reorg hosts

flake.lock

@@ -271,11 +271,11 @@
     },
     "nixpkgs-unstable": {
       "locked": {
-        "lastModified": 1716330097,
-        "narHash": "sha256-8BO3B7e3BiyIDsaKA0tY8O88rClYRTjvAp66y+VBUeU=",
+        "lastModified": 1716509168,
+        "narHash": "sha256-4zSIhSRRIoEBwjbPm3YiGtbd8HDWzFxJjw5DYSDy1n8=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "5710852ba686cc1fd0d3b8e22b3117d43ba374c2",
+        "rev": "bfb7a882678e518398ce9a31a881538679f6f092",
         "type": "github"
       },
       "original": {

hosts/common/core/default.nix

@@ -1,10 +1,41 @@
-{ pkgs, lib, inputs, config, ...}: 
+{ pkgs, lib, inputs, config, outputs, ...}: 
+let
+  sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
+in
 {
   imports = [
     ./sops.nix
     ./locale.nix
+      inputs.impermanence.nixosModules.impermanence
   ];
 
+  nixpkgs = {
+      overlays = [
+        outputs.overlays.additions
+        outputs.overlays.modifications
+        outputs.overlays.unstable-packages
+      ];
+      config = {
+        allowUnfree = true;
+      };
+    };
+
+  programs.gnupg.agent = {
+    enable = true;
+    enableSSHSupport = true;
+  };
+
+  nix.settings.experimental-features = [ "nix-command" "flakes" ];
+
+  users = {
+    mutableUsers = true;
+    extraUsers = {
+      root = {
+        hashedPasswordFile = sopsHashedPasswordFile;
+      };
+     };
+  };
+
   environment.systemPackages = [
       pkgs.rsync
       pkgs.curl

hosts/common/core/locale.nix

@@ -5,4 +5,6 @@
     keyMap = "uk";
     useXkbConfig = false; 
   };
+  time.timeZone = "Europe/London";
 }
+

hosts/common/core/sops.nix

@@ -3,7 +3,7 @@
 let
   secretsDirectory = builtins.toString inputs.nix-secrets;
   secretsFile = "${secretsDirectory}/secrets.yaml";
-  hasOptinPersistence = environment.persistence ? "/persist";
+  hasOptinPersistence = config.environment.persistence ? "/persist";
   hostname = config.networking.hostName;
 
 in

hosts/common/optional/openssh.nix

@@ -1,7 +1,7 @@
 { lib, config, ... }:
 let
   sshPort = 22;
-  hasOptinPersistence = environment.persistence ? "/persist";
+  hasOptinPersistence = config.environment.persistence ? "/persist";
 
 in
 

hosts/common/users/media/default.nix

@@ -5,11 +5,11 @@ let
   sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/${user}".path;
   secretsDirectory = builtins.toString inputs.nix-secrets;
   secretsFile = "${secretsDirectory}/secrets.yaml";
-  user = "media";
+  username = "media";
 
 in 
 {
-  users.users.media = {
+  users.users.${username} = {
     isNormalUser = true;
     shell = pkgs.zsh; # default shell
     hashedPasswordFile = sopsHashedPasswordFile;
@@ -40,31 +40,25 @@ in
     };
   };
 
-  sops.secrets."passwords/${user}" = {
+  sops.secrets."passwords/${username}" = {
     sopsFile = "${secretsFile}";
     neededForUsers = true;
   };
 
-  sops.secrets."ssh_keys/${user}/id_ed25519" = {
-    path = "/home/${user}/.ssh/id_ed25519";
+  sops.secrets."ssh_keys/${username}/id_ed25519" = {
+    path = "/home/${username}/.ssh/id_ed25519";
     mode = "0600";
-    owner = config.users.users.media.name;
+    owner = config.users.users.${username}.name;
   };
 
-  sops.secrets."ssh_keys/${user}/id_ed25519.pub" = {
-    path = "/home/${user}/.ssh/id_ed25519.pub";
+  sops.secrets."ssh_keys/${username}/id_ed25519.pub" = {
+    path = "/home/${username}/.ssh/id_ed25519.pub";
     mode = "0644";
-    owner = config.users.users.media.name;
+    owner = config.users.users.${username}.name;
   };
 
-#  # Need to change ownership of the secrets as they are created as root
-#  system.activationScripts.sopsSetAgeKeyOwnwership = ''
-#    mkdir -p /home/${user}/.config || true
-#    chown -R ${user}:users /home/${user}/.config
-#  '';
-
   services.flatpak.enable = true;
-  users.users.media = {
+  users.users.${username} = {
     packages = with pkgs; [
       flatpak
       gnome.gnome-software
@@ -77,7 +71,7 @@ in
   home-manager = {
     extraSpecialArgs = { inherit inputs; };
     users = {
-      ${user} = import ../../../../home/${hostname}.nix;
+      ${username} = import ../../../../home/${hostname}.nix;
     };
   };
 }

hosts/common/users/sam/default.nix

@@ -5,13 +5,12 @@ let
   sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/sam".path;
   secretsDirectory = builtins.toString inputs.nix-secrets;
   secretsFile = "${secretsDirectory}/secrets.yaml";
+  username = "sam";
 in 
 {
-  users.users.sam = {
-    mutableUsers = true;
+  users.users.${username} = {
     isNormalUser = true;
     shell = pkgs.zsh; # default shell
-    initialPassword = "nixos";
     hashedPasswordFile = sopsHashedPasswordFile;
     openssh.authorizedKeys.keys = lib.lists.forEach pubKeys (key: builtins.readFile key);
 
@@ -24,7 +23,7 @@ in
 
   };
 
-  sops.secrets."passwords/sam" = {
+  sops.secrets."passwords/${username}" = {
     sopsFile = "${secretsFile}";
     neededForUsers = true;
   };
@@ -34,7 +33,7 @@ in
   home-manager = {
     extraSpecialArgs = { inherit inputs; };
     users = {
-      sam = import ../../../../home/${hostname}.nix;
+      ${username} = import ../../../../home/${hostname}.nix;
     };
   };
 

hosts/nixdev/default.nix

@@ -1,5 +1,7 @@
 { inputs, config, lib, pkgs, outputs,... }:
-
+let
+  dev = "/dev/vda";
+in 
 {
   imports =
     [ 
@@ -18,21 +20,8 @@
 
     ];
   
-  nixpkgs = {
-      overlays = [
-        outputs.overlays.additions
-        outputs.overlays.modifications
-        outputs.overlays.unstable-packages
-      ];
-      config = {
-        allowUnfree = true;
-      };
-    };
-  
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
-
   boot.loader.grub.enable = true;
-  boot.loader.grub.device = "/dev/vda"; 
+  boot.loader.grub.device = "${dev}"; 
 
   networking = {
     hostName = "nixdev";
@@ -40,17 +29,8 @@
     enableIPv6 = false;
   };
 
-  time.timeZone = "Europe/London";
-
-  services.printing.enable = true;
-
   services.libinput.enable = true;
 
-  programs.gnupg.agent = {
-    enable = true;
-    enableSSHSupport = true;
-  };
-
   system.stateVersion = "23.11"; 
 
 }

hosts/sparky/default.nix

@@ -1,15 +1,14 @@
 { inputs, config, lib, pkgs, outputs,... }:
 let
-  sopsHashedPasswordFile = lib.optionalString (lib.hasAttr "sops-nix" inputs) config.sops.secrets."passwords/root".path;
+  dev = "/dev/vda";
 in 
 {
   imports =
     [ 
       # Disk configuration
       inputs.disko.nixosModules.disko
-      (import ../common/disks/std-disk-config.nix { device = "/dev/vda"; })
+      (import ../common/disks/std-disk-config.nix { device = ${dev}; })
       ../common/optional/btrfs-impermanence.nix
-      inputs.impermanence.nixosModules.impermanence
 
       # Create users for this host
       ../common/users/media
@@ -23,17 +22,6 @@ in
 
     ];
 
-  nixpkgs = {
-      overlays = [
-        outputs.overlays.additions
-        outputs.overlays.modifications
-        outputs.overlays.unstable-packages
-      ];
-      config = {
-        allowUnfree = true;
-      };
-    };
-
   fileSystems."/persist".neededForBoot = true;
   environment.persistence."/persist" = {
     hideMounts = true;
@@ -51,15 +39,6 @@ in
     ];
   };
 
-  users = {
-    mutableUsers = true;
-    extraUsers = {
-      root = {
-        hashedPasswordFile = sopsHashedPasswordFile;
-      };
-     };
-  };
-
   boot = {
     loader = {
       systemd-boot.enable = true;
@@ -74,9 +53,6 @@ in
     enableIPv6 = false;
   };
 
-  services = {
-    qemuGuest.enable = true;
-  };
   services.libinput.enable = true;
   services.displayManager.defaultSession = "cinnamon";
 
@@ -88,6 +64,5 @@ in
       };
   };
 
-  nix.settings.experimental-features = [ "nix-command" "flakes" ];
   system.stateVersion = "23.11";
 }