user}/keys.nix else { };
-    builtins.filter (user: builtins.pathExists ../users/${user}/nixos.nix) users
-  );
 
-  userHMConfigs = nixpkgs.lib.genAttrs users (user: import ../users/${user}/home-manager.nix);
+  # auto-import all nixos modules and profiles
+  nixosModuleList = builtins.attrValues inputs.self.nixosModules;
+  nixosProfileList = builtins.attrValues inputs.self.nixosProfiles;
+
+  # auto-import all home-manager modules
+  hmModuleList = builtins.attrValues inputs.self.homeManagerModules;
 
 in
 nixpkgs.lib.nixosSystem {
@@ -33,16 +37,23 @@ nixpkgs.lib.nixosSystem {
     hostConfig
   ]
   ++ nixpkgs.lib.optional hasHWConfig hostHWConfig
-  ++ userNixosConfigs
+  ++ nixosModuleList
+  ++ nixosProfileList
+  ++ nixpkgs.lib.optional (
+    hasUser && builtins.pathExists ../users/${user}/nixos.nix
+  ) ../users/${user}/nixos.nix
   ++ [
     inputs.home-manager.nixosModules.home-manager
     {
       home-manager.useGlobalPkgs = true;
       home-manager.useUserPackages = true;
       home-manager.backupFileExtension = "backup";
-      home-manager.users = userHMConfigs;
+      home-manager.users = nixpkgs.lib.mkIf hasUser {
+        ${user} = import ../users/${user}/home-manager.nix;
+      };
+      home-manager.sharedModules = hmModuleList;
       home-manager.extraSpecialArgs = { inherit inputs; };
     }
   ];
-  specialArgs = { inherit inputs; };
+  specialArgs = { inherit inputs userKeys; };
 }

modules/nixos/initrd-ssh.nix

@@ -4,9 +4,6 @@
   ...
 }:
 let
-  # TODO:(@janezicmatej) restructure keys import
-  keys = import ../../users/matej/keys.nix;
-
   # generate host keys for new machines: ./scripts/initrd-ssh-keygen.sh
   keyDir = "/etc/secrets/initrd";
 
@@ -51,7 +48,7 @@ in
 
       authorizedKeys = lib.mkOption {
         type = lib.types.listOf lib.types.str;
-        default = keys.sshAuthorizedKeys;
+        default = [ ];
       };
 
       networkModule = lib.mkOption {

profiles/base.nix

@@ -0,0 +1,17 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.base.enable = lib.mkEnableOption "base profile for all machines";
+  };
+
+  config = lib.mkIf config.profiles.base.enable {
+    openssh.enable = lib.mkDefault true;
+    zsh.enable = lib.mkDefault true;
+    localisation.enable = lib.mkDefault true;
+    gnupg.enable = lib.mkDefault true;
+  };
+}

profiles/default.nix

@@ -0,0 +1 @@
+{ lib, my-lib }: args: (my-lib.autoDir ./.)

profiles/desktop.nix

@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.desktop.enable = lib.mkEnableOption "desktop profile (sway, audio, printing)";
+  };
+
+  config = lib.mkIf config.profiles.desktop.enable {
+    profiles.base.enable = lib.mkDefault true;
+    desktop.enable = lib.mkDefault true;
+    sway.enable = lib.mkDefault true;
+    tuigreet = {
+      enable = lib.mkDefault true;
+      command = lib.mkDefault "sway";
+    };
+    printing.enable = lib.mkDefault true;
+    workstation.enable = lib.mkDefault true;
+    yubikey.enable = lib.mkDefault true;
+  };
+}

profiles/server.nix

@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.server.enable = lib.mkEnableOption "headless server profile";
+  };
+
+  config = lib.mkIf config.profiles.server.enable {
+    profiles.base.enable = lib.mkDefault true;
+    workstation.enable = lib.mkDefault true;
+  };
+}

users/gorazd/home-manager.nix

@@ -1,52 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
-
-let
-  packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};
-in
-
-{
-  home.stateVersion = "24.11";
-
-  home.packages = [
-    pkgs.git
-  ];
-
-  programs.neovim = {
-    enable = true;
-    vimAlias = true;
-    defaultEditor = true;
-
-    package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;
-
-    extraPackages = with pkgs; [
-      # runtime deps
-      fzf
-      ripgrep
-      gnumake
-      gcc
-      luajit
-
-      lua-language-server
-      nil
-      nixd
-
-      nixpkgs-fmt
-      stylua
-
-    ];
-
-    extraWrapperArgs = [
-      "--suffix"
-      "LD_LIBRARY_PATH"
-      ":"
-      "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}"
-    ];
-
-  };
-}

users/matej/home-manager.nix

@@ -8,11 +8,9 @@
 
 let
   packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};
-  hmModules = inputs.self.outputs.homeManagerModules;
 in
 
 {
-  imports = [ hmModules.claude ];
   claude = {
     enable = true;
     package = inputs.claude-code-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;