refactor: simplify hosts files

home/ssh.pub

@@ -1 +0,0 @@
-ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIzP1PjIDb1tN9nhPOK88HYDtTNk9SN9ZpEem2id49Fa h@astyanax

hosts/andromache/default.nix

@@ -6,41 +6,44 @@
   pkgs,
   ...
 }:
-
 let
   username = "h";
+  hostName = "andromache";
   wolInterfaces = import ./wol-interfaces.nix;
 in
 {
   imports = [
     ../../modules/common
-    inputs.disko.nixosModules.disko
-    inputs.sops-nix.nixosModules.sops
-    inputs.home-manager.nixosModules.default
     ./hard.nix
+    inputs.sops-nix.nixosModules.sops
     ../../modules/boot/bootloader.nix
     (import ../../modules/disko/zfs-encrypted-root.nix {
+      inherit lib config;
       device = "/dev/nvme1n1";
-      inherit lib;
-      inherit config;
     })
     ../../modules/desktops/niri
     ../../modules/bluetooth
     ../../modules/keyboard
-    (import ../../modules/networking { hostName = "andromache"; })
+    (import ../../modules/networking { hostName = hostName; })
     ../../modules/users
     ../../modules/audio
     ../../modules/localization
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
-      inherit lib;
+      inherit lib inputs config;
-      inherit inputs;
-      inherit config;
     })
     ../../modules/docker
   ];
 
+  home-manager.users.${username} = import ../../home/hosts/andromache {
+    inherit inputs config pkgs lib;
+  };
+
+  networking.hostName = hostName;
+  ssh.username = username;
+  ssh.authorizedHosts = [ "astyanax" ];
+
   secrets.username = username;
   docker.user = username;
 
@@ -79,22 +82,6 @@ in
 
   environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
 
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {
-      inherit inputs outputs;
-    };
-    users.${username} = import ../../home/hosts/andromache {
-      inherit lib;
-      inherit inputs;
-      inherit config;
-      inherit pkgs;
-    };
-  };
-
-  ssh.authorizedHosts = [ "astyanax" ];
-
   services.xserver = {
     videoDrivers = [ "nvidia" ];
   };

hosts/astyanax/default.nix

@@ -6,7 +6,6 @@
   pkgs,
   ...
 }:
-
 let
   username = "h";
   hostName = "astyanax";
@@ -15,15 +14,12 @@ in
 {
   imports = [
     ../../modules/common
-    # inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
-    inputs.disko.nixosModules.disko
-    inputs.sops-nix.nixosModules.sops
-    inputs.home-manager.nixosModules.default
     ./hard.nix
+    # inputs.nixos-hardware.nixosModules.lenovo-thinkpad-e14-intel
+    inputs.sops-nix.nixosModules.sops
     ../../modules/boot/bootloader.nix
     (import ../../modules/disko/zfs-encrypted-root.nix {
-      inherit lib;
+      inherit lib config;
-      inherit config;
       device = "/dev/nvme0n1";
     })
     ../../modules/desktops/niri
@@ -36,13 +32,18 @@ in
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
-      inherit lib;
+      inherit lib inputs config username;
-      inherit inputs;
-      inherit config;
-      inherit username;
     })
   ];
 
+  home-manager.users.${username} = import ../../home/hosts/astyanax {
+    inherit inputs config pkgs lib;
+  };
+
+  networking.hostName = hostName;
+  ssh.username = username;
+  ssh.authorizedHosts = [ "andromache" ];
+
   hardware = {
     cpu.intel.updateMicrocode = true;
     # https://wiki.nixos.org/wiki/Intel_Graphics
@@ -73,26 +74,11 @@ in
     })
   ];
 
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {
-      inherit inputs outputs;
-    };
-    users.${username} = import ../../home/hosts/astyanax {
-      inherit inputs;
-      inherit config;
-      inherit pkgs;
-    };
-  };
-
   networking = {
     # TODO: generate unique hostId on actual host with: head -c 8 /etc/machine-id
     hostId = "80eef97e";
   };
 
-  ssh.authorizedHosts = [ "andromache" ];
-
   services = {
     fwupd.enable = true;
     openssh = {

hosts/hecuba/default.nix

@@ -9,13 +9,21 @@
 
 # Also see <https://wiki.nixos.org/wiki/Install_NixOS_on_Hetzner_Cloud>
 
+let
+  username = "username";
+  hostName = "hecuba";
+in
 {
   imports = [
-    ./hard.nix
     ../../modules/common
+    ./hard.nix
     ../../modules/ssh/hardened-openssh.nix
   ];
 
+  networking.hostName = hostName;
+  ssh.username = username;
+  ssh.authorizedHosts = [ "andromache" ];
+
   fileSystems."/" = {
     device = "/dev/disk/by-label/nixos";
     fsType = "ext4";
@@ -41,16 +49,9 @@
     };
   };
 
-  ssh = {
-    username = "username";
-    authorizedHosts = [ "andromache" ];
-  };
-
   security.sudo.wheelNeedsPassword = false;
 
-  networking = {
+  networking.firewall.enable = true;
-    firewall.enable = true;
-  };
 
   environment.systemPackages = with pkgs; [
     vim
@@ -66,6 +67,4 @@
     enable = true;
     harden = true;
   };
-
-  networking.hostName = "hecuba";
 }

hosts/vm/default.nix

@@ -6,21 +6,19 @@
   pkgs,
   ...
 }:
-
 let
   username = "h";
+  hostName = "vm";
 in
 {
   imports = [
     ../../modules/common
-    inputs.disko.nixosModules.disko
-    inputs.sops-nix.nixosModules.sops
-    inputs.home-manager.nixosModules.default
     ./hard.nix
+    inputs.sops-nix.nixosModules.sops
     ./disk.nix
     ../../modules/boot/bootloader.nix
     ../../modules/keyboard
-    (import ../../modules/networking { hostName = "vm"; })
+    (import ../../modules/networking { hostName = hostName; })
     ../../modules/users
     ../../modules/audio
     ../../modules/localization
@@ -28,12 +26,17 @@ in
     ../../modules/fonts
     ../../modules/ssh/hardened-openssh.nix
     (import ../../modules/secrets {
-      inherit lib;
+      inherit lib inputs config;
-      inherit inputs;
-      inherit config;
     })
   ];
 
+  home-manager.users.${username} = import ../../home/hosts/vm {
+    inherit inputs config pkgs;
+  };
+
+  networking.hostName = hostName;
+  ssh.username = username;
+
   secrets.username = username;
 
   environment.systemPackages = [ inputs.nvim.packages.x86_64-linux.nvim ];
@@ -56,19 +59,6 @@ in
     };
   };
 
-  home-manager = {
-    useGlobalPkgs = true;
-    useUserPackages = true;
-    extraSpecialArgs = {
-      inherit inputs outputs;
-    };
-    users.${username} = import ../../home/hosts/vm {
-      inherit inputs;
-      inherit config;
-      inherit pkgs;
-    };
-  };
-
   services.qemuGuest.enable = true;
   services.spice-vdagentd.enable = true;
 

modules/common/default.nix

@@ -1,4 +1,11 @@
+{ inputs, outputs, ... }:
+
 {
+  imports = [
+    inputs.disko.nixosModules.disko
+    inputs.home-manager.nixosModules.default
+  ];
+
   system.stateVersion = "25.05";
 
   nix.settings.experimental-features = [
@@ -7,4 +14,12 @@
   ];
 
   nixpkgs.config.allowUnfree = true;
+
+  home-manager = {
+    useGlobalPkgs = true;
+    useUserPackages = true;
+    extraSpecialArgs = {
+      inherit inputs outputs;
+    };
+  };
 }