refactor: derive host name solely from host directory name

2026-04-30 16:40:45 +02:00
parent ce02cc5538
commit 95ffe7b908
19 changed files with 40 additions and 53 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -76,7 +76,10 @@
          nixpkgs.lib.nixosSystem {
            modules = [
              ./hosts/${host}
-              { nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system; }
+              {
+                nixpkgs.hostPlatform = (myUtils.hostMeta ./hosts/${host}).system;
+                host.name = host;
+              }
            ];
            specialArgs = {
              inherit
--- a/hosts/andromache/default.nix
+++ b/hosts/andromache/default.nix
@@ -51,9 +51,7 @@ in
    ../../modules/yubikey
  ];

-  home-manager.users.${config.host.username} = import ../../home/hosts/andromache;
-
-  ssh.authorizedHosts = [ "astyanax" ];
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};

  secrets.nixSigningKey.enable = true;

--- a/hosts/andromache/host.nix
+++ b/hosts/andromache/host.nix
@@ -1,7 +1,7 @@
 {
  host = {
    username = "h";
-    name = "andromache";
    highRam = true;
+    admin = true;
  };
 }
--- a/hosts/astyanax/default.nix
+++ b/hosts/astyanax/default.nix
@@ -47,9 +47,7 @@ in
    ../../modules/yubikey
  ];

-  home-manager.users.${config.host.username} = import ../../home/hosts/astyanax;
-
-  ssh.authorizedHosts = [ "andromache" ];
+  home-manager.users.${config.host.username} = import ../../home/hosts/${config.host.name};

  secrets.nixSigningKey.enable = true;

--- a/hosts/astyanax/host.nix
+++ b/hosts/astyanax/host.nix
@@ -1,7 +1,7 @@
 {
  host = {
    username = "h";
-    name = "astyanax";
    highRam = true;
+    admin = true;
  };
 }
--- a/hosts/eetion-02/default.nix
+++ b/hosts/eetion-02/default.nix
@@ -11,13 +11,6 @@
    ../../modules/ssh
  ];

-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
  boot = {
    kernelParams = [
      "console=ttyS1,115200n8"
--- a/hosts/eetion-02/host.nix
+++ b/hosts/eetion-02/host.nix
@@ -1,6 +1,5 @@
 {
  host = {
    username = "h";
-    name = "eetion-02";
  };
 }
--- a/hosts/eetion/default.nix
+++ b/hosts/eetion/default.nix
@@ -15,13 +15,6 @@

  tailscale.enable = true;

-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
  boot.loader = {
    grub.enable = false;
    generic-extlinux-compatible.enable = true;
--- a/hosts/eetion/host.nix
+++ b/hosts/eetion/host.nix
@@ -1,6 +1,5 @@
 {
  host = {
    username = "h";
-    name = "eetion";
  };
 }
--- a/hosts/hecuba/default.nix
+++ b/hosts/hecuba/default.nix
@@ -18,13 +18,6 @@
  ];

  networking.hostName = config.host.name;
-  ssh = {
-    authorizedHosts = [
-      "andromache"
-      "astyanax"
-    ];
-  };
-
  docker.enable = true;

  fileSystems."/" = {
--- a/hosts/hecuba/host.nix
+++ b/hosts/hecuba/host.nix
@@ -1,6 +1,5 @@
 {
  host = {
    username = "username";
-    name = "hecuba";
  };
 }
--- a/hosts/vm/host.nix
+++ b/hosts/vm/host.nix
@@ -1,6 +1,5 @@
 {
  host = {
    username = "h";
-    name = "vm";
  };
 }
--- a/images/sd-image-orange-pi-aarch64.nix
+++ b/images/sd-image-orange-pi-aarch64.nix
@@ -21,11 +21,6 @@ in
    name = "orange-pi";
  };

-  ssh.authorizedHosts = [
-    "andromache"
-    "astyanax"
-  ];
-
  nix.settings.experimental-features = [
    "nix-command"
    "flakes"
--- a/images/sd-image-raspberry-pi-aarch64.nix
+++ b/images/sd-image-raspberry-pi-aarch64.nix
@@ -21,11 +21,6 @@ in
    name = "raspberry-pi";
  };

-  ssh.authorizedHosts = [
-    "andromache"
-    "astyanax"
-  ];
-
  boot.kernelParams = [
    "console=ttyS1,115200n8"
  ];
--- a/modules/common/host.nix
+++ b/modules/common/host.nix
@@ -24,5 +24,10 @@
      type = lib.types.bool;
      default = false;
    };
+
+    admin = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+    };
  };
 }
--- a/modules/ssh/authorized-keys.nix
+++ b/modules/ssh/authorized-keys.nix
@@ -1,7 +1,12 @@
-{ lib, config, ... }:
+{
+  lib,
+  config,
+  ...
+}:

 let
  inherit (config.host) username;
+  adminHosts = (import ../../utils { inherit lib; }).adminHosts ../../hosts;
 in
 {
  options.ssh = {
@@ -19,6 +24,6 @@ in
        keyFile = ../../hosts/${hostname}/ssh_user.pub;
      in
      lib.optionals (builtins.pathExists keyFile) (lib.splitString "\n" (builtins.readFile keyFile))
-    ) config.ssh.authorizedHosts
+    ) ((builtins.filter (h: h != config.host.name) adminHosts) ++ config.ssh.authorizedHosts)
  );
 }
--- a/utils/default.nix
+++ b/utils/default.nix
@@ -1,12 +1,8 @@
 { lib }:

 let
-  hosts = import ./hosts.nix;
+  fs = import ./fs.nix { inherit lib; };
+  hosts = import ./hosts.nix { inherit lib; };
  secrets = import ./secrets.nix { inherit lib; };
 in
-{
-  dirNames =
-    path: builtins.attrNames (lib.filterAttrs (_: type: type == "directory") (builtins.readDir path));
-}
-// hosts
-// secrets
+fs // hosts // secrets
--- a/utils/fs.nix
+++ b/utils/fs.nix
@@ -0,0 +1,6 @@
+{ lib }:
+
+{
+  dirNames =
+    path: builtins.attrNames (lib.filterAttrs (_: t: t == "directory") (builtins.readDir path));
+}
--- a/utils/hosts.nix
+++ b/utils/hosts.nix
@@ -1,3 +1,8 @@
+{ lib }:
+
+let
+  fs = import ./fs.nix { inherit lib; };
+in
 {
  hostMeta =
    hostDir:
@@ -5,4 +10,10 @@
      import (hostDir + "/meta.nix")
    else
      throw "meta.nix required in ${hostDir}";
+
+  adminHosts =
+    hostsPath:
+    builtins.filter (host: ((import (hostsPath + "/${host}/host.nix")).host.admin or false)) (
+      fs.dirNames hostsPath
+    );
 }