From bb6a3805997702f805edb27b78e2d972d82b2ed6 Mon Sep 17 00:00:00 2001 From: hektor Date: Sat, 17 Jan 2026 19:37:05 +0100 Subject: [PATCH] refactor: simplify hosts files --- home/ssh.pub | 1 - hosts/andromache/default.nix | 39 ++++++++++++------------------------ hosts/astyanax/default.nix | 38 +++++++++++------------------------ hosts/hecuba/default.nix | 21 +++++++++---------- hosts/vm/default.nix | 32 ++++++++++------------------- modules/common/default.nix | 15 ++++++++++++++ 6 files changed, 61 insertions(+), 85 deletions(-) delete mode 100644 home/ssh.pub diff --git a/home/ssh.pub b/home/ssh.pub deleted file mode 100644 index 1754d4b..0000000 --- a/home/ssh.pub +++ /dev/null @@ -1 +0,0 @@ -ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax diff --git a/hosts/andromache/default.nix b/hosts/andromache/default.nix index ef7969c..3157c2f 100644 --- a/hosts/andromache/default.nix +++ b/hosts/andromache/default.nix @@ -6,41 +6,44 @@ pkgs, ... }: - let username = "h"; + hostName = "andromache"; wolInterfaces = import ./wol-interfaces.nix; in { imports = [ ../../modules/common - inputs.disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - inputs.home-manager.nixosModules.default ./hard.nix + inputs.sops-nix.nixosModules.sops ../../modules/boot/bootloader.nix (import ../../modules/disko/zfs-encrypted-root.nix { + inherit lib config; device = "/dev/nvme1n1"; - inherit lib; - inherit config; }) ../../modules/desktops/niri ../../modules/bluetooth ../../modules/keyboard - (import ../../modules/networking { hostName = "andromache"; }) + (import ../../modules/networking { hostName = hostName; }) ../../modules/users ../../modules/audio ../../modules/localization ../../modules/fonts ../../modules/ssh/hardened-openssh.nix (import ../../modules/secrets { - inherit lib; - inherit inputs; - inherit config; + inherit lib inputs config; }) ../../modules/docker ]; + home-manager.users.${username} = import ../../home/hosts/andromache { + inherit inputs config pkgs lib; + }; + + networking.hostName = hostName; + ssh.username = username; + ssh.authorizedHosts = [ "astyanax" ]; + secrets.username = username; docker.user = username; @@ -79,22 +82,6 @@ in environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ]; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit inputs outputs; - }; - users.${username} = import ../../home/hosts/andromache { - inherit lib; - inherit inputs; - inherit config; - inherit pkgs; - }; - }; - - ssh.authorizedHosts = [ "astyanax" ]; - services.xserver = { videoDrivers = [ "nvidia" ]; }; diff --git a/hosts/astyanax/default.nix b/hosts/astyanax/default.nix index f9a5267..f09bf85 100644 --- a/hosts/astyanax/default.nix +++ b/hosts/astyanax/default.nix @@ -6,7 +6,6 @@ pkgs, ... }: - let username = "h"; hostName = "astyanax"; @@ -15,15 +14,12 @@ in { imports = [ ../../modules/common - # inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel - inputs.disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - inputs.home-manager.nixosModules.default ./hard.nix + # inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel + inputs.sops-nix.nixosModules.sops ../../modules/boot/bootloader.nix (import ../../modules/disko/zfs-encrypted-root.nix { - inherit lib; - inherit config; + inherit lib config; device = "/dev/nvme0n1"; }) ../../modules/desktops/niri @@ -36,13 +32,18 @@ in ../../modules/fonts ../../modules/ssh/hardened-openssh.nix (import ../../modules/secrets { - inherit lib; - inherit inputs; - inherit config; - inherit username; + inherit lib inputs config username; }) ]; + home-manager.users.${username} = import ../../home/hosts/astyanax { + inherit inputs config pkgs lib; + }; + + networking.hostName = hostName; + ssh.username = username; + ssh.authorizedHosts = [ "andromache" ]; + hardware = { cpu.intel.updateMicrocode = true; # https://wiki.nixos.org/wiki/Intel_Graphics @@ -73,26 +74,11 @@ in }) ]; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit inputs outputs; - }; - users.${username} = import ../../home/hosts/astyanax { - inherit inputs; - inherit config; - inherit pkgs; - }; - }; - networking = { # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id hostId = "80eef97e"; }; - ssh.authorizedHosts = [ "andromache" ]; - services = { fwupd.enable = true; openssh = { diff --git a/hosts/hecuba/default.nix b/hosts/hecuba/default.nix index 41946d4..1305a44 100644 --- a/hosts/hecuba/default.nix +++ b/hosts/hecuba/default.nix @@ -9,13 +9,21 @@ # Also see +let + username = "username"; + hostName = "hecuba"; +in { imports = [ - ./hard.nix ../../modules/common + ./hard.nix ../../modules/ssh/hardened-openssh.nix ]; + networking.hostName = hostName; + ssh.username = username; + ssh.authorizedHosts = [ "andromache" ]; + fileSystems."/" = { device = "/dev/disk/by-label/nixos"; fsType = "ext4"; @@ -41,16 +49,9 @@ }; }; - ssh = { - username = "username"; - authorizedHosts = [ "andromache" ]; - }; - security.sudo.wheelNeedsPassword = false; - networking = { - firewall.enable = true; - }; + networking.firewall.enable = true; environment.systemPackages = with pkgs; [ vim @@ -66,6 +67,4 @@ enable = true; harden = true; }; - - networking.hostName = "hecuba"; } diff --git a/hosts/vm/default.nix b/hosts/vm/default.nix index aafca92..8cf643c 100644 --- a/hosts/vm/default.nix +++ b/hosts/vm/default.nix @@ -6,21 +6,19 @@ pkgs, ... }: - let username = "h"; + hostName = "vm"; in { imports = [ ../../modules/common - inputs.disko.nixosModules.disko - inputs.sops-nix.nixosModules.sops - inputs.home-manager.nixosModules.default ./hard.nix + inputs.sops-nix.nixosModules.sops ./disk.nix ../../modules/boot/bootloader.nix ../../modules/keyboard - (import ../../modules/networking { hostName = "vm"; }) + (import ../../modules/networking { hostName = hostName; }) ../../modules/users ../../modules/audio ../../modules/localization @@ -28,12 +26,17 @@ in ../../modules/fonts ../../modules/ssh/hardened-openssh.nix (import ../../modules/secrets { - inherit lib; - inherit inputs; - inherit config; + inherit lib inputs config; }) ]; + home-manager.users.${username} = import ../../home/hosts/vm { + inherit inputs config pkgs; + }; + + networking.hostName = hostName; + ssh.username = username; + secrets.username = username; environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ]; @@ -56,19 +59,6 @@ in }; }; - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = { - inherit inputs outputs; - }; - users.${username} = import ../../home/hosts/vm { - inherit inputs; - inherit config; - inherit pkgs; - }; - }; - services.qemuGuest.enable = true; services.spice-vdagentd.enable = true; diff --git a/modules/common/default.nix b/modules/common/default.nix index db24448..8084f24 100644 --- a/modules/common/default.nix +++ b/modules/common/default.nix @@ -1,4 +1,11 @@ +{ inputs, outputs, ... }: + { + imports = [ + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.default + ]; + system.stateVersion = "25.05"; nix.settings.experimental-features = [ @@ -7,4 +14,12 @@ ]; nixpkgs.config.allowUnfree = true; + + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = { + inherit inputs outputs; + }; + }; }