diff --git a/README.md b/README.md index 6eb78d1..ba8c84a 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,6 @@ It just works™ │ ### System configuration ├──  darwin ├──  nixos -│ ├──  flake-modules │ ├──  hardware │ ├──  modules │ └──  profiles diff --git a/flake.nix b/flake.nix index 00bd6ab..0b8470f 100755 --- a/flake.nix +++ b/flake.nix @@ -175,14 +175,14 @@ ./users/guanranwang/nixos/profiles/core ./users/guanranwang/nixos/profiles/device-type/laptop ./users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix - ./users/guanranwang/nixos/profiles/opt-in/gaming.nix - ./users/guanranwang/nixos/profiles/opt-in/torrenting.nix + ./users/guanranwang/nixos/profiles/opt-in/gaming + ./users/guanranwang/nixos/profiles/opt-in/torrenting # Hardware ./nixos/hardware/lenovo/legion/81fw - ./nixos/flake-modules/lanzaboote.nix - ./nixos/flake-modules/impermanence.nix - ./nixos/flake-modules/disko.nix + ./nixos/profiles/opt-in/lanzaboote.nix + ./nixos/profiles/opt-in/impermanence.nix + ./nixos/profiles/opt-in/disko.nix { networking.hostName = "Aristotle"; diff --git a/nixos/flake-modules/berberman.nix b/nixos/flake-modules/berberman.nix deleted file mode 100644 index 1f3af3d..0000000 --- a/nixos/flake-modules/berberman.nix +++ /dev/null @@ -1,13 +0,0 @@ -{ - inputs, - lib, - ... -}: { - nixpkgs.overlays = [ - inputs.berberman.overlays.default - ]; - nix.settings = { - substituters = lib.mkAfter ["https://berberman.cachix.org"]; - trusted-public-keys = ["berberman.cachix.org-1:UHGhodNXVruGzWrwJ12B1grPK/6Qnrx2c3TjKueQPds="]; - }; -} diff --git a/nixos/flake-modules/home-manager.nix b/nixos/flake-modules/home-manager.nix deleted file mode 100644 index 7ddd20b..0000000 --- a/nixos/flake-modules/home-manager.nix +++ /dev/null @@ -1,9 +0,0 @@ -{inputs, ...}: { - imports = [inputs.home-manager.nixosModules.home-manager]; - - home-manager = { - useGlobalPkgs = true; - useUserPackages = true; - extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ??? - }; -} diff --git a/nixos/flake-modules/hyprland.nix b/nixos/flake-modules/hyprland.nix deleted file mode 100644 index 478ab2f..0000000 --- a/nixos/flake-modules/hyprland.nix +++ /dev/null @@ -1,6 +0,0 @@ -{lib, ...}: { - nix.settings = { - substituters = lib.mkAfter ["https://hyprland.cachix.org"]; - trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="]; - }; -} diff --git a/nixos/flake-modules/sops-nix.nix b/nixos/flake-modules/sops-nix.nix deleted file mode 100644 index c7f4a27..0000000 --- a/nixos/flake-modules/sops-nix.nix +++ /dev/null @@ -1,3 +0,0 @@ -{inputs, ...}: { - imports = [inputs.sops-nix.nixosModules.sops]; -} diff --git a/nixos/profiles/core/default.nix b/nixos/profiles/core/default.nix index 781dbf4..acec9e8 100644 --- a/nixos/profiles/core/default.nix +++ b/nixos/profiles/core/default.nix @@ -1,15 +1,27 @@ { config, lib, + inputs, ... }: { - # Imported by default imports = [ ../../modules ./nix ./packages ./sysctl.nix + + # Flake modules + inputs.disko.nixosModules.disko + inputs.home-manager.nixosModules.home-manager + inputs.impermanence.nixosModules.impermanence + inputs.lanzaboote.nixosModules.lanzaboote + inputs.sops-nix.nixosModules.sops + ]; + + # Flake overlays + nixpkgs.overlays = [ + inputs.berberman.overlays.default ]; boot.initrd.systemd.enable = true; @@ -76,6 +88,12 @@ #}; }; + home-manager = { + useGlobalPkgs = true; + useUserPackages = true; + extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ??? + }; + ### Basic hardening # ref: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix # ref: https://madaidans-insecurities.github.io/guides/linux-hardening.html diff --git a/nixos/profiles/core/nix/nix.nix b/nixos/profiles/core/nix/nix.nix index 6d360fd..6ff2bbb 100755 --- a/nixos/profiles/core/nix/nix.nix +++ b/nixos/profiles/core/nix/nix.nix @@ -14,10 +14,14 @@ ++ [ "https://nix-community.cachix.org" "https://cache.garnix.io" + "https://berberman.cachix.org" + "https://hyprland.cachix.org" ]; trusted-public-keys = [ "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" + "berberman.cachix.org-1:UHGhodNXVruGzWrwJ12B1grPK/6Qnrx2c3TjKueQPds=" + "hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc=" ]; use-xdg-base-directories = true; }; diff --git a/nixos/flake-modules/disko.nix b/nixos/profiles/opt-in/disko.nix similarity index 95% rename from nixos/flake-modules/disko.nix rename to nixos/profiles/opt-in/disko.nix index 234ceb3..69e77a4 100644 --- a/nixos/flake-modules/disko.nix +++ b/nixos/profiles/opt-in/disko.nix @@ -1,10 +1,4 @@ -{ - inputs, - disks ? ["/dev/sda"], - ... -}: { - imports = [inputs.disko.nixosModules.disko]; - +{disks ? ["/dev/sda"], ...}: { disko.devices = { disk = { "one" = { diff --git a/nixos/flake-modules/impermanence.nix b/nixos/profiles/opt-in/impermanence.nix similarity index 91% rename from nixos/flake-modules/impermanence.nix rename to nixos/profiles/opt-in/impermanence.nix index 965f9fd..e305f3d 100644 --- a/nixos/flake-modules/impermanence.nix +++ b/nixos/profiles/opt-in/impermanence.nix @@ -1,13 +1,4 @@ -{ - inputs, - lib, - ... -}: { - imports = [ - inputs.impermanence.nixosModules.impermanence - ./sops-nix.nix - ]; - +{lib, ...}: { ### sops-nix sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"]; diff --git a/nixos/flake-modules/lanzaboote.nix b/nixos/profiles/opt-in/lanzaboote.nix similarity index 66% rename from nixos/flake-modules/lanzaboote.nix rename to nixos/profiles/opt-in/lanzaboote.nix index 5f6a78e..d4d0238 100644 --- a/nixos/flake-modules/lanzaboote.nix +++ b/nixos/profiles/opt-in/lanzaboote.nix @@ -1,10 +1,4 @@ -{ - inputs, - pkgs, - ... -}: { - imports = [inputs.lanzaboote.nixosModules.lanzaboote]; - +{pkgs, ...}: { environment.systemPackages = with pkgs; [sbctl]; boot.loader.systemd-boot.enable = false; boot.lanzaboote = { diff --git a/users/guanranwang/darwin/profiles/core/default.nix b/users/guanranwang/darwin/profiles/core/default.nix index 200f2d8..54ffa84 100644 --- a/users/guanranwang/darwin/profiles/core/default.nix +++ b/users/guanranwang/darwin/profiles/core/default.nix @@ -16,12 +16,5 @@ ### Options myFlake.darwin.networking.dns.provider = lib.mkDefault "alidns"; - - ### Flakes - imports = [ - ../../../../../darwin/flake-modules/home-manager.nix - ]; - - ### home-manager home-manager.users.guanranwang = import ./home; } diff --git a/users/guanranwang/nixos/profiles/core/default.nix b/users/guanranwang/nixos/profiles/core/default.nix index f7412b2..fae2b51 100644 --- a/users/guanranwang/nixos/profiles/core/default.nix +++ b/users/guanranwang/nixos/profiles/core/default.nix @@ -23,12 +23,6 @@ users.groups."nix-access-tokens" = {}; nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; - ### Flakes - imports = [ - ../../../../../nixos/flake-modules/sops-nix.nix - ../../../../../nixos/flake-modules/home-manager.nix - ]; - ### sops-nix sops = { defaultSopsFile = ../../../secrets/secrets.yaml; diff --git a/users/guanranwang/nixos/profiles/device-type/desktop/default.nix b/users/guanranwang/nixos/profiles/device-type/desktop/default.nix index a17eaef..67db9c3 100644 --- a/users/guanranwang/nixos/profiles/device-type/desktop/default.nix +++ b/users/guanranwang/nixos/profiles/device-type/desktop/default.nix @@ -3,13 +3,6 @@ lib, ... }: { - imports = [ - ### Flakes - ../../../../../../nixos/flake-modules/sops-nix.nix - ../../../../../../nixos/flake-modules/home-manager.nix - ../../../../../../nixos/flake-modules/berberman.nix - ]; - ### Options myFlake.nixos.boot.noLoaderMenu = lib.mkDefault true; diff --git a/users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix b/users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix index 485bef0..031dde0 100644 --- a/users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix +++ b/users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix @@ -4,10 +4,6 @@ inputs, ... }: { - imports = [ - ../../../../../nixos/flake-modules/sops-nix.nix - ]; - ### sops-nix sops.secrets."clash-config" = { owner = config.users.users."clash-meta".name; diff --git a/users/guanranwang/nixos/profiles/opt-in/hysteria2-server.nix b/users/guanranwang/nixos/profiles/opt-in/hysteria2-server.nix index 7b05309..ffa0e26 100644 --- a/users/guanranwang/nixos/profiles/opt-in/hysteria2-server.nix +++ b/users/guanranwang/nixos/profiles/opt-in/hysteria2-server.nix @@ -5,10 +5,6 @@ }: let port = 43956; in { - imports = [ - ../../../../../../nixos/flake-modules/sops-nix.nix - ]; - ### Firewall networking.firewall = { allowedTCPPorts = [port 80 443]; diff --git a/users/guanranwang/nixos/profiles/opt-in/juicity-server.nix b/users/guanranwang/nixos/profiles/opt-in/juicity-server.nix index bdebbd6..da3b405 100644 --- a/users/guanranwang/nixos/profiles/opt-in/juicity-server.nix +++ b/users/guanranwang/nixos/profiles/opt-in/juicity-server.nix @@ -5,10 +5,6 @@ }: let port = "33829"; in { - imports = [ - ../../../../../../nixos/flake-modules/sops-nix.nix - ]; - ### Firewall networking.firewall = { allowedTCPPorts = [port];