flake: import flakes in {machine,user}-specific configs

2023-10-14 13:53:54 +08:00 · 2023-10-14 13:53:54 +08:00 · 902c079413
commit 902c079413
parent 92ca867f76
5 changed files with 26 additions and 71 deletions
--- a/flake.nix
+++ b/flake.nix
@ -69,7 +69,7 @@
          ./machines/darwin/imac-2017       # Hardware-specific configurations
                                            # Machine-specific configurations (does such stuff even exist on nix-darwin)
          ./users/guanranwang/darwin.nix    # User-specific configurations
-          ./flakes/darwin/home-manager.nix  # Flakes
+           # Flakes

          { networking.hostName = "iMac-macOS"; }
        ];
@ -85,21 +85,10 @@
        modules = [
          ./nixos                                             # Entrypoint
          ./machines/nixos/81fw-lenovo-legion-y7000           # Hardware-specific configurations
-          #./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
+          ./machines/nixos/81fw-lenovo-legion-y7000/machine-1 # Machine-specific configurations
          ./users/guanranwang/nixos.nix                       # User-specific configurations
-          ./flakes/nixos/berberman.nix                        # Flakes
-          ./flakes/nixos/home-manager.nix
-          ./flakes/nixos/hosts.nix
-          ./flakes/nixos/lanzaboote.nix
-          ./flakes/nixos/sops-nix.nix
-          ./flakes/nixos/impermanence.nix
-          ./flakes/nixos/disko.nix

-          {
-            _module.args.disks = [ "/dev/nvme0n1" ]; # Disko
-            boot.initrd.systemd.enable = true; # LUKS TPM unlocking
-            networking.hostName = "81fw-nixos";
-          }
+          { networking.hostName = "81fw-nixos"; }
        ];
      };

@ -112,11 +101,6 @@
          ./machines/nixos/imac-2017
          ./machines/nixos/imac-2017/machine-1
          ./users/guanranwang/nixos.nix
-          ./flakes/nixos/berberman.nix
-          ./flakes/nixos/home-manager.nix
-          ./flakes/nixos/hosts.nix
-          ./flakes/nixos/lanzaboote.nix
-          ./flakes/nixos/sops-nix.nix

          { networking.hostName = "imac-nixos"; }
        ];
--- a/machines/nixos/81fw-lenovo-legion-y7000/machine-1/default.nix
+++ b/machines/nixos/81fw-lenovo-legion-y7000/machine-1/default.nix
@ -2,6 +2,11 @@

 {
  imports = [
-    ./partition.nix
+    ../../../../flakes/nixos/lanzaboote.nix
+    ../../../../flakes/nixos/impermanence.nix
+    ../../../../flakes/nixos/disko.nix
  ];
+
+  _module.args.disks = [ "/dev/nvme0n1" ];  # Disko
+  boot.initrd.systemd.enable = true;        # LUKS TPM unlocking
 }
--- a/machines/nixos/81fw-lenovo-legion-y7000/machine-1/partition.nix
+++ b/machines/nixos/81fw-lenovo-legion-y7000/machine-1/partition.nix
@ -1,41 +0,0 @@
-{ ... }:
-
-{
-  fileSystems = {
-    "/" = {
-      device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "subvol=@" ]; # nested subvol
-    };
-    #"/" = {
-    #  device = "none";
-    #  fsType = "tmpfs";
-    #  options = [ "size=3G" "mode=755" ]; # mode=755 so only root can write to those files
-    #};
-
-    "/home" = {
-      device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
-      fsType = "btrfs";
-      options = [ "compress=zstd" "subvol=@home" ];
-    };
-
-    #"/var/lib/flatpak" = {
-    #  device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
-    #  fsType = "btrfs";
-    #  options = [ "compress=zstd" "subvol=@flatpak" ];
-    #};
-
-    "/btrfs" = {
-      device = "/dev/disk/by-uuid/6288ce7a-a153-4302-a4de-5dc71f58da79";
-      fsType = "btrfs";
-      options = [ "compress=zstd" ];
-    };
-
-    "/boot" = {
-      device = "/dev/disk/by-uuid/C44A-313A";
-      fsType = "vfat";
-    };
-  };
-
-  swapDevices = [ { device = "/dev/disk/by-uuid/0ba792d3-571d-44bb-8696-82126611784d"; } ];
-}
--- a/users/guanranwang/darwin.nix
+++ b/users/guanranwang/darwin.nix
@ -12,6 +12,10 @@
    };
  };

-  # Flakes.
+  # Flakes
+  imports = [
+    ../../flakes/darwin/home-manager.nix
+  ];
+  ### home-manager
  home-manager.users.guanranwang = import ./home-manager/darwin; # NOTE: using flakes
 }
--- a/users/guanranwang/nixos.nix
+++ b/users/guanranwang/nixos.nix
@ -12,27 +12,30 @@



-  # Flakes.
+  # Flakes
+  imports = [
+    ../../flakes/nixos/home-manager.nix
+    ../../flakes/nixos/sops-nix.nix
+    ../../flakes/nixos/hosts.nix
+    ../../flakes/nixos/berberman.nix
+  ];
+  ### home-manager
  home-manager.users.guanranwang = import ./home-manager/nixos;
-
+  ### sops-nix
  sops = {
    defaultSopsFile = ./secrets/secrets.yaml;
    age.sshKeyPaths = [ "/nix/persist/system/etc/ssh/ssh_host_ed25519_key" ];
    gnupg.sshKeyPaths = [];
    secrets = {
-      "clash-config" = {
+      "hashed-passwd".neededForUsers = true;                # Hashed user password
+      "wireless/home".path = "/var/lib/iwd/wangxiaobo.psk"; # Home wifi password
+      "clash-config" = {                                    # Clash.Meta configuration
        #mode = "0444"; # readable
        owner = config.users.users."clash-meta".name;
        group = config.users.users."clash-meta".group;
        restartUnits = [ "clash-meta.service" ];
        path = "/etc/clash-meta/config.yaml";
      };
-      "hashed-passwd".neededForUsers = true;
-      "wireless/home" = {};
    };
  };
-
-  systemd.tmpfiles.rules = [
-    "C /var/lib/iwd/wangxiaobo.psk - - - - ${config.sops.secrets."wireless/home".path}"
-  ];
 }