janezicmatej/matej.nix
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactor: mkHost load-all infrastructure and convert simple features

Browse Source
This commit is contained in:
Matej Janezic
2026-04-12 21:27:43 +00:00
parent 3ff4583017
commit 6770bc76a2
18 changed files with 455 additions and 210 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
features/claude.nix
View File

@@ -1,10 +1,21 @@
{ {
home = nixos =
{ pkgs, ... }: { lib, ... }:
{ {
options.features.claude.enable = lib.mkEnableOption "claude";
};
home =
{ pkgs, lib, osConfig, ... }:
let
cfg = osConfig.features.claude;
in
{
config = lib.mkIf cfg.enable {
home.packages = [ home.packages = [
pkgs.claude-code pkgs.claude-code
pkgs.mcp-nixos pkgs.mcp-nixos
]; ];
}; };
};
} }

18
features/direnv/default.nix
View File

@@ -1,7 +1,13 @@
{ {
nixos = nixos =
{ inputs, ... }: { config, lib, inputs, ... }:
let
cfg = config.features.direnv;
in
{ {
options.features.direnv.enable = lib.mkEnableOption "direnv";
config = lib.mkIf cfg.enable {
nix.registry.dev = { nix.registry.dev = {
from = { from = {
type = "indirect"; type = "indirect";
@@ -13,8 +19,15 @@
}; };
}; };
}; };
};
home = _: { home =
{ lib, osConfig, ... }:
let
cfg = osConfig.features.direnv;
in
{
config = lib.mkIf cfg.enable {
programs.direnv = { programs.direnv = {
enable = true; enable = true;
nix-direnv.enable = true; nix-direnv.enable = true;
@@ -23,4 +36,5 @@
xdg.configFile."direnv/lib/use_dev.sh".source = ./use_dev.sh; xdg.configFile."direnv/lib/use_dev.sh".source = ./use_dev.sh;
}; };
};
} }

9
features/docker.nix
View File

@@ -1,7 +1,13 @@
{ {
nixos = nixos =
{ user, ... }: { config, lib, user, ... }:
let
cfg = config.features.docker;
in
{ {
options.features.docker.enable = lib.mkEnableOption "docker";
config = lib.mkIf cfg.enable {
virtualisation.docker = { virtualisation.docker = {
enable = true; enable = true;
logDriver = "json-file"; logDriver = "json-file";
@@ -9,4 +15,5 @@
users.users.${user}.extraGroups = [ "docker" ]; users.users.${user}.extraGroups = [ "docker" ];
}; };
};
} }

18
features/filedrop.nix
View File

@@ -1,9 +1,22 @@
{ {
nixos = nixos =
{ config, userKeys, ... }: { config, lib, userKeys, ... }:
let
cfg = config.features.filedrop;
in
{ {
options.features.filedrop = {
enable = lib.mkEnableOption "filedrop sftp service";
sopsFile = lib.mkOption {
type = lib.types.path;
};
};
config = lib.mkIf cfg.enable {
sops.secrets.filedrop-authorized-keys = { sops.secrets.filedrop-authorized-keys = {
sopsFile = ../secrets/floo.yaml; inherit (cfg) sopsFile;
mode = "0444"; mode = "0444";
}; };
@@ -39,4 +52,5 @@
X11Forwarding no X11Forwarding no
''; '';
}; };
};
} }

9
features/gaming.nix
View File

@@ -1,7 +1,13 @@
{ {
nixos = nixos =
{ pkgs, ... }: { config, lib, pkgs, ... }:
let
cfg = config.features.gaming;
in
{ {
options.features.gaming.enable = lib.mkEnableOption "gaming";
config = lib.mkIf cfg.enable {
programs.steam = { programs.steam = {
enable = true; enable = true;
remotePlay.openFirewall = true; remotePlay.openFirewall = true;
@@ -11,4 +17,5 @@
environment.systemPackages = [ pkgs.prismlauncher ]; environment.systemPackages = [ pkgs.prismlauncher ];
}; };
};
} }

29
features/gnupg.nix
View File

@@ -1,9 +1,36 @@
{ {
nixos = _: { nixos =
{ config, lib, pkgs, ... }:
let
cfg = config.features.gnupg;
in
{
options.features.gnupg = {
enable = lib.mkEnableOption "gnupg";
yubikey.enable = lib.mkOption {
type = lib.types.bool;
default = false;
};
};
config = lib.mkIf cfg.enable (lib.mkMerge [
{
programs.gnupg.agent = { programs.gnupg.agent = {
enable = true; enable = true;
enableSSHSupport = true; enableSSHSupport = true;
enableExtraSocket = true; enableExtraSocket = true;
}; };
}
(lib.mkIf cfg.yubikey.enable {
environment.systemPackages = with pkgs; [
yubikey-personalization
yubikey-manager
];
services.pcscd.enable = true;
})
]);
}; };
} }

8
features/harmonia/default.nix
View File

@@ -1,12 +1,14 @@
{ {
nixos = nixos =
{ {
pkgs,
config, config,
lib,
pkgs,
inputs, inputs,
... ...
}: }:
let let
cfg = config.features.harmonia;
hosts = [ hosts = [
"fw16" "fw16"
"tower" "tower"
@@ -17,6 +19,9 @@
flakeRef = inputs.self.outPath; flakeRef = inputs.self.outPath;
in in
{ {
options.features.harmonia.enable = lib.mkEnableOption "harmonia";
config = lib.mkIf cfg.enable {
services.harmonia.cache = { services.harmonia.cache = {
enable = true; enable = true;
signKeyPaths = [ config.sops.secrets.nix-signing-key.path ]; signKeyPaths = [ config.sops.secrets.nix-signing-key.path ];
@@ -48,4 +53,5 @@
}; };
}; };
}; };
};
} }

18
features/initrd-ssh.nix
View File

@@ -2,6 +2,7 @@
nixos = nixos =
{ lib, config, ... }: { lib, config, ... }:
let let
cfg = config.features.initrd-ssh;
keyDir = "/etc/secrets/initrd"; keyDir = "/etc/secrets/initrd";
mkIpString = mkIpString =
@@ -15,8 +16,9 @@
"${address}::${gateway}:${netmask}::${interface}:none"; "${address}::${gateway}:${netmask}::${interface}:none";
in in
{ {
options = { options.features.initrd-ssh = {
initrd-ssh = { enable = lib.mkEnableOption "initrd ssh";
ip = { ip = {
enable = lib.mkEnableOption "static IP for initrd (otherwise DHCP)"; enable = lib.mkEnableOption "static IP for initrd (otherwise DHCP)";
@@ -47,12 +49,12 @@
type = lib.types.str; type = lib.types.str;
}; };
}; };
};
config = { config = lib.mkIf cfg.enable {
boot.initrd.kernelModules = [ config.initrd-ssh.networkModule ]; boot.initrd.availableKernelModules = [ cfg.networkModule ];
boot.kernelParams = lib.mkIf config.initrd-ssh.ip.enable [ boot.initrd.kernelModules = [ cfg.networkModule ];
"ip=${mkIpString config.initrd-ssh.ip}" boot.kernelParams = lib.mkIf cfg.ip.enable [
"ip=${mkIpString cfg.ip}"
]; ];
boot.initrd.network = { boot.initrd.network = {
@@ -64,7 +66,7 @@
"${keyDir}/ssh_host_rsa_key" "${keyDir}/ssh_host_rsa_key"
"${keyDir}/ssh_host_ed25519_key" "${keyDir}/ssh_host_ed25519_key"
]; ];
inherit (config.initrd-ssh) authorizedKeys; inherit (cfg) authorizedKeys;
}; };
postCommands = '' postCommands = ''
echo 'cryptsetup-askpass' >> /root/.profile echo 'cryptsetup-askpass' >> /root/.profile

19
features/localisation.nix
View File

@@ -1,25 +1,30 @@
{ {
nixos = nixos =
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.features.localisation;
in
{ {
options = { options.features.localisation = {
localisation = { enable = lib.mkEnableOption "localisation";
timeZone = lib.mkOption { timeZone = lib.mkOption {
type = lib.types.str; type = lib.types.str;
default = "Europe/Ljubljana";
}; };
defaultLocale = lib.mkOption { defaultLocale = lib.mkOption {
type = lib.types.str; type = lib.types.str;
}; default = "en_US.UTF-8";
}; };
}; };
config = { config = lib.mkIf cfg.enable {
time.timeZone = config.localisation.timeZone; time.timeZone = cfg.timeZone;
i18n.defaultLocale = config.localisation.defaultLocale; i18n.defaultLocale = cfg.defaultLocale;
# NOTE:(@janezicmatej) some apps (e.g. java) need TZ env var explicitly # NOTE:(@janezicmatej) some apps (e.g. java) need TZ env var explicitly
environment.variables.TZ = config.localisation.timeZone; environment.variables.TZ = cfg.timeZone;
}; };
}; };
} }

34
features/neovim.nix
View File

@@ -1,4 +1,17 @@
{ {
nixos =
{ lib, ... }:
{
options.features.neovim = {
enable = lib.mkEnableOption "neovim";
dotfiles = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
};
};
};
home = home =
{ {
config, config,
@@ -6,24 +19,21 @@
lib, lib,
pkgs, pkgs,
inputs, inputs,
osConfig,
... ...
}: }:
let
cfg = osConfig.features.neovim;
in
{ {
options = { config = lib.mkIf cfg.enable (lib.mkMerge [
neovim.dotfiles = lib.mkOption {
type = lib.types.nullOr lib.types.path;
default = null;
};
};
config = lib.mkMerge [
(lib.optionalAttrs (options ? stylix) { (lib.optionalAttrs (options ? stylix) {
# disable stylix neovim target when stylix is present (loaded by desktop feature) # disable stylix neovim target when stylix is present
stylix.targets.neovim.enable = false; stylix.targets.neovim.enable = false;
}) })
{ {
xdg.configFile."nvim" = lib.mkIf (config.neovim.dotfiles != null) { xdg.configFile."nvim" = lib.mkIf (cfg.dotfiles != null) {
source = config.neovim.dotfiles; source = cfg.dotfiles;
}; };
programs.neovim = { programs.neovim = {
@@ -64,6 +74,6 @@
]; ];
}; };
} }
]; ]);
}; };
} }

11
features/networkmanager.nix
View File

@@ -1,9 +1,18 @@
{ {
nixos = _: { nixos =
{ config, lib, ... }:
let
cfg = config.features.networkmanager;
in
{
options.features.networkmanager.enable = lib.mkEnableOption "networkmanager";
config = lib.mkIf cfg.enable {
networking.networkmanager.enable = true; networking.networkmanager.enable = true;
networking.nameservers = [ networking.nameservers = [
"1.1.1.1" "1.1.1.1"
"8.8.8.8" "8.8.8.8"
]; ];
}; };
};
} }

11
features/nix-ld.nix
View File

@@ -1,5 +1,14 @@
{ {
nixos = _: { nixos =
{ config, lib, ... }:
let
cfg = config.features.nix-ld;
in
{
options.features.nix-ld.enable = lib.mkEnableOption "nix-ld";
config = lib.mkIf cfg.enable {
programs.nix-ld.enable = true; programs.nix-ld.enable = true;
}; };
};
} }

71
features/nix-settings.nix Normal file
View File

@@ -0,0 +1,71 @@
{
nixos =
{ config, lib, ... }:
let
cfg = config.features.nix-settings;
in
{
options.features.nix-settings = {
enable = lib.mkEnableOption "nix settings";
towerCache.enable = lib.mkOption {
type = lib.types.bool;
default = true;
};
gc = {
dates = lib.mkOption {
type = lib.types.str;
default = "monthly";
};
olderThan = lib.mkOption {
type = lib.types.str;
default = "30d";
};
};
optimise.dates = lib.mkOption {
type = lib.types.listOf lib.types.str;
default = [ "monthly" ];
};
};
config = lib.mkIf cfg.enable {
nix = {
settings = {
experimental-features = [
"nix-command"
"flakes"
];
download-buffer-size = 2 * 1024 * 1024 * 1024;
warn-dirty = false;
substituters =
[
"https://cache.nixos.org"
"https://nix-community.cachix.org?priority=45"
]
++ lib.optional cfg.towerCache.enable "http://tower:5000?priority=50";
trusted-public-keys =
[
"cache.nixos.org-1:6NCHdD59X431o0gWypbMrAURkbJ16ZPMQFGspcDShjY="
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
]
++ lib.optional cfg.towerCache.enable "matej.nix-1:TdbemLVYblvAxqJcwb3mVKmmr3cfzXbMcZHE5ILnZDE=";
};
gc = {
automatic = true;
dates = cfg.gc.dates;
options = "--delete-older-than ${cfg.gc.olderThan}";
};
optimise = {
automatic = true;
dates = cfg.optimise.dates;
};
};
};
};
}

13
features/openssh.nix
View File

@@ -1,18 +1,23 @@
{ {
nixos = nixos =
{ lib, config, ... }: { lib, config, ... }:
let
cfg = config.features.openssh;
in
{ {
options = { options.features.openssh = {
openssh.port = lib.mkOption { enable = lib.mkEnableOption "openssh";
port = lib.mkOption {
type = lib.types.port; type = lib.types.port;
default = 22; default = 22;
}; };
}; };
config = { config = lib.mkIf cfg.enable {
services.openssh = { services.openssh = {
enable = true; enable = true;
ports = [ config.openssh.port ]; ports = [ cfg.port ];
settings = { settings = {
PasswordAuthentication = false; PasswordAuthentication = false;
AllowUsers = null; AllowUsers = null;

11
features/printing.nix
View File

@@ -1,5 +1,13 @@
{ {
nixos = _: { nixos =
{ config, lib, ... }:
let
cfg = config.features.printing;
in
{
options.features.printing.enable = lib.mkEnableOption "printing";
config = lib.mkIf cfg.enable {
services.printing.enable = true; services.printing.enable = true;
services.avahi = { services.avahi = {
enable = true; enable = true;
@@ -7,4 +15,5 @@
openFirewall = true; openFirewall = true;
}; };
}; };
};
} }

9
features/remote-base.nix
View File

@@ -1,7 +1,13 @@
{ {
nixos = nixos =
{ config, user, ... }: { config, lib, user, ... }:
let
cfg = config.features.remote-base;
in
{ {
options.features.remote-base.enable = lib.mkEnableOption "remote-base";
config = lib.mkIf cfg.enable {
sops.secrets.user-password = { sops.secrets.user-password = {
sopsFile = ../secrets/common.yaml; sopsFile = ../secrets/common.yaml;
neededForUsers = true; neededForUsers = true;
@@ -10,4 +16,5 @@
users.mutableUsers = false; users.mutableUsers = false;
users.users.${user}.hashedPasswordFile = config.sops.secrets.user-password.path; users.users.${user}.hashedPasswordFile = config.sops.secrets.user-password.path;
}; };
};
} }

11
features/tailscale.nix
View File

@@ -1,8 +1,17 @@
{ {
nixos = _: { nixos =
{ config, lib, ... }:
let
cfg = config.features.tailscale;
in
{
options.features.tailscale.enable = lib.mkEnableOption "tailscale";
config = lib.mkIf cfg.enable {
services.tailscale = { services.tailscale = {
enable = true; enable = true;
useRoutingFeatures = "both"; useRoutingFeatures = "both";
}; };
}; };
};
} }

31
lib/mkHost.nix
View File

@@ -27,7 +27,19 @@ let
hostConfig = ../hosts/${name}/configuration.nix; hostConfig = ../hosts/${name}/configuration.nix;
hostHWConfig = ../hosts/${name}/hardware-configuration.nix; hostHWConfig = ../hosts/${name}/hardware-configuration.nix;
# load feature with path check # auto-discover all features, excluding user-* and default.nix
featureDir = builtins.readDir ../features;
allFeatureNames = lib.pipe featureDir [
(lib.filterAttrs (
n: t:
(t == "regular" && lib.hasSuffix ".nix" n && n != "default.nix" && !lib.hasPrefix "user-" n)
|| (t == "directory" && builtins.pathExists ../features/${n}/default.nix)
))
builtins.attrNames
(map (n: lib.removeSuffix ".nix" n))
];
# load all features unconditionally
loadFeature = loadFeature =
f: f:
assert assert
@@ -35,7 +47,7 @@ let
|| throw "feature '${f}' not found at ${toString (featurePath f)}"; || throw "feature '${f}' not found at ${toString (featurePath f)}";
import (featurePath f); import (featurePath f);
loadedFeatures = map loadFeature features; loadedFeatures = map loadFeature allFeatureNames;
# load user feature with path check # load user feature with path check
userFeature = userFeature =
@@ -55,17 +67,28 @@ let
# collect nixos and home modules from all features # collect nixos and home modules from all features
nixosMods = map (f: f.nixos) (builtins.filter (f: f ? nixos) allFeatures); nixosMods = map (f: f.nixos) (builtins.filter (f: f ? nixos) allFeatures);
homeMods = map (f: f.home) (builtins.filter (f: f ? home) allFeatures); homeMods = map (f: f.home) (builtins.filter (f: f ? home) allFeatures);
# translate features list to enable flags
featureEnableModule =
{ lib, ... }:
{
config.features = lib.genAttrs features (_: {
enable = true;
});
};
in in
nixpkgs.lib.nixosSystem { nixpkgs.lib.nixosSystem {
inherit system; inherit system;
modules = [ modules =
../nix.nix [
inputs.sops-nix.nixosModules.sops inputs.sops-nix.nixosModules.sops
inputs.stylix.nixosModules.stylix
{ nixpkgs.overlays = overlays; } { nixpkgs.overlays = overlays; }
{ nixpkgs.config.allowUnfree = true; } { nixpkgs.config.allowUnfree = true; }
{ networking.hostName = name; } { networking.hostName = name; }
featureEnableModule
hostConfig hostConfig
] ]
++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig ++ lib.optional (builtins.pathExists hostHWConfig) hostHWConfig