merge: profiles and improved mkHost

2026-03-07 16:00:28 +01:00
parent 2afc3dd068 78dd75ec88
commit 0f52308b95
12 changed files with 101 additions and 136 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -71,17 +71,16 @@
      nixosConfigurations = {
        matej-nixos = mkHost "matej-nixos" {
          system = "x86_64-linux";
-          users = [ "matej" ];
+          user = "matej";
        };
        matej-tower = mkHost "matej-tower" {
          system = "x86_64-linux";
-          users = [ "matej" ];
+          user = "matej";
        };

        # nixos-rebuild build-image --image-variant install-iso --flake .#live-iso
        live-iso = mkHost "live-iso" {
          system = "x86_64-linux";
-          users = [ ];
        };
      };

@@ -94,6 +93,11 @@
        inherit my-lib;
        inherit (nixpkgs) lib;
      } { };
+
+      nixosProfiles = import ./profiles {
+        inherit my-lib;
+        inherit (nixpkgs) lib;
+      } { };
    }
    // flake-utils.lib.eachDefaultSystem (
      system:
--- a/hosts/live-iso/configuration.nix
+++ b/hosts/live-iso/configuration.nix
@@ -2,16 +2,10 @@
  pkgs,
  lib,
  inputs,
+  userKeys,
  ...
 }:
-let
-  keys = import ../../users/matej/keys.nix;
-in
 {
-  imports = [
-    inputs.self.nixosModules.openssh
-  ];
-
  openssh.enable = true;

  image.modules.iso-installer = {
@@ -41,7 +35,7 @@ in
        "wheel"
        "users"
      ];
-      openssh.authorizedKeys.keys = keys.sshAuthorizedKeys;
+      openssh.authorizedKeys.keys = userKeys.sshAuthorizedKeys or [ ];
    };
  };

--- a/hosts/matej-nixos/configuration.nix
+++ b/hosts/matej-nixos/configuration.nix
@@ -4,6 +4,7 @@
  pkgs,
  inputs,
  options,
+  userKeys,
  ...
 }:

@@ -15,31 +16,14 @@ in
  imports = [
    inputs.nixos-hardware.nixosModules.framework-16-amd-ai-300-series
    inputs.stylix.nixosModules.stylix
-    inputs.self.nixosModules.yubikey
-    inputs.self.nixosModules.sway
-    inputs.self.nixosModules.openssh
-    inputs.self.nixosModules.desktop
-    inputs.self.nixosModules.printing
-    inputs.self.nixosModules.zsh
-    inputs.self.nixosModules.gnupg
-    inputs.self.nixosModules.tuigreet
-    inputs.self.nixosModules.workstation
-    inputs.self.nixosModules.localisation
  ];

-  yubikey.enable = true;
-  openssh.enable = true;
-  desktop.enable = true;
-  printing.enable = true;
-  zsh.enable = true;
-  gnupg.enable = true;
-  workstation.enable = true;
-  tuigreet = {
-    enable = true;
-    command = "sway";
-  };
+  profiles.desktop.enable = true;

-  sway.enable = true;
+  localisation = {
+    timeZone = "Europe/Ljubljana";
+    defaultLocale = "en_US.UTF-8";
+  };

  stylix = {
    enable = true;
@@ -51,12 +35,6 @@ in
  boot.loader.systemd-boot.enable = true;
  boot.loader.efi.canTouchEfiVariables = true;

-  localisation = {
-    enable = true;
-    timeZone = "Europe/Ljubljana";
-    defaultLocale = "en_US.UTF-8";
-  };
-
  # WARN:(@janezicmatej) nix-ld for running pip-installed binaries outside nix, probably want to drop this
  programs.nix-ld.enable = true;
  programs.nix-ld.libraries = options.programs.nix-ld.libraries.default;
--- a/hosts/matej-tower/configuration.nix
+++ b/hosts/matej-tower/configuration.nix
@@ -4,44 +4,27 @@
  pkgs,
  inputs,
  options,
+  userKeys,
  ...
 }:

 {
-  networking.hostName = "matej-tower";
  imports = [
    inputs.stylix.nixosModules.stylix
    inputs.lanzaboote.nixosModules.lanzaboote
-
-    inputs.self.nixosModules.yubikey
-    inputs.self.nixosModules.sway
-    inputs.self.nixosModules.openssh
-    inputs.self.nixosModules.desktop
-    inputs.self.nixosModules.printing
-    inputs.self.nixosModules.zsh
-    inputs.self.nixosModules.gnupg
-    inputs.self.nixosModules.tuigreet
-    inputs.self.nixosModules.workstation
-    inputs.self.nixosModules.initrd-ssh
-    inputs.self.nixosModules.localisation
  ];

-  yubikey.enable = true;
-  openssh.enable = true;
-  desktop.enable = true;
-  printing.enable = true;
-  zsh.enable = true;
-  gnupg.enable = true;
-  workstation.enable = true;
-  tuigreet = {
-    enable = true;
-    command = "sway";
-  };
-  sway.enable = true;
+  profiles.desktop.enable = true;

  initrd-ssh = {
    enable = true;
    networkModule = "r8169";
+    authorizedKeys = userKeys.sshAuthorizedKeys;
+  };
+
+  localisation = {
+    timeZone = "Europe/Ljubljana";
+    defaultLocale = "en_US.UTF-8";
  };

  stylix = {
@@ -60,12 +43,6 @@
    pkiBundle = "/var/lib/sbctl";
  };

-  localisation = {
-    enable = true;
-    timeZone = "Europe/Ljubljana";
-    defaultLocale = "en_US.UTF-8";
-  };
-
  services.udisks2.enable = true;

  programs._1password.enable = true;
@@ -83,6 +60,8 @@
    easyeffects
  ];

+  networking.hostName = "matej-tower";
+
  xdg.mime.defaultApplications = {
    "application/pdf" = "org.pwmt.zathura.desktop";
  };
--- a/lib/mkHost.nix
+++ b/lib/mkHost.nix
@@ -7,19 +7,23 @@
 name:
 {
  system,
-  users ? [ ],
+  user ? null,
 }:

 let
  hostConfig = ../hosts/${name}/configuration.nix;
  hostHWConfig = ../hosts/${name}/hardware-configuration.nix;
  hasHWConfig = builtins.pathExists hostHWConfig;
+  hasUser = user != null;

-  userNixosConfigs = map (user: ../users/${user}/nixos.nix) (
-    builtins.filter (user: builtins.pathExists ../users/${user}/nixos.nix) users
-  );
+  userKeys = if hasUser then import ../users/${user}/keys.nix else { };

-  userHMConfigs = nixpkgs.lib.genAttrs users (user: import ../users/${user}/home-manager.nix);
+  # auto-import all nixos modules and profiles
+  nixosModuleList = builtins.attrValues inputs.self.nixosModules;
+  nixosProfileList = builtins.attrValues inputs.self.nixosProfiles;
+
+  # auto-import all home-manager modules
+  hmModuleList = builtins.attrValues inputs.self.homeManagerModules;

 in
 nixpkgs.lib.nixosSystem {
@@ -33,16 +37,23 @@ nixpkgs.lib.nixosSystem {
    hostConfig
  ]
  ++ nixpkgs.lib.optional hasHWConfig hostHWConfig
-  ++ userNixosConfigs
+  ++ nixosModuleList
+  ++ nixosProfileList
+  ++ nixpkgs.lib.optional (
+    hasUser && builtins.pathExists ../users/${user}/nixos.nix
+  ) ../users/${user}/nixos.nix
  ++ [
    inputs.home-manager.nixosModules.home-manager
    {
      home-manager.useGlobalPkgs = true;
      home-manager.useUserPackages = true;
      home-manager.backupFileExtension = "backup";
-      home-manager.users = userHMConfigs;
+      home-manager.users = nixpkgs.lib.mkIf hasUser {
+        ${user} = import ../users/${user}/home-manager.nix;
+      };
+      home-manager.sharedModules = hmModuleList;
      home-manager.extraSpecialArgs = { inherit inputs; };
    }
  ];
-  specialArgs = { inherit inputs; };
+  specialArgs = { inherit inputs userKeys; };
 }
--- a/modules/nixos/initrd-ssh.nix
+++ b/modules/nixos/initrd-ssh.nix
@@ -4,9 +4,6 @@
  ...
 }:
 let
-  # TODO:(@janezicmatej) restructure keys import
-  keys = import ../../users/matej/keys.nix;
-
  # generate host keys for new machines: ./scripts/initrd-ssh-keygen.sh
  keyDir = "/etc/secrets/initrd";

@@ -51,7 +48,7 @@ in

      authorizedKeys = lib.mkOption {
        type = lib.types.listOf lib.types.str;
-        default = keys.sshAuthorizedKeys;
+        default = [ ];
      };

      networkModule = lib.mkOption {
--- a/profiles/base.nix
+++ b/profiles/base.nix
@@ -0,0 +1,17 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.base.enable = lib.mkEnableOption "base profile for all machines";
+  };
+
+  config = lib.mkIf config.profiles.base.enable {
+    openssh.enable = lib.mkDefault true;
+    zsh.enable = lib.mkDefault true;
+    localisation.enable = lib.mkDefault true;
+    gnupg.enable = lib.mkDefault true;
+  };
+}
--- a/profiles/default.nix
+++ b/profiles/default.nix
@@ -0,0 +1 @@
+{ lib, my-lib }: args: (my-lib.autoDir ./.)
--- a/profiles/desktop.nix
+++ b/profiles/desktop.nix
@@ -0,0 +1,23 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.desktop.enable = lib.mkEnableOption "desktop profile (sway, audio, printing)";
+  };
+
+  config = lib.mkIf config.profiles.desktop.enable {
+    profiles.base.enable = lib.mkDefault true;
+    desktop.enable = lib.mkDefault true;
+    sway.enable = lib.mkDefault true;
+    tuigreet = {
+      enable = lib.mkDefault true;
+      command = lib.mkDefault "sway";
+    };
+    printing.enable = lib.mkDefault true;
+    workstation.enable = lib.mkDefault true;
+    yubikey.enable = lib.mkDefault true;
+  };
+}
--- a/profiles/server.nix
+++ b/profiles/server.nix
@@ -0,0 +1,15 @@
+{
+  lib,
+  config,
+  ...
+}:
+{
+  options = {
+    profiles.server.enable = lib.mkEnableOption "headless server profile";
+  };
+
+  config = lib.mkIf config.profiles.server.enable {
+    profiles.base.enable = lib.mkDefault true;
+    workstation.enable = lib.mkDefault true;
+  };
+}
--- a/users/gorazd/home-manager.nix
+++ b/users/gorazd/home-manager.nix
@@ -1,52 +0,0 @@
-{
-  config,
-  lib,
-  pkgs,
-  inputs,
-  ...
-}:
-
-let
-  packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};
-in
-
-{
-  home.stateVersion = "24.11";
-
-  home.packages = [
-    pkgs.git
-  ];
-
-  programs.neovim = {
-    enable = true;
-    vimAlias = true;
-    defaultEditor = true;
-
-    package = inputs.neovim-nightly-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;
-
-    extraPackages = with pkgs; [
-      # runtime deps
-      fzf
-      ripgrep
-      gnumake
-      gcc
-      luajit
-
-      lua-language-server
-      nil
-      nixd
-
-      nixpkgs-fmt
-      stylua
-
-    ];
-
-    extraWrapperArgs = [
-      "--suffix"
-      "LD_LIBRARY_PATH"
-      ":"
-      "${lib.makeLibraryPath [ pkgs.stdenv.cc.cc.lib ]}"
-    ];
-
-  };
-}
--- a/users/matej/home-manager.nix
+++ b/users/matej/home-manager.nix
@@ -8,11 +8,9 @@

 let
  packages = inputs.self.outputs.packages.${pkgs.stdenv.hostPlatform.system};
-  hmModules = inputs.self.outputs.homeManagerModules;
 in

 {
-  imports = [ hmModules.claude ];
  claude = {
    enable = true;
    package = inputs.claude-code-overlay.packages.${pkgs.stdenv.hostPlatform.system}.default;
				`@@ -0,0 +1 @@`
				`{ lib, my-lib }: args: (my-lib.autoDir ./.)`