nixos: remove ./flake-modules

This commit is contained in:
Guanran Wang 2023-12-10 23:56:40 +08:00
parent 491f672b14
commit ada1f8980e
Signed by: nyancat
SSH key fingerprint: SHA256:8oWGKciPALWut/6WA27oFKofX+6Wtc0gQnsefXLQx/8
17 changed files with 31 additions and 94 deletions

View file

@ -21,7 +21,6 @@ It just works™
│ ### System configuration │ ### System configuration
├──  darwin ├──  darwin
├──  nixos ├──  nixos
│ ├──  flake-modules
│ ├──  hardware │ ├──  hardware
│ ├──  modules │ ├──  modules
│ └──  profiles │ └──  profiles

View file

@ -175,14 +175,14 @@
./users/guanranwang/nixos/profiles/core ./users/guanranwang/nixos/profiles/core
./users/guanranwang/nixos/profiles/device-type/laptop ./users/guanranwang/nixos/profiles/device-type/laptop
./users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix ./users/guanranwang/nixos/profiles/opt-in/clash-meta-client.nix
./users/guanranwang/nixos/profiles/opt-in/gaming.nix ./users/guanranwang/nixos/profiles/opt-in/gaming
./users/guanranwang/nixos/profiles/opt-in/torrenting.nix ./users/guanranwang/nixos/profiles/opt-in/torrenting
# Hardware # Hardware
./nixos/hardware/lenovo/legion/81fw ./nixos/hardware/lenovo/legion/81fw
./nixos/flake-modules/lanzaboote.nix ./nixos/profiles/opt-in/lanzaboote.nix
./nixos/flake-modules/impermanence.nix ./nixos/profiles/opt-in/impermanence.nix
./nixos/flake-modules/disko.nix ./nixos/profiles/opt-in/disko.nix
{ {
networking.hostName = "Aristotle"; networking.hostName = "Aristotle";

View file

@ -1,13 +0,0 @@
{
inputs,
lib,
...
}: {
nixpkgs.overlays = [
inputs.berberman.overlays.default
];
nix.settings = {
substituters = lib.mkAfter ["https://berberman.cachix.org"];
trusted-public-keys = ["berberman.cachix.org-1:UHGhodNXVruGzWrwJ12B1grPK/6Qnrx2c3TjKueQPds="];
};
}

View file

@ -1,9 +0,0 @@
{inputs, ...}: {
imports = [inputs.home-manager.nixosModules.home-manager];
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
};
}

View file

@ -1,6 +0,0 @@
{lib, ...}: {
nix.settings = {
substituters = lib.mkAfter ["https://hyprland.cachix.org"];
trusted-public-keys = ["hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="];
};
}

View file

@ -1,3 +0,0 @@
{inputs, ...}: {
imports = [inputs.sops-nix.nixosModules.sops];
}

View file

@ -1,15 +1,27 @@
{ {
config, config,
lib, lib,
inputs,
... ...
}: { }: {
# Imported by default
imports = [ imports = [
../../modules ../../modules
./nix ./nix
./packages ./packages
./sysctl.nix ./sysctl.nix
# Flake modules
inputs.disko.nixosModules.disko
inputs.home-manager.nixosModules.home-manager
inputs.impermanence.nixosModules.impermanence
inputs.lanzaboote.nixosModules.lanzaboote
inputs.sops-nix.nixosModules.sops
];
# Flake overlays
nixpkgs.overlays = [
inputs.berberman.overlays.default
]; ];
boot.initrd.systemd.enable = true; boot.initrd.systemd.enable = true;
@ -76,6 +88,12 @@
#}; #};
}; };
home-manager = {
useGlobalPkgs = true;
useUserPackages = true;
extraSpecialArgs = {inherit inputs;}; # ??? isnt specialArgs imported by default ???
};
### Basic hardening ### Basic hardening
# ref: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix # ref: https://github.com/NixOS/nixpkgs/blob/master/nixos/modules/profiles/hardened.nix
# ref: https://madaidans-insecurities.github.io/guides/linux-hardening.html # ref: https://madaidans-insecurities.github.io/guides/linux-hardening.html

View file

@ -14,10 +14,14 @@
++ [ ++ [
"https://nix-community.cachix.org" "https://nix-community.cachix.org"
"https://cache.garnix.io" "https://cache.garnix.io"
"https://berberman.cachix.org"
"https://hyprland.cachix.org"
]; ];
trusted-public-keys = [ trusted-public-keys = [
"nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs=" "nix-community.cachix.org-1:mB9FSh9qf2dCimDSUo8Zy7bkq5CX+/rkCWyvRCYg3Fs="
"cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g=" "cache.garnix.io:CTFPyKSLcx5RMJKfLo5EEPUObbA78b0YQ2DTCJXqr9g="
"berberman.cachix.org-1:UHGhodNXVruGzWrwJ12B1grPK/6Qnrx2c3TjKueQPds="
"hyprland.cachix.org-1:a7pgxzMz7+chwVL3/pzj6jIBMioiJM7ypFP8PwtkuGc="
]; ];
use-xdg-base-directories = true; use-xdg-base-directories = true;
}; };

View file

@ -1,10 +1,4 @@
{ {disks ? ["/dev/sda"], ...}: {
inputs,
disks ? ["/dev/sda"],
...
}: {
imports = [inputs.disko.nixosModules.disko];
disko.devices = { disko.devices = {
disk = { disk = {
"one" = { "one" = {

View file

@ -1,13 +1,4 @@
{ {lib, ...}: {
inputs,
lib,
...
}: {
imports = [
inputs.impermanence.nixosModules.impermanence
./sops-nix.nix
];
### sops-nix ### sops-nix
sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"]; sops.age.sshKeyPaths = lib.mkForce ["/nix/persist/system/etc/ssh/ssh_host_ed25519_key"];

View file

@ -1,10 +1,4 @@
{ {pkgs, ...}: {
inputs,
pkgs,
...
}: {
imports = [inputs.lanzaboote.nixosModules.lanzaboote];
environment.systemPackages = with pkgs; [sbctl]; environment.systemPackages = with pkgs; [sbctl];
boot.loader.systemd-boot.enable = false; boot.loader.systemd-boot.enable = false;
boot.lanzaboote = { boot.lanzaboote = {

View file

@ -16,12 +16,5 @@
### Options ### Options
myFlake.darwin.networking.dns.provider = lib.mkDefault "alidns"; myFlake.darwin.networking.dns.provider = lib.mkDefault "alidns";
### Flakes
imports = [
../../../../../darwin/flake-modules/home-manager.nix
];
### home-manager
home-manager.users.guanranwang = import ./home; home-manager.users.guanranwang = import ./home;
} }

View file

@ -23,12 +23,6 @@
users.groups."nix-access-tokens" = {}; users.groups."nix-access-tokens" = {};
nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}"; nix.extraOptions = "!include ${config.sops.secrets.nix-access-tokens.path}";
### Flakes
imports = [
../../../../../nixos/flake-modules/sops-nix.nix
../../../../../nixos/flake-modules/home-manager.nix
];
### sops-nix ### sops-nix
sops = { sops = {
defaultSopsFile = ../../../secrets/secrets.yaml; defaultSopsFile = ../../../secrets/secrets.yaml;

View file

@ -3,13 +3,6 @@
lib, lib,
... ...
}: { }: {
imports = [
### Flakes
../../../../../../nixos/flake-modules/sops-nix.nix
../../../../../../nixos/flake-modules/home-manager.nix
../../../../../../nixos/flake-modules/berberman.nix
];
### Options ### Options
myFlake.nixos.boot.noLoaderMenu = lib.mkDefault true; myFlake.nixos.boot.noLoaderMenu = lib.mkDefault true;

View file

@ -4,10 +4,6 @@
inputs, inputs,
... ...
}: { }: {
imports = [
../../../../../nixos/flake-modules/sops-nix.nix
];
### sops-nix ### sops-nix
sops.secrets."clash-config" = { sops.secrets."clash-config" = {
owner = config.users.users."clash-meta".name; owner = config.users.users."clash-meta".name;

View file

@ -5,10 +5,6 @@
}: let }: let
port = 43956; port = 43956;
in { in {
imports = [
../../../../../../nixos/flake-modules/sops-nix.nix
];
### Firewall ### Firewall
networking.firewall = { networking.firewall = {
allowedTCPPorts = [port 80 443]; allowedTCPPorts = [port 80 443];

View file

@ -5,10 +5,6 @@
}: let }: let
port = "33829"; port = "33829";
in { in {
imports = [
../../../../../../nixos/flake-modules/sops-nix.nix
];
### Firewall ### Firewall
networking.firewall = { networking.firewall = {
allowedTCPPorts = [port]; allowedTCPPorts = [port];